41207 matches found
HPE 7.2 - Java Deserialization
HPE 7.2 - Java Deserialization !/usr/bin/env python HPE/H3C IMC - Java Deserialization Exploit Version 0.1 Tested on Windows Server 2008 R2 Name HPE/H3C IMC Intelligent Management Center Java 1.8.091 Author: Raphael Kuhn Daimler TSS Special thanks to: Jan Esslinger @Hngan for the websphere exploi...
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is...
Apache 2.2.34 2.4.27 - OPTIONS Memory Leak
Apache 2.2.34 2.4.27 - OPTIONS Memory Leak !/usr/bin/env python3 Optionsbleed proof of concept test by Hanno Böck import argparse import urllib3 import re def testbleedurl, args: r = pool.request'OPTIONS', url try: allow = strr.headers"Allow" except KeyError: return False if allow in dup: return...
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath (Denial of Service)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the win32k.sys...
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
Digileave 1.2 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digileave 1.2 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digileave.asp?id=1 Demo:...
Microsoft Windows Kernel - win32k!NtGdiEngCreatePalette Stack Memory Disclosure
Microsoft Windows Kernel - win32k!NtGdiEngCreatePalette Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1276&desc=2 We have discovered that the nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to user-mo...
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed glyf Table win32k!fsc_CalcGrayRow (Denial of Service)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed glyf Table win32k!fscCalcGrayRow Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1274 We have encountered a number of Windows kernel crashes in the win32k.sys driver...
Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure
Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1275 We have discovered that the nt!NtGdiGetFontResourceInfoInternalW system call discloses portions of uninitialized kernel stack memory...
Microsoft Windows Kernel - win32k!NtQueryCompositionSurfaceBinding Stack Memory Disclosure
Microsoft Windows Kernel - win32k!NtQueryCompositionSurfaceBinding Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1307 We have discovered that the win32k!NtQueryCompositionSurfaceBinding system call discloses portions of uninitialized kernel stack memo...
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digiaffiliate.asp?id=7 Demo:...
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mo...
Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure
Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to...
Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure
Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1304 We have discovered that the win32k!NtGdiDoBanding system call discloses portions of uninitialized kernel stack memory to user-mode clients. More...
Microsoft Windows Kernel - win32k!NtGdiGetPhysicalMonitorDescription Stack Memory Disclosure
Microsoft Windows Kernel - win32k!NtGdiGetPhysicalMonitorDescription Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1268 We have discovered that the nt!NtGdiGetPhysicalMonitorDescription system call discloses portions of uninitialized kernel stack memo...
iBall ADSL2+ Home Router - Authentication Bypass
iBall ADSL2+ Home Router - Authentication Bypass Exploit Title: iBall ADSL2+ Home Router Authentication Bypass Vulnerability CVE: CVE-2017-14244 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: iBall ADSL2+ Home Router WRA150N...
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digirez 3.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo:...
Netdecision 5.8.2 - Local Privilege Escalation
Netdecision 5.8.2 - Local Privilege Escalation // Netdecision.cpp : Defines the entry point for the console application. / Exploit Title: Netdecision 5.8.2 - Local Privilege Escalation - Winring0x32.sys Date: 2017.09.17 Exploit Author: Peter Baris Vendor Homepage: www.netmechanica.com Software...
WordPress Plugin Content Timeline - SQL Injection
WordPress Plugin Content Timeline - SQL Injection Exploit Title: Multiple Blind SQL Injections Wordpress Plugin: Content Timeline Google Dork: - Date: September 16, 2017 Exploit Author: Jeroen - ITNerdbox Vendor Homepage: http://www.shindiristudio.com/ Software Link:...
PTCEvolution 5.50 - SQL Injection
PTCEvolution 5.50 - SQL Injection Exploit Title: PTCEvolution 5.50 - SQL Injection Dork: N/A Date: 15.09.2017 Vendor Homepage: http://ptcevolution.com/ Software Link: http://www.ptcevolution.com/demoo/ Demo: http://demo.ptcevolution.com/ Version: 5.50 Category: Webapps Tested on:...
Contact Manager 1.0 - femail SQL Injection
Contact Manager 1.0 - femail SQL Injection Exploit Title: Contact Manager 1.0 - SQL Injection Dork: N/A Date: 15.09.2017 Vendor Homepage: http://savsofteproducts.com/ Software Link: http://www.contactmanagerscript.com/download/contactmanager1380185909.zip Demo: http://contactmanagerscript.com/dem...
iTech Gigs Script 1.20 - cat SQL Injection
iTech Gigs Script 1.20 - cat SQL Injection Exploit Title: iTech Gigs Script v1.20 - SQL Injection Date: 2017-09-15 Exploit Author: 8bitsec Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Version: 1.20 Tested on: Kali Linux 2.0 | Mac OS 10.12.6...
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability CVE: CVE-2017-14243 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: UTStar...
PTC KSV1 Script 1.7 - type SQL Injection
PTC KSV1 Script 1.7 - type SQL Injection Exploit Title: PTC KSV1 Script 1.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/ptc-ksv1.php Demo: http://www.ksv1demo.gvmhosting.com/ Version: 1.7 Category: Webapps...
KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow (Metasploit)
KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'KingScada AlarmServer Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in KingScada 'James Fitts' , 'License' = MSFLICENSE,...
Enterprise Edition Payment Processor Script 3.7 - SQL Injection
Enterprise Edition Payment Processor Script 3.7 - SQL Injection Exploit Title: Enterprise Edition Payment Processor Script 3.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/payment-processor-script.php Demo:...
EMC AlphaStor Library Manager 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)
EMC AlphaStor Library Manager 4.0 build 910 - Opcode 0x4f Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'EMC AlphaStor Library Manager Opcode 0x4f', 'Description' = %q This module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version 'james...
Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)
Cloudview NMS 2.00b - Writable Directory Traversal Execution Metasploit require 'msf/core' class MetasploitModule "Cloudview NMS 2.00b Writable Directory Traversal Execution", 'Description' = %q This module exploits a vulnerability found in Cloudview NMS server. The software contains a directory...
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'EMC AlphaStor Device Manager Opcode 0x72', 'Description' = %q This module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is...
Justdial Clone Script - fid SQL Injection
Justdial Clone Script - fid SQL Injection Exploit Title: Justdial Clone Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/z1mt4303451/php-scripts/justdial-clone-script Demo:...
Adserver Script 5.6 - SQL Injection
Adserver Script 5.6 - SQL Injection Exploit Title: Adserver Script 5.6 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/adserverscript.php Demo: http://adserverscript.gvmhosting.com/ Version: 5.6 Category: Webapp...
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit)
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'haneWIN DNS Server Buffer Overflow', 'Description' = %q This module exploits a buffer overflow vulnerability found in haneWIN DNS Server 'james fitts' , 'License' = MSFLICENSE, 'References' =...
Theater Management Script - SQL Injection
Theater Management Script - SQL Injection Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo:...
Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass
Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass coding: utf-8 Exploit Title: Humax HG100R- Authentication Bypass Date: 14/09/2017 Exploit Author: Kivson Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-11435 The Humax Wi-Fi Router model HG100...
Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)
Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'Lockstep Backup for Workgroups %q This module exploits a stack buffer overflow found in Lockstep Backup for Workgroups 'james fitts' , 'License' = MSFLICENSE, 'Version' = '$Revision...
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution Metasploit require 'msf/core' class MetasploitModule 'EMC CMCNE Inmservlets.war FileUploadController Remote Code Execution', 'Description' = %q This module exploits a file upload vulnerability found in EMC Connectrix...
ICHelpDesk 1.1 - pk SQL Injection
ICHelpDesk 1.1 - pk SQL Injection Exploit Title: Support Tickets Helpdesk PHP Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/support-tickets-helpdesk-script.htm Demo:...
ICEstate 1.1 - id SQL Injection
ICEstate 1.1 - id SQL Injection Exploit Title: Real Estate Marketplace Site ASP.NET Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/real-estate-marketplace-site.htm Demo:...
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' =...
Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)
Indusoft Web Studio - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Indusoft Web Studio Directory Traversal', 'Description' = %q This module exploits a flaw found in Indusoft Web Studio 'James Fitts' , 'License' = MSFLICENSE, 'Version' =...
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'ZScada Net Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Z-Scada Net 2.0. The vulnerability is triggered when parsing the response to a Modbus...
Microsoft Windows .NET Framework - Remote Code Execution
Microsoft Windows .NET Framework - Remote Code Execution Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sample. Flow of the exploit: Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WS...
ICRestaurant software 1.4 - key SQL Injection
ICRestaurant software 1.4 - key SQL Injection Exploit Title: Restaurant Site Script 1.4 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/restaurant-site-script.htm Demo: http://icloudcenter.net/demos/icrestaurant/...
ICAffiliateTracking 1.1 - Authentication Bypass
ICAffiliateTracking 1.1 - Authentication Bypass Exploit Title: Affiliate Tracking Script 1.1 - Authentication Bypass Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/affiliates-tracking-script.htm Demo:...
ICJewelry 1.1 - key SQL Injection
ICJewelry 1.1 - key SQL Injection Exploit Title: Jewelry Store Site Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/jewelry-site-script.htm Demo: http://icloudcenter.net/demos/icjewelry/ Version: 1.1...
ICHotelReservation 3.3 - key SQL Injection
ICHotelReservation 3.3 - key SQL Injection Exploit Title: Hotel Reservation Site Script 3.3 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/hotel-reservation-site-script.htm Demo:...
Infinite Automation Mango Automation - Command Injection (Metasploit)
Infinite Automation Mango Automation - Command Injection Metasploit...
ICDoctor Appointment 1.3 - key SQL Injection
ICDoctor Appointment 1.3 - key SQL Injection Exploit Title: Doctor Appointment Script 1.3 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/doctor-appointment-script.htm Demo:...
IC-T-Shirt 1.2 - key SQL Injection
IC-T-Shirt 1.2 - key SQL Injection Exploit Title: Custom T-Shirt WebStore Script 1.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/t-shirt.htm Demo: http://icloudcenter.net/demos/ictshirt/ Version: 1.2 Category:...
ICSurvey 1.1 - SQL Injection
ICSurvey 1.1 - SQL Injection Exploit Title: ICSurvey- Survey Creating Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/survey-creating-script.htm Demo: http://icloudcenter.net/demos/icsurvey/ Version: 1....
ICLowBidAuction 3.3 - SQL Injection
ICLowBidAuction 3.3 - SQL Injection Exploit Title: Unique Low Bid Auction Script 3.3 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/unique-low-bid-auction-script.htm Demo:...