41207 matches found
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Date: 2020-01-01 Exploit Author: Raif Berkay Dincel Vendor Homepage: ibm.com Software...
Shopping Portal ProVersion 3.0 - Authentication Bypass
Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0...
Sony Playstation 4 (PS4) 6.72 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 6.72 - WebKit Code Execution PoC / badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmwar...
NextVPN v4.10 - Insecure File Permissions
NextVPN v4.10 - Insecure File Permissions Exploit Title: NextVPN v4.10 - Insecure File Permissions Date: 2019-12-23 Exploit Author: SajjadBnd Contact: [email protected] Vendor Homepage: https://vm3max.site Software Link:http://dl.spacevm.com/NextVPNSetup-v4.10.exe Version: 4.10 Tested on: Win10...
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version:...
elearning-script 1.0 - Authentication Bypass
elearning-script 1.0 - Authentication Bypass Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-29 Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version:...
HomeAutomation 3.3.2 - Authentication Bypass
HomeAutomation 3.3.2 - Authentication Bypass Exploit: HomeAutomation 3.3.2 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips...
FreeBSD-SA-19:02.fd - Privilege Escalation
FreeBSD-SA-19:02.fd - Privilege Escalation Exploit: FreeBSD-SA-19:02.fd - Privilege Escalation Date: 2019-12-30 Author: Karsten König of Secfault Security Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration CVE: CVE-2019-5596 libmap.conf primitive inspired by kcope's 2005...
HomeAutomation 3.3.2 - Remote Code Execution
HomeAutomation 3.3.2 - Remote Code Execution Exploit: HomeAutomation 3.3.2 - Remote Code Execution Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips...
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enabledisable alarm)
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery enabledisable alarm Exploit: AVE DOMINAplus 1.10.x - Cross-Site Request Forgery enable/disable alarm Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web...
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Exploit: AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62...
Domain Quester Pro 6.02 - Stack Overflow (SEH)
Domain Quester Pro 6.02 - Stack Overflow SEH Exploit Title: Domain Quester Pro 6.02 - Stack Overflow SEH Date: 2019-12-26 Exploit Author: boku Software Vendor: http://www.internet-soft.com/ Software Link: http://www.internet-soft.com/DEMO/questerprosetup.exe Version: Version 6.02 Tested on:...
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Exploit Title: XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery Add Admin Exploit Title: XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
WEMS BEMS 21.3.1 - Undocumented Backdoor Account Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...
RICOH Web Image Monitor 1.09 - HTML Injection
RICOH Web Image Monitor 1.09 - HTML Injection Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/ptop010.html...
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Heatmiser Netmonitor 3.03 - Hardcoded Credentials Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf...
Heatmiser Netmonitor 3.03 - HTML Injection
Heatmiser Netmonitor 3.03 - HTML Injection Exploit Title: Heatmiser Netmonitor 3.03 - HTML Injection Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software: Netmonitor...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on:...
FTP Navigator 8.03 - Stack Overflow (SEH)
FTP Navigator 8.03 - Stack Overflow SEH Exploit Title: FTP Navigator 8.03 - Stack Overflow SEH Date: December 28th, 2019 Exploit Author: boku Discovered by: Chris Inzinga Original DoS: FTP Navigator 8.03 - 'Custom Command' Denial of Service SEH Original DoS Link:...
Thrive Smart Home 1.1 - Authentication Bypass
Thrive Smart Home 1.1 - Authentication Bypass Exploit: Thrive Smart Home 1.1 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Thrive Product web page: http://www.thrivesmarthomes.com Affected version: 1.1 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID:...
AVE DOMINAplus 1.10.x - Authentication Bypass
AVE DOMINAplus 1.10.x - Authentication Bypass Exploit: AVE DOMINAplus 1.10.x - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID:...
AVE DOMINAplus 1.10.x - Credential Disclosure
AVE DOMINAplus 1.10.x - Credential Disclosure Exploit: AVE DOMINAplus 1.10.x - Credential Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID:...
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Exploit: FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Author: Karsten König of Secfault Security Date: 2019-12-30 Change line 719 to choose which vulnerability is targeted libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper Explo...
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery Add Admin Exploit Title: XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
Wing FTP Server 6.0.7 - Unquoted Service Path
Wing FTP Server 6.0.7 - Unquoted Service Path Exploit Title: Wing FTP Server 6.0.7 - Unquoted Service Path Date: 2019-12-30 Exploit Author: Nawaf Alkeraithe Vendor Homepage: https://www.wftpserver.com/ Version: 6.0.7 Tested on: Windows 10 CVE : N/A PoC: C:\Users\usersc qc "Wing FTP Server" SC...
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)
AVS Audio Converter 9.1.2.600 - Stack Overflow PoC Exploit Title: AVS Audio Converter 9.1.2.600 - Stack Overflow PoC Date: December 2019-12-28 Exploit Author: boku Original DoS: https://www.exploit-db.com/exploits/47788 Original DoS Author: ZwX Software Vendor: http://www.avs4you.com/ Software...
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
RICOH SP 4510SF Printer - HTML Injection
RICOH SP 4510SF Printer - HTML Injection Exploit Title: RICOH SP 4510SF Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/re1/model/sp4510/sp4510.htm Software: RICOH Printer Produ...
Django 3.0 2.2 1.11 - Account Hijack
Django 3.0 2.2 1.11 - Account Hijack EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47879.zip djangocve201919844poc PoC for CVE-2019-19844 Requirements - Python 3.7.x - PostgreSQL 9.5 or higher Setup 1. Create databasee.g. djangocve201919844p...
Prime95 Version 29.8 build 6 - Buffer Overflow (SEH)
Prime95 Version 29.8 build 6 - Buffer Overflow SEH Exploit Title: Prime95 Version 29.8 build 6 - Buffer Overflow SEH Date: 2019-12-22 Vendor Homepage: https://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v298b6.win32.zip Exploit Author: Achilles Tested Version: 29.8...
phpMyChat-Plus 1.98 - pmc_username Reflected Cross-Site Scripting
phpMyChat-Plus 1.98 - pmcusername Reflected Cross-Site Scripting Exploit Title: phpMyChat-Plus 1.98 - 'pmcusername' Reflected Cross-Site Scripting Date: 2019-12-19 Exploit Author: Chris Inzinga Vendor Homepage: http://ciprianmp.com/latest/ Download: https://sourceforge.net/projects/phpmychat/...
Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)
Microsoft Windows 10 BasicRender.sys - Denial of Service PoC Exploit Title: Microsoft Windows 10 BasicRender.sys - Denial of Service PoC Date: 2019-12-20 Exploit author: vportal Vendor homepage: http://www.microsoft.com Version: Windows 10 1803 x86 Tested on: Windows 10 1803 x86 CVE: N/A A Null...
FreeSWITCH 1.10.1 - Command Execution
FreeSWITCH 1.10.1 - Command Execution Exploit Title: FreeSWITCH 1.10.1 - Command Execution Date: 2019-12-19 Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on:...
FTP Navigator 8.03 - Custom Command Denial of Service (SEH)
FTP Navigator 8.03 - Custom Command Denial of Service SEH Exploit Title: FTP Navigator 8.03 - 'Custom Command' Denial of Service SEH Date: 2019-12-18 Exploit Author: Chris Inzinga Vendor Homepage: http://www.internet-soft.com/ Software Link:...
Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation
Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation Exploit Title: Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation Date: 2019-12-18 Exploit Author: Vulnerability-Lab Vendor Homepage:...
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Exploit Title: Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Google Dork: site:..com "Web File Manager" inurl:?login= Shodan Dork: Server: Rumpus Date: 2019-12-14 Exploit Author: Harshit Shukla, Sudeepto R...
AVS Audio Converter 9.1 - Exit folder Buffer Overflow
AVS Audio Converter 9.1 - Exit folder Buffer Overflow Exploit Title: AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow Exploit Author : ZwX Exploit Date: 2019-12-17 Vendor Homepage : http://www.avs4you.com/ Link Software : http://www.avs4you.com/avs-audio-converter.aspx Tested on OS: Window...
Telerik UI - Remote Code Execution via Insecure Deserialization
Telerik UI - Remote Code Execution via Insecure Deserialization See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with...
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
Tautulli 2.1.9 - Cross-Site Request Forgery ShutDown Exploit Title: Tautulli 2.1.9 - Cross-Site Request Forgery ShutDown Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://tautulli.com/ Software : https://github.com/Tautulli/Tautulli Product Version: v2.1.9 Platform: Window...
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery Add Admin Exploit Title: Xerox AltaLink C8035 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
macOS 10.14.6 18G87 - Kernel Use-After-Free due to Race Condition in waitfornamespaceevent The XNU function waitfornamespaceevent in bsd/vfs/vfssyscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fpfree, which unconditionally fre...
XnView 2.49.1 - Research Denial of Service (PoC)
XnView 2.49.1 - Research Denial of Service PoC Exploit Title: XnView 2.49.1 - 'Research' Denial of Service PoC Exploit Author : ZwX Exploit Date: 2019-12-17 Vendor Homepage : http://www.xnview.com Link Software : https://www.xnview.com/fr/xnview/downloads Tested on OS: Windows 7 ''' Proof of...
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Exploit Title: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Date: 2019-12-17 Exploit Author: MTK Vendor Homepage: https://sweethawk.co/zendesk/survey-app Software Link:...
Netgear R6400 - Remote Code Execution
Netgear R6400 - Remote Code Execution Exploit Title: Netgear R6400 - Remote Code Execution Date: 2019-12-14 Exploit Author: Kevin Randall CVE: CVE-2016-6277 Vendor Homepage: https://www.netgear.com/ Category: Hardware Version: V1.0.7.21.1.93 PoC !/usr/bin/python import urllib2 IPADDR =...
WordPress Core 5.3.x - xmlrpc.php Denial of Service
WordPress Core 5.3.x - xmlrpc.php Denial of Service !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries: prefi...
NopCommerce 4.2.0 - Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation Vulnerability Title: NopCommerce 4.2.0 - Privilege Escalation Author: Alessandro Magnosi d3adc0de Date: 2019-07-07 Vendor Homepage: https://www.nopcommerce.com/ Software Link : https://www.nopcommerce.com/ Tested Version: 4.2.0 Vulnerability Type: Privileg...
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Date: 2019-12-13 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link:...
Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds
Linux 5.3 - Privilege Escalation via iouring Offload of sendmsg onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG...