41207 matches found
Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)
Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Exploit Title: Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Date: 2018-04-23 Exploit Author: Marwan Shamel Software Link: https://filehippo.com/downloadfreedownloadmanager/925/ Version: v2.0 Built 417 Tested on:...
PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)
PRTG Network Monitor 18.1.39.1648 - Stack Overflow Denial of Service Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version:...
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free Pwn2Own 2017 PoC char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char...
Ncomputing vSpace Pro 1011 - Directory Traversal
Ncomputing vSpace Pro 1011 - Directory Traversal Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability Date: 2018-04-20 Software Vendor: NComputing Software Link: Author: Javier Bernardo Contact: [email protected] Website: http://www.kwell.net CVE: CVE-2018-10201...
Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution
Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution -- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational ...
Cobub Razor 0.8.0 - Physical Path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...
MySQL Squid Access Report 2.1.4 - SQL Injection Cross-Site Scripting
MySQL Squid Access Report 2.1.4 - SQL Injection Cross-Site Scripting Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL...
VX Search 10.6.18 - directory Local Buffer Overflow
VX Search 10.6.18 - directory Local Buffer Overflow !/usr/bin/python Title: VX Search 10.6.18 Local Buffer Overflow Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.vxsearch.com Version: 10.6.18 Date: 18/04/2018 Tested on: Windows 7...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage:...
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link:...
Kodi 17.6 - Persistent Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831...
PDFunite 0.41.0 - .pdf Local Buffer Overflow
PDFunite 0.41.0 - .pdf Local Buffer Overflow Exploit Title: PDFunite Malformed pdf buffer overflow Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/artful/+package/poppler-utils Software Link: https://launchpad.net/ubuntu/+source/poppler/0.57.0-2ubuntu4....
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Date: 03/24/2018 Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe...
Rvsitebuilder CMS - Database Backup Download
Rvsitebuilder CMS - Database Backup Download Exploit Title: Rvsitebuilder CMS Database Backup Download Exploit Author: Hesam Bazvand Contact: [email protected] Software Link: http://www.rvsitebuilder.com Version: All Version Tested on: Windows 7 / Kali Linux Category: WebApps Dork :...
Match Clone Script 1.0.4 - Cross-Site Scripting
Match Clone Script 1.0.4 - Cross-Site Scripting Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho...
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure ''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (Metasploit)
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002...
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Google Dork: N/A Date: 14-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...
Reaper 5.78 - Local Buffer Overflow
Reaper 5.78 - Local Buffer Overflow Exploit Title: Reaper 5.78 - Local Buffer Overflow Exploit Author: bzyo CVE: CVE-2018-9131 Date: 2018-03-30 Vulnerable Software: Reaper 5.78 Vendor Homepage: https://www.reaper.fm/ Version: 5.78 Software Link: https://www.reaper.fm/download.php Tested On: Windo...
Ultra MiniHTTPd 1.2 - GET Remote Stack Buffer Overflow PoC
Ultra MiniHTTPd 1.2 - GET Remote Stack Buffer Overflow PoC...
Brave Browser 0.13.0 - long alert() argument Denial of Service
Brave Browser 0.13.0 - long alert argument Denial of Service Exploit Title:Brave Browser...
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Date: 14.04.2018 Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678...
Brave Browser 0.13.0 - window.close(self) Denial of Service
Brave Browser 0.13.0 - window.closeself Denial of Service Exploit Title:Brave Browser Brave Window Object Remote Denial of Service. Brave Window Object Remote Denial of Service Proof of Concept Click the below link to Trigger the Vulnerability.. Brave Window Object DoS Test POC...
CloudMe Sync 1.11.0 - Local Buffer Overflow
CloudMe Sync 1.11.0 - Local Buffer Overflow Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0 Date: 08.03.2018 Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1110.exe Category: Local Exploit Discovery: Prasenjit Kanti Paul Web:...
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached...
Microsoft Windows - nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation) Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - nt!NtQueryVirtualMemory MemoryPrivilegedBasicInformation Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation 0x0 and MemoryPrivilegedBasicInformation 0x8 information classes discloses...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference...
Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10,...
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH)
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow SEH !/usr/bin/python Title: Zortam Mp3 Media Studio Local Buffer Overflow SEH Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.zortam.com/ Version: 23.45 Tested on: Windows 7 32 b...
Microsoft Windows - nt!NtQueryVirtualMemory (MemoryImageInformation) Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - nt!NtQueryVirtualMemory MemoryImageInformation Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation 0x6 information class discloses uninitialized kernel stack memory to user-mode clients...
Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 1...
Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryInformationTransactionManager TransactionManagerRecoveryInformation Kernel Pool Memory Disclosure / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose...
Microsoft Windows - nt!NtQueryFullAttributesFile Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryFullAttributesFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7...
Microsoft Windows - nt!NtQueryInformationProcess (ProcessImageFileName) Kernel 64-bit PoolStack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationProcess ProcessImageFileName Kernel 64-bit PoolStack Memory Disclosure / We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode...
Microsoft Windows - nt!NtQuerySystemInformation (SystemPageFileInformation(Ex)) Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - nt!NtQuerySystemInformation SystemPageFileInformationEx Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes disclose...
SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)
SysGauge Pro 4.6.12 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : SysGauge Pro v4.6.12 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software :...
Cobub Razor 0.8.0 - SQL injection
Cobub Razor 0.8.0 - SQL injection Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-80...
Barco ClickShare CSE-200 - Remote Denial of Service
Barco ClickShare CSE-200 - Remote Denial of Service !/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT...
Microsoft Edge - OpenProcess() ACG Bypass
Microsoft Edge - OpenProcess ACG Bypass Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...
AMD Plays.tv 1.27.5.0 - plays_service.exe Arbitrary File Execution
AMD Plays.tv 1.27.5.0 - playsservice.exe Arbitrary File Execution http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege:...
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
MikroTik 6.41.4 - FTP daemon Denial of Service PoC Title: MikroTik 6.41.4 Denial of service FTP daemon crash CVE: CVE-2018-10070 CWE: CWE-400 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Version : 6.41.4 Released 2018-Apr-05 | All Version Date: 13-05-2018...
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (PoC)
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution PoC !/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print '...
Microsoft Credential Security Support Provider - Remote Code Execution
Microsoft Credential Security Support Provider - Remote Code Execution credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla Convert Forms version 2.0.3 - Formula Injection CSV Injection Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link:...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Add Admin Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add admin account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE :...
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version...
DVD X Player Standard 5.5.3.9 - Buffer Overflow
DVD X Player Standard 5.5.3.9 - Buffer Overflow...