41207 matches found
Grandstream UCM6200 Series WebSocket 1.0.20.20 - user_password SQL Injection
Grandstream UCM6200 Series WebSocket 1.0.20.20 - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Discovery Date: 2020-03-30...
Grandstream UCM6200 Series CTI Interface - user_password SQL Injection
Grandstream UCM6200 Series CTI Interface - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
Zen Load Balancer 3.10.1 - Remote Code Execution
Zen Load Balancer 3.10.1 - Remote Code Execution Exploit Title: Zen Load Balancer 3.10.1 - Remote Code Execution Google Dork: no Date: 2020-03-28 Exploit Author: Cody Sixteen Vendor Homepage: https://code610.blogspot.com Software Link:...
Joomla! com_fabrik 3.9.11 - Directory Traversal
Joomla! comfabrik 3.9.11 - Directory Traversal Exploit Title: Joomla! comfabrik 3.9.11 - Directory Traversal Google Dork: inurl:"index.php?option=comfabrik" Date: 2020-03-30 Exploit Author: qw3rTyTy Vendor Homepage: https://fabrikar.com/ Software Link: https://fabrikar.com/downloads Version: 3.9...
10-Strike Network Inventory Explorer 9.03 - Read from File Buffer Overflow (SEH)(ROP)
10-Strike Network Inventory Explorer 9.03 - Read from File Buffer Overflow SEHROP Exploit Title: 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow SEHROP Date: 2020-03-30 Exploit Author: Hodorsec Version: 9.03 Software Link:...
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as...
Odin Secure FTP Expert 7.6.3 - Site Info Denial of Service (PoC)
Odin Secure FTP Expert 7.6.3 - Site Info Denial of Service PoC Exploit Title: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-27 Vendor Homepage: https://odin-secure-ftp-expert.jaleco.com/ Software Link Download :...
Microsoft Windows 10 (19031909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Local Privilege Escalation
Microsoft Windows 10 19031909 - SMBGhost SMB3.1.1 SMB2COMPRESSIONCAPABILITIES Local Privilege Escalation CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References...
Easy RM to MP3 Converter 2.7.3.700 - Input Local Buffer Overflow (SEH)
Easy RM to MP3 Converter 2.7.3.700 - Input Local Buffer Overflow SEH Exploit Title: Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow SEH Date: 2020-03-26 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.e...
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author:...
Everest 5.50.2100 - Open File Denial of Service (PoC)
Everest 5.50.2100 - Open File Denial of Service PoC Exploit Title: Everest 5.50.2100 - 'Open File' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-24 Software Link : http://www.lavalys.com/ Tested Version: 5.50.2100 Vulnerability Type: Denial of Service DoS Local Tested...
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Exploit Title: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Date: 2020-03-26 Exploit Author: hongphukt Vendor Homepage: https://www.jinfonet.com/ Software Link: https://www.jinfonet.com/product/download-jreport/ Version:...
TP-Link Archer C50 3 - Denial of Service (PoC)
TP-Link Archer C50 3 - Denial of Service PoC Exploit Title: TP-Link Archer C50 3 - Denial of Service PoC Date: 2020-01-25 Exploit Author: thewhiteh4t Vendor Homepage: https://www.tp-link.com/ Version: TP-Link Archer C50 v3 Build 171227 Tested on: Arch Linux x64 CVE: CVE-2020-9375 Description:...
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...
10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow SEH Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow SEH Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
Joomla! Component GMapFP 3.30 - Arbitrary File Upload Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-25 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version: Version J3.30pro Tested on: Ubuntu PoC:...
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Exploit Title: LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2019-03-24 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://lepton-cms.org/english/home.php Software Link:...
10-Strike Network Inventory Explorer - srvInventoryWebServer Unquoted Service Path
10-Strike Network Inventory Explorer - srvInventoryWebServer Unquoted Service Path Exploit Title: 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...
AVAST SecureLine 5.5.522.0 - SecureLine Unquoted Service Path
AVAST SecureLine 5.5.522.0 - SecureLine Unquoted Service Path Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link...
Veyon 4.3.4 - VeyonService Unquoted Service Path
Veyon 4.3.4 - VeyonService Unquoted Service Path Exploit Title: Veyon 4.3.4 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link:...
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson...
UCM6202 1.0.18.13 - Remote Command Injection
UCM6202 1.0.18.13 - Remote Command Injection Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...
UliCMS 2020.1 - Persistent Cross-Site Scripting
UliCMS 2020.1 - Persistent Cross-Site Scripting Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows...
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Google Dork: N/A Date: 2020-02-21 Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version:...
Joomla! com_hdwplayer 4.2 - search.php SQL Injection
Joomla! comhdwplayer 4.2 - search.php SQL Injection Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link:...
rConfig 3.9.4 - search.crud.php Remote Command Injection
rConfig 3.9.4 - search.crud.php Remote Command Injection Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link:...
FIBARO System Home Center 5.021 - Remote File Include
FIBARO System Home Center 5.021 - Remote File Include Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3,...
CyberArk PSMP 10.9.1 - Policy Restriction Bypass
CyberArk PSMP 10.9.1 - Policy Restriction Bypass Exploit Title: CyberArk PSMP 10.9.1 - Policy Restriction Bypass Google Dork: NA Date: 2020-02-25 Exploit Author: LAHBAL Said Vendor Homepage: https://www.cyberark.com/ Software Link: https://www.cyberark.com/ Version: PSMP = 11.1 Prerequisites Poli...
ProficySCADA for iOS 5.0.25920 - Password Denial of Service (PoC)
ProficySCADA for iOS 5.0.25920 - Password Denial of Service PoC Exploit Title: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service PoC Author: Ivan Marmolejo Date: 2020-03-22 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices...
Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Title: Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.exagate.com/ Software Link: https://www.exagate.com/sysguard-6001 Version: SYSGuard 6001 HTML...
VMware Fusion 11.5.2 - Privilege Escalation
VMware Fusion 11.5.2 - Privilege Escalation Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Date: 2020-03-17 Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software...
NetBackup 7.0 - NetBackup INET Daemon Unquoted Service Path
NetBackup 7.0 - NetBackup INET Daemon Unquoted Service Path Exploit Title: NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Discovery by: Alan Mondragon "El Masas" Discovery Date: 2020-03-17 Vendor Homepage: https://www.veritas.com/ Software Link : https://www.veritas.com/ Veritas...
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
Microtik SSH Daemon 6.44.3 - Denial of Service PoC Excploit Title: Microtik SSH Daemon 6.44.3 - Denial of Service PoC Author: Hosein Askari Date: 2020-03-18 Vendor Homepage: https://mikrotik.com/ Model: hAP lite Processor architecture: smips Affected Version: through 6.44.3 CVE: N/A Description: ...
Broadcom Wi-Fi Devices - KR00K Information Disclosure
Broadcom Wi-Fi Devices - KR00K Information Disclosure Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this...
Netlink GPON Router 1.0.11 - Remote Code Execution
Netlink GPON Router 1.0.11 - Remote Code Execution Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Date: 2020-03-17 Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls...
VMWare Fusion - Local Privilege Escalation
VMWare Fusion - Local Privilege Escalation Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusi...
Microsoft VSCode Python Extension - Code Execution
Microsoft VSCode Python Extension - Code Execution VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folder...
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
PHPKB Multi-Language 9 - Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...
MiladWorkShop VIP System 1.0 - lang SQL Injection
MiladWorkShop VIP System 1.0 - lang SQL Injection Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Date: 2020-03-03 Exploit Author: AYADI Mohamed email : [email protected] Vendor Homepage: https://miladworkshop.ir/ Softwar...
PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution
PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/...
PHPKB Multi-Language 9 - Authenticated Directory Traversal
PHPKB Multi-Language 9 - Authenticated Directory Traversal Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Date: 2020-03-05 Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link:...
Microsoft Windows 10 (19031909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow (PoC)
Microsoft Windows 10 19031909 - SMBGhost SMB3.1.1 SMB2COMPRESSIONCAPABILITIES Buffer Overflow PoC CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48216.zip Usage ./CVE-2020-0796.py servername This script...
Centos WebPanel 7 - term SQL Injection
Centos WebPanel 7 - term SQL Injection Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10...
Drobo 5N2 4.1.1 - Remote Command Injection
Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...
AnyBurn 4.8 - Buffer Overflow (SEH)
AnyBurn 4.8 - Buffer Overflow SEH Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Date: 2020-03-09 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterpri...
rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution
rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp//...
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link:...