Nsauditor 3.2.3 Denial Of Service

Exploit Title: Nsauditor 3.2.3 - Denial of Service PoC Date: 07/06/2021 Author: Erick Galindo Vendor Homepage: http://www.nsauditor.com Software http://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.3.0 Tested on: Windows 10 Pro x64 es Proof of Concept: 1.- Copy printed "AAAAA..."...

Backdoor.Win32.Neakse.bit Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/20863ba09c31037b1b3220fc6da100e1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Neakse.bit Vulnerability: Insecure Permissions Description: The malware creates two...

Rocket.Chat 3.12.1 NoSQL Injection / Code Execution

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...

Grav CMS 1.7.10 Server-Side Template Injection

Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Date: 06-06-2021 Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...

OptiLink ONT1GEW GPON 2.1.11_X101 Remote Code Execution

Exploit Title: OptiLink ONT1GEW GPON 2.1.11X101 Build 1127.190306 - Remote Code Execution Authenticated Date: 23/03/2021 Exploit Authors: Developed by SecNigma and Amal. Vendor Homepage: https://optilinknetwork.com/ Version: ONT1GEW V2.1.11X101 Build.1127.190306 Mitigation: Ask the vendor to issu...

Sticky Notes And Color Widgets 1.4.2 Denial Of Service

Exploit Title: Sticky Notes & Color Widgets 1.4.2 - Denial of Service PoC Date: 06-04-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/sticky-notes-color-widgets/id1476063010 Version: 1.4.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a...

Backdoor.Win32.Wollf.12 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/911e63e28b1d177120cca16eacf3b602.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.12 Vulnerability: Unauthenticated Remote Command Execution Description: The...

IcoFX 2.6 Buffer Overflow

Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...

Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff30fbee3724d80dcb9471c0b553c99a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Googite.a Vulnerability: Unauthenticated Open Proxy Description: Googite malwar...

WordPress wpDiscuz 7.0.4 Shell Upload

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Date: 2021-06-06 Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...

WordPress Smart Slider-3 3.5.0.8 Cross Site Scripting

Exploit Title: WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting XSS Exploit Author: Hardik Solanki Date: 05/06/2021 Software Link: https://wordpress.org/plugins/smart-slider-3/ Version: 3.5.0.8 Tested on Windows How to reproduce vulnerability: 1. Install WordPress 5.7....

My Notes Safe 5.3 Denial Of Service

Exploit Title: My Notes Safe 5.3 - Denial of Service PoC Date: 06-04-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/my-notes-safe/id689971781 Version: 5.3 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being...

HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover

Trovent Security Advisory 2104-02 Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-02 Affected product: HealthForYou & Sanitas HealthCoach mobile and web...

Inkpad Notepad And To Do List 4.3.61 Denial Of Service

Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service PoC Date: 2021-06-03 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=esMX Version: 4.3.61 Category: DoS Android Vulnerability InkPad Bloc de notas - Tare...

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration

Trovent Security Advisory 2104-01 User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...

FileCOPA FTP Server 1.01 Denial Of Service

!/usr/bin/perl e-mail: [email protected] Date: 04/06/2021 Version Vulnerable: FileCOPA FTP Server 1.01 OS Tested: Windows XP PACK 3 Brazilian e Windows 2000 Youtube video: https://youtu.be/A9cEoyY9Bd4 badchars \0x00\0x0a use Net::FTP; use Term::ANSIColor; $sis="$^O"; print $sis; if $sis...

SuiteCRM Log File Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

Macaron Notes Great Notebook 5.5 Denial Of Service

Exploit Title: Macaron Notes great notebook 5.5 - Denial of Service PoC Date: 06-04-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/macaron-notes-great-notebook/id1079862221 Version: 5.5 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a lo...

Backdoor.Win32.Androm.df Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bf60f5b5c901bab08484838447f1b85e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Androm.df Vulnerability: Unauthenticated Remote Command Execution Description: The...

Gitlab 13.10.2 Remote Code Execution

Exploit Title: Gitlab 13.10.2 - Remote Code Execution Authenticated Date: 04/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.10.3 Tested On: Ubuntu 20.04 Environment: Gitlab 13.10.2 CE Credits:...

Color Notes 1.4 Denial Of Service

Exploit Title: Color Notes 1.4 - Denial of Service PoC Date: 06-04-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/gt/app/color-notes/id830515136 Version: 1.4 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being used...

Cisco HyperFlex HX Data Platform Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in Cisco...

FUDForum 3.1.0 Cross Site Scripting

Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...

CHIYU IoT Denial Of Service

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...

Microsoft RDP Remote Code Execution

!/usr/bin/python import socket from OpenSSL import from struct import pack, unpack from sys import argv, exit class x224ConnectionRequestPacket: def initself: total of 8 bytes self.rdpNegReq = pack ' 1110 E CDT - 0000 0 for class 0 and 1 0, dest-ref , 2 bytes fuzzable 0, src-ref , 2 bytes fuzzabl...

Blacknote 2.2.1 Denial Of Service

Exploit Title: Blacknote 2.2.1 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=esMX Version: 2.2.1 Category: DoS Android Vulnerability BlackNote Bloc de notas is vulnerable to a DoS...

Cisco SD-WAN vManage 19.2.2 Remote Root

Cisco SD-WAN vManage 19.2.2 Remote Root Shell PoC / This PoC exploits CVE-2020–3387 through CVE-2020–3437 / function exploit var payload = new Image1,1; payload.src =...

ColorNote 4.1.9 Denial Of Service

Exploit Title: ColorNote 4.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=esMX Version: 4.1.9 Category: DoS Android Vulnerability Color Note is vulnerable to a DoS...

CHIYU IoT Telnet Authentication Bypass

Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware...

PHP 8.1.0-dev User-Agentt Remote Code Execution

Exploit Title: PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Date: 23 may 2021 Exploit Author: flast101 Vendor Homepage: https://www.php.net/ Software Link: - https://hub.docker.com/r/phpdaily/php - https://github.com/phpdaily/php Version: 8.1.0-dev Tested on: Ubuntu 20.04 References: -...

4Images 1.8 Cross Site Scripting

Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...

Notepad Notes 2.6.7 Denial Of Service

Exploit Title: Notepad notes 2.6.7 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.hlcsdev.x.notepad&hl=esMX Version: 2.6.7 Category: DoS Android Vulnerability Bloc de notas is vulnerable to a DoS condition when a...

BasicNote 1.1.9 Denial Of Service

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is...

Gitlab 13.9.3 Remote Code Execution

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Date: 02/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/11254...

Exim base64d Buffer Overflow

!/usr/bin/python import sys import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s = socket.createconnectionhost,port f = s.makefile'rw', bufsize=0...

VMware ESXi OpenSLP Heap Overflow

!/usr/bin/python3 CVE-2021-21974 PoC Exploit By: Johnny Yu @staightblast Tested against: 1 VMware ESXi 6.7.0 build-14320388 ; VMware ESXi 6.7.0 Update 3 2 VMware ESXi 6.7.0 build-16316930 ; VMware ESXi 6.7.0 Update 3 import sys import time import trace import queue import struct import socket...

Apache Airflow 1.10.10 Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

Backdoor.Win32.Delf.acz Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/065d89c63fa1057de98c727d4b044b98.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.acz Vulnerability: Remote Stack Buffer Overflow SEH Description: The malware...

Cacti 1.2.12 SQL Injection / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/hashes/identify' class MetasploitModule 'Cacti color filter authenticated SQLi to RCE', 'Description' = %q This module exploits a SQL...

Local Service Search Engine Management System 1.0 SQL Injection

Exploit Title: SQL injection, bypass the login page, Local Service Search Engine Management System 1.0 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 06.02.2021 Vendor:...

Thecus N4800Eco Command Injection

Exploit Title: Thecus N4800Eco Nas Server Control Panel - Comand Injection Date: 01/06/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: http://www.thecus.com/ Software Link: http://www.thecus.com/product.php?PRODID=83 Version: N4800Eco Description:...

Intel Audio Service 01.00.1080.0 Unquoted Service Path

Exploit Title: IntelR Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path Date: 06-01-2021 Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 01.00.1080.0 File Version: 1.00.1080.0 Tested on: Microsoft® Windows 10 Home Single Language...

Seo Panel 4.8.0 Cross Site Scripting

Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Date: 21-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417...

GetSimple CMS 3.3.4 Information Disclosure

Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Date 01.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...

Products.PluggableAuthService 2.6.0 Open Redirect

Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect Exploit Author: Piyush Patil Affected Component: Pluggable Zope authentication/authorization framework Component Link: https://pypi.org/project/Products.PluggableAuthService/ Version: =2.6.1"...

LogonTracer 1.2.0 Remote Code Execution

Exploit Title: LogonTracer 1.2.0 - Remote Code Execution Unauthenticated Date: 29/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.jpcert.or.jp/ Software Link: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.0 Version: 1.2.0 and earlier Tested on: Version 1.2.0 on Debian...

Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Korenix Technology products: Korenix: JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet...

ProjeQtOr Project Management 9.1.4 Shell Upload

Exploit Title: ProjeQtOr Project Management 9.1.4 - Remote Code Execution Date: 29.05.2021 Exploit Author: Temel Demir Vendor Homepage: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV9.1.4.zip Version: v9.1.4 Tested on: Laragon @WIN10...

Backdoor.Win32.Wisell Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eba4ce50a036a196484715f60c8a449b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...