Joomla! Component Joomanager 2.0.0 - com_Joomanager Arbitrary File Download (PoC)

Joomla! Component Joomanager 2.0.0 - comJoomanager Arbitrary File Download PoC Exploit Title: Joomla! Component Joomanager 2.0.0 - Arbitrary File Download Dork: N/A Date: 30.08.2017 Vendor Homepage: http://www.joomanager.com/ Software Link:...

PHP-SecureArea 2.7 - Multiple Vulnerabilities

PHP-SecureArea 2.7 - Multiple Vulnerabilities Exploit Title: PHP-SecureArea = v2.7 - SQL Injection Date: 30-08-2017 Exploit Author: Cryo Contact: https://twitter.com/KernelEquinox Vendor Homepage: https://www.withinweb.com Software Link: https://www.withinweb.com/phpsecurearea/ Version: 2.7 and...

Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service

Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle...

Metasploit 4.14.1-20170828 - Cross-Site Request Forgery

Metasploit 4.14.1-20170828 - Cross-Site Request Forgery Exploit Title: CSRF Date: Wed, Aug 30, 2017 Software Link: https://www.metasploit.com/ Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-15084 R7-2017-22 Category:...

Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection

Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection Exploit Title: Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection Dork: N/A Date: 30.08.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/ Demo:...

Brickcom IP Camera - Credentials Disclosure

Brickcom IP Camera - Credentials Disclosure 1. Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af,...

FineCMS 1.0 - Multiple Vulnerabilities

FineCMS 1.0 - Multiple Vulnerabilities Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...

User Login and Management - Multiple Vulnerabilities

User Login and Management - Multiple Vulnerabilities ----------------------------------------------------------------------------------- | |---------------------------------------------------------------------------------- 1 admin dashboard authentication bypass Description : An Attackers are abl...

D-Link DIR-600 - Authentication Bypass

D-Link DIR-600 - Authentication Bypass Exploit Title: D-Link DIR-600 - Authentication Bypass Absolute Path Traversal Attack CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12943 Date: 29-08-2017 Exploit Author: Jithin D Kurup Contact :...

PHP Search Engine 1.0 - SQL Injection

PHP Search Engine 1.0 - SQL Injection Exploit Title: PHP Search Engine 1.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://nelliwinne.net/ Software Link: https://www.codester.com/items/2975/php-search-engine-mysql-based-simple-site-search Demo:...

Car or Cab Booking Script - Authentication Bypass

Car or Cab Booking Script - Authentication Bypass ======================================================== Car or Cab Booking Script - SQL injection login bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular school...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)

NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...

Easy WMVASFASX to DVD Burner 2.3.11 - Local Buffer Overflow (SEH)

Easy WMVASFASX to DVD Burner 2.3.11 - Local Buffer Overflow SEH !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Easy WMV/ASF/ASX to DVD Burner 2.3.11 - 'Enter...

Easy RM RMVB to DVD Burner 1.8.11 - Local Buffer Overflow (SEH)

Easy RM RMVB to DVD Burner 1.8.11 - Local Buffer Overflow SEH !/usr/bin/python ======================================================================================================================== Exploit Author : Touhid M.Shaikh Exploit Title : Easy RM RMVB to DVD Burner 1.8.11 - 'Enter User...

Easy Web Search 4.0 - SQL Injection

Easy Web Search 4.0 - SQL Injection Exploit Title: Easy Web Search 4.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://nelliwinne.net/ Software Link: https://codecanyon.net/item/easy-web-search-php-search-engine-with-image-search-and-crawling-system/17574164 Demo:...

Login-Reg Members Management PHP 1.0 - Arbitrary File Upload

Login-Reg Members Management PHP 1.0 - Arbitrary File Upload Exploit Title: Login-Reg Members Management PHP 1.0 - Arbitrary File Upload Dork: N/A Date: 28.08.2017 Vendor Homepage : https://www.codester.com/user/mostalo Software Link:...

FTP Made Easy PRO 1.2 - SQL Injection

FTP Made Easy PRO 1.2 - SQL Injection Exploit Title: FTP Made Easy PRO 1.2 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://nelliwinne.net/ Software Link: https://codecanyon.net/item/ftp-made-easy-pro-php-multiple-ftp-manager-client-with-code-editor/17460747 Demo:...

Smart Chat 1.0.0 - SQL Injection

Smart Chat 1.0.0 - SQL Injection Exploit Title: Smart Chat - PHP Script 1.0.0 - Authentication Bypass Dork: N/A Date: 28.08.2017 Vendor Homepage: http://codesgit.com/ Software Link: https://www.codester.com/items/997/smart-chat-php-script Demo: http://demos.codesgit.com/smartchat/ Version: 1.0.0...

NethServer 7.3.1611 - Cross-Site Request Forgery Cross-Site Scripting

NethServer 7.3.1611 - Cross-Site Request Forgery Cross-Site Scripting NethServer 7.3.1611 Upload.json CSRF Script Insertion Vulnerability Vendor: NethServer.org Product web page: https://www.nethserver.org Affected version: 7.3.1611-u1-x8664 Summary: NethServer is an operating system for the Linu...

PHP Appointment Booking Script - Authentication Bypass

PHP Appointment Booking Script - Authentication Bypass ======================================================== Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin Proof of Concept : - http://localhost/appointment/adminlogin.php set username...

Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow (SEH)

Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow SEH Date: 28-08-2017 Exploit Author: Kishan Sharma Email : [email protected] Vulnerable Software: Easy Vedio to PSP Converter Vendor...

Flash Poker 2.0 - game SQL Injection

Flash Poker 2.0 - game SQL Injection Exploit Title: Flash Multiplayer Poker PHP Script 2.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.flashpoker.it/ Software Link: https://www.codester.com/items/559/flash-poker-v2-multiplayer-poker-php-script Demo:...

PHP Video Battle Script 1.0 - SQL Injection

PHP Video Battle Script 1.0 - SQL Injection Exploit Title: PHP Video Battle Script 1.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.rocky.nu/ Software Link: http://www.rocky.nu/product/php-video-battle/ Demo: http://videobattle.rocky.nu/ Version: 1.0 Category: Webapps...

Schools Alert Management Script - Authentication Bypass

Schools Alert Management Script - Authentication Bypass ======================================================== Schools Alert Management - SQL injection login bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular scho...

WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download

WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download Exploit Title: WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download Dork: N/A Date: 28.08.2017 Vendor Homepage: http://nelliwinne.net/ Software Link:...

Matrimonial Script 2.7 - Authentication Bypass

Matrimonial Script 2.7 - Authentication Bypass ======================================================== admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built upon Matrimonial Script as they can gain access to the admin panel and...

Apple iOS 10.3.1 - Kernel

Apple iOS 10.3.1 - Kernel Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices = 10.3.1 More general information...

Easy DVD Creator 2.5.11 - Local Buffer Overflow (SEH)

Easy DVD Creator 2.5.11 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy DVD Creator 2.5.11 - Buffer Overflow Windows 10 64bit, SEH Date: 26-08-2017 Exploit Author: tr0ubl3m4k3r Vulnerable Software: Easy DVD Creator Vendor Homepage: http://www.divxtodvd.net/ Version: 2.5.11 Softwa...

Disk Pulse Enterprise 9.9.16 - Remote Buffer Overflow (SEH)

Disk Pulse Enterprise 9.9.16 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Disk Pulse Enterprise 9.9.16 Remote SEH Buffer Overflow Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.diskpulse.com...

AutoCar 1.1 - category SQL Injection

AutoCar 1.1 - category SQL Injection Exploit Title: Auto Car - Car listing Script 1.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor: http://kamleshyadav.com/ Software Link: https://codecanyon.net/item/auto-car-car-listing-script/19221368 Demo: http://kamleshyadav.com/scripts/autocarpreview/...

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo:...

Disk Savvy Enterprise 9.9.14 - Remote Buffer Overflow (SEH)

Disk Savvy Enterprise 9.9.14 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Disk Savvy Enterprise 9.9.14 Remote SEH Buffer Overflow Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.disksavvy.com...

Joomla! Component OSDownloads 1.7.4 - SQL Injection

Joomla! Component OSDownloads 1.7.4 - SQL Injection Exploit Title: Joomla! Component OSDownloads 1.7.4 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://joomlashack.com/ Software Link:...

Joomla! Component Photo Contest 1.0.2 - SQL Injection

Joomla! Component Photo Contest 1.0.2 - SQL Injection Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: http://keenitsolution.com/ Software Link: https://codecanyon.net/item/photo-contest-joomla-extension/13268866 Demo:...

Sync Breeze Enterprise 9.9.16 - Remote Buffer Overflow (SEH)

Sync Breeze Enterprise 9.9.16 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Sync Breeze Enterprise v9.9.16 Remote SEH Buffer Overflow Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.syncbreeze.c...

Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow (SEH)

Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Dup Scout Enterprise v 9.9.14 Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.dupscout.com Software Link:...

Easy Video to iPodMP4PSP3GP Converter 1.5.20 - Local Buffer Overflow (SEH)

Easy Video to iPodMP4PSP3GP Converter 1.5.20 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - 'Enter User Name' Field Buffer Overflow SEH Date: 24-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable...

MP3 WAV to CD Burner 1.4.24 - Local Buffer Overflow (SEH)

MP3 WAV to CD Burner 1.4.24 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: MP3 WAV to CD Burner 1.4.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 24-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: MP3 WAV to CD Burner Vendor...

My Video Converter 1.5.24 - Local Buffer Overflow (SEH)

My Video Converter 1.5.24 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: My Video Converter 1.5.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 24-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: My Video Converter 1.5.24 Vendor...

Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow (SEH)

Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy AVI DivX Converter 1.2.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 24-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: Easy AVI DivX Converter...

Joomla! Component Bargain Product VM3 1.0 - product_id SQL Injection

Joomla! Component Bargain Product VM3 1.0 - productid SQL Injection Exploit Title: Joomla! Component Bargain Product VM3 1.0 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://www.weborange.eu/ Software Link:...

Joomla! Component Price Alert 3.0.2 - product_id SQL Injection

Joomla! Component Price Alert 3.0.2 - productid SQL Injection Exploit Title: Joomla! Component Price Alert 3.0.2 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://www.weborange.eu/ Software Link:...

LfSoOxxBtKDnFHl

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

127.0.0.1

A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...

Wireless Repeater BE126 - Local File Inclusion

Wireless Repeater BE126 - Local File Inclusion Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested...

libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities

libgig 4.0.0 LinuxSampler - Multiple Vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= https://www.linuxsampler.org/libgig/ libgig is a C++ library for loading, modifying existing and creating new Gigasampler .gig files and DLS Downloadable Sounds Level...

Disk Pulse Enterprise 9.9.16 - Import Command Local Buffer Overflow

Disk Pulse Enterprise 9.9.16 - Import Command Local Buffer Overflow !/usr/bin/python Exploit Title : Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 21/08/20...

Automated Logic WebCTRL 6.5 - Unrestricted File Upload Remote Code Execution

Automated Logic WebCTRL 6.5 - Unrestricted File Upload Remote Code Execution !/usr/bin/env python -- coding: utf8 -- Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC...

Disk Savvy Enterprise 9.9.14 - Import Command Local Buffer Overflow

Disk Savvy Enterprise 9.9.14 - Import Command Local Buffer Overflow !/usr/bin/python Exploit Title : Disk Savvy Enterprise v9.9.14 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : [email protected] Website : www.pyramidcyber.com Discovery Date :...

Automated Logic WebCTRL 6.5 - Local Privilege Escalation

Automated Logic WebCTRL 6.5 - Local Privilege Escalation Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior ALC WebCTRL,...