SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting Cross site request forgery Authentication bypass

SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting Cross site request forgery Authentication bypass Exploit Title: SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Date: 2018-05-17 Exploit...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1...

Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting

Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting Date: 2018-05-16 Exploit Author: L0RD Vendor Homepage:...

Rockwell Scada System 27.011 - Cross-Site Scripting

Rockwell Scada System 27.011 - Cross-Site Scripting Exploit Title: Rockwell Scada System - Cross-Site Scripting Date: 2018-05-16 Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link:...

Horse Market Sell Rent Portal Script 1.5.7 - Cross-Site Request Forgery

Horse Market Sell Rent Portal Script 1.5.7 - Cross-Site Request Forgery Exploit Title: Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery Date: 2018-05-15 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/horse-market-sell-rent-portal/14174352?srank=1725 CVE...

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

VirtueMart 3.1.14 - Persistent Cross-Site Scripting Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMar...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy...

WhatsApp 2.18.31 - Memory Corruption

WhatsApp 2.18.31 - Memory Corruption !/usr/bin/env python -- coding: utf-8 -- Exploit Author: Juan Sacco at Exploit Pack - http://www.exploitpack.com This vulnerability has been discovered and exploited using Exploit Pack - Framework Tested on: iPhone 5/6s/X iOS 10 and 11.3 Latest release of iOS ...

WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or...

RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting

RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: R...

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after proces...

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

XATABoost 1.0.0 - SQL Injection

XATABoost 1.0.0 - SQL Injection Exploit Title: XATABoost CMS Sql Injection Google Dork: inurl:php?id= Powered by XATABOOST Date: 02.01.2018 Exploit Author: MgThuraMoeMyint Vendor Homepage: http://www2.xataboost.com Version: 1.0.0 Tested on: Kali Linux SQL Injection Type: Union Based Example URL:...

2345 Security Guard 3.7 - 2345NsProtect.sys Denial of Service

2345 Security Guard 3.7 - 2345NsProtect.sys Denial of Service Exploit Title: BSOD by IOCTL 0x8000200D in 2345NsProtect.sys of 2345 Security Guard 3.7 Date: 20180513 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe...

Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution

Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- Tested in Windows Server 2003 SP2 ES - Only works when RRAS service is enabled. The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIBOPAQUEQUERY...

WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting

WUZHI CMS 4.1.0 - tagpinyin Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An...

WUZHI CMS 4.1.0 - form[qq_10] Cross-Site Scripting

WUZHI CMS 4.1.0 - formqq10 Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An...

2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service

2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service Exploit Title: BSOD by IOCTL 0x002220e0 in 2345BdPcSafe.sys of 2345 Security Guard 3.7 Date: 20180509 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe...

EMC RecoverPoint 4.3 - Admin CLI Command Injection

EMC RecoverPoint 4.3 - Admin CLI Command Injection Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint fo...

Open-AudIT Community 2.2.0 - Cross-Site Scripting

Open-AudIT Community 2.2.0 - Cross-Site Scripting Exploit Title: Open-AudIT Community - 2.2.0 – Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.2.0 Category: WebApps Tested...

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting Exploit Title: Open-AudIT Professional 2.1.1 – Multiple Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.1.1 Category:...

Dell Touchpad - ApMsgFwd.exe Denial of Service

Dell Touchpad - ApMsgFwd.exe Denial of Service / Title: Dell Touchpad - ApMsgFwd.exe Denial Of Service Author: Souhail Hammou Vendor Homepage: https://www.alps.com/ Tested on : Alps Pointing-device Driver 10.1.101.207 CVE: CVE-2018-10828 / include include include / Details: ========== ApMsgFwd.ex...

ModbusPal 1.6b - XML External Entity Injection

ModbusPal 1.6b - XML External Entity Injection + Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version:...

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914...

Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery

Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery Exploit Title: Fastweb FASTgate 0.00.47 CSRF Date: 09-05-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/...

Allok Video Splitter 3.1.12.17 - Denial of Service

Allok Video Splitter 3.1.12.17 - Denial of Service Exploit Title: Allok Video Splitter 3.1.1217 Date: 2018-05-09 Exploit Author: Achilles Vendor Homepage: http://www.alloksoft.com/ Vulnerable Software: http://www.alloksoft.com/allokvsplitter.exe Tested on OS: Windows 7 64-bit DE Steps to reproduc...

Microsoft Windows FxCop 1012 - XML External Entity Injection

Microsoft Windows FxCop 1012 - XML External Entity Injection Exploit Title: Microsoft Windows FxCop 10/12 - XML External Entity Injection Date: 2018-03-15 Exploit Author: Debashis Pal Vendor Homepage: www.microsoft.com Version: Microsoft Windows "FxCop" v10-12 CVE : N/A Greetz:...

2345 Security Guard 3.7 - 2345NetFirewall.sys Denial of Service

2345 Security Guard 3.7 - 2345NetFirewall.sys Denial of Service / Exploit Title: 2345 Security Guard 3.7 - Denial of Service Date: 2018-05-08 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 Tested on:...

FTPShell Client 6.7 - Buffer Overflow

FTPShell Client 6.7 - Buffer Overflow -- coding: utf-8 -- Exploit Title: FTPShell Client 6.7 - Remote Buffer Overflow Date: 2018-01-03 Exploit Author: Sebastián Castro @r4wd3r Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/download.htm Version: 6.7 Teste...

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow SEH Exploit Title: DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow SEH Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://www.devicelock.com/freeware.html/ Version: 5.72 CVE : CVE-2018-10655 Securi...

HWiNFO 5.82-3410 - Denial of Service

HWiNFO 5.82-3410 - Denial of Service !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: HWiNFO 5.82-3410 - Denial of Service Date: 05-04-18 Vulnerable Software: HWiNFO 5.82-3410 Vendor Homepage: https://www.hwinfo.com/ Version: 5.82-3410 Software Link:...

CSP MySQL User Manager 2.3.1 - Authentication Bypass

CSP MySQL User Manager 2.3.1 - Authentication Bypass Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link:...

WordPress Plugin User Role Editor 4.25 - Privilege Escalation

WordPress Plugin User Role Editor 4.25 - Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The...

GNU wget - Cookie Injection

GNU wget - Cookie Injection GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server...

Google Chrome V8 - Object Allocation Size Integer Overflow

Google Chrome V8 - Object Allocation Size Integer Overflow There's an integer overflow in computing the required allocation size when instantiating a new javascript object. See the following code in objects.cc // static bool JSFunction::CalculateInstanceSizeForDerivedClass Handle function,...

IceWarp Mail Server 11.1.1 - Directory Traversal

IceWarp Mail Server 11.1.1 - Directory Traversal Vendor: IceWarp http://www.icewarp.com Product: IceWarp Mail Server Version affected: 11.1.1 and below Product description: IceWarp WebMail provides web-based access to email, calendars, contacts, files and shared data from any computer with a...

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting Exploit Title: WF Cookie Consent - Authenticated Persistent Cross-Site Scripting Date: 23/04/2018 Exploit Author: B0UG Vendor Homepage: http://www.wunderfarm.com/ Software Link: https://en-gb.wordpress.org/plugins/wf-cookie-consent/...

JasperReports - (Authenticated) File Read

JasperReports - Authenticated File Read TIBCO’s JasperReports string = wrapper.getParameterValues"page" To: getResource @ DirResourceSet.java:101 file = new File/home/rhino/jasperreports...mcat/webapps/jasperserver,"/WEB-INF/jsp/modules/administer/adminImport.jsp" Due to a lack of input validatio...

GPON Routers - Authentication Bypass Command Injection

GPON Routers - Authentication Bypass Command Injection !/bin/bash echo "+ Sending the Command… " We send the commands with two modes backtick and semicolon ; because different models trigger on different devices curl -k -d "XWebPageName=diag&diagaction=ping&wanconlist=0&desthost=$2;$2&ipv=0"...

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow Date: 2018-05-02 Exploit Author: Marwan Shamel Software Link: https://downloads.tomsguide.com/MPEG-Easy-Burner,0301-10418.html Version: 1.7.11 Tested...

Exim 4.90.1 - base64d Remote Code Execution

Exim 4.90.1 - base64d Remote Code Execution !/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s =...

Adobe Reader PDF - Client Side Request Injection

Adobe Reader PDF - Client Side Request Injection % a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Page...

TBK DVR4104 DVR4216 - Credentials Leak

TBK DVR4104 DVR4216 - Credentials Leak -- coding: utf-8 -- import json import requests import argparse import tableprint as tp class Colors: BLUE = '\03394m' GREEN = '\03332m' RED = '\0330;31m' DEFAULT = '\0330m' ORANGE = '\03333m' WHITE = '\03397m' BOLD = '\0331m' BRCOLOUR = '\0331;37;40m' banne...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service What do you need to know? Tenable Research has discovered a critical remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. What's the attack vector? The...

Call of Duty Modern Warefare 2 - Buffer Overflow

Call of Duty Modern Warefare 2 - Buffer Overflow A few years ago, I became aware of a security issue in most Call of Duty games. Although I did not discover it myself, I thought it might be interesting to see what it could be used for. Without going into detail, this security issue allows users...

WebKit - WebCore::jsElementScrollHeightGetter Use-After-Free

WebKit - WebCore::jsElementScrollHeightGetter Use-After-Free input:enabled content: urlfoo; padding-top: 0vmin .class4 -webkit-transform: scale1, 255; function jsfuzzer document.head.appendChildkg; var test = input.scrollHeight; ::ptr const...

Norton Core Secure WiFi Router - BLE Command Injection (PoC)

Norton Core Secure WiFi Router - BLE Command Injection PoC PoC command injection in BLE service of Norton Core Secure WiFi Router CVE-2018-5234 For more information read paper. To demonstrate the exploitation, we will use: - OS GNU/Linux; - Bluetooth dongle adapter; - BlueZ utility for testing...

Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery

Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery SSRF（Server Side Request Forgery） in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" laste...

LibreOfficeOpen Office - .odt Information Disclosure

LibreOfficeOpen Office - .odt Information Disclosure ! /usr/bin/python Exploit Title: Malicious ODF File Creator Date: 1st May 2018 Exploit Author: Richard Davy Vendor Homepage: https://www.libreoffice.org/ Software Link: https://www.libreoffice.org/ Version: LibreOffice 6.0.3, OpenOffice 4.1.5...

WordPress Plugin Responsive Cookie Consent 1.7 1.6 1.5 - (Authenticated) Persistent Cross-Site Scripting

WordPress Plugin Responsive Cookie Consent 1.7 1.6 1.5 - Authenticated Persistent Cross-Site Scripting Exploit Title: Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting Date: 2018-04-20 Exploit Author: B0UG Vendor Homepage:...