50653 matches found
Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java ChaChaPolyCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25021 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currently...
Hyland OnBase SQL Injection
CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...
COVR 3902 1.01B0 Hardcoded Credentials
Title: Telnet Hardcoded Credentials Summary: The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data Affected Firmware: COVR-3902REVAROUTERFIRMWAREv1.01B0 CV...
Go CGI / FastCGI Transport Cross Site Scripting
Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return...
Mara CMS 7.5 Remote Code Execution
Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...
Kamailio 5.4.0 Header Smuggling
Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date & issue patched by Kamailio: 2020-07-16 - Kamailio rewrite for header parser better fi...
Sagemcom F@ST 5280 Privilege Escalation
privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...
moziloCMS 2.0 Cross Site Scripting
Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...
Bagisto Credential Disclosure
Vendor: Bagisto https://bagisto.com/ Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database a...
Rebar3 3.13.2 Command Injection
Exploit Title: Rebar3 - OS command injection Date: 2020-06-03 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: https://rebar3.org Software Link: https://github.com/erlang/rebar3 Versions affected: 3.0.0-beta.3 - 3.13.2 CVE: CVE-2020-13802 1. Description: ---------------------- Rebar3...
Fuel CMS 1.4.8 SQL Injection
Exploit Title: Fuel CMS 1.4.8 - 'fuelreplaceid' SQL Injection Authenticated Date: 2020-08-19 Exploit Author: c0mpu7er(@ymbank.cn) Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.8.zip Version: 1.4.7 Tested on: PHP 5.4.45, Apache...
CMS Made Simple 2.2.14 Shell Upload
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
BlazeDVD 7.0 Professional Buffer Overflow
Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...
Online Book Store 1.0 SQL Injection
Title: Online Book Store 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14383/online-book-store.html Software Link: https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store Version: 1.0 Tested...
TP-Link WDR4300 Remote Code Execution
!/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using CVE-2017-13772. Tested on Firmware versions 3.13.33, Build 130618 and 3.14.3 Build 150518, hardware WDR4300 v1 Usage: 1...
WordPress Autoptimize 2.7.6 Shell Upload
Exploit Title: Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload Authenticated Date: 2020-08-24 Software Link: https://wordpress.org/plugins/autoptimize/ Author : SunCSR Team Version: v2.7.6 Tested on Ubuntu 18.04 / Kali Linux Reference: https://wpvulndb.com/vulnerabilities/10372...
SUPERAntiSpyware Professional X Trial Privilege Escalation
Exploit Title: SUPERAntiSpyware Professional X Trial 10.0.1206 Local Privilege Escalation Date: 2020-08-28 Exploit Author: b1nary Vendor Homepage: https://www.superantispyware.com/ Software Link: https://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE Version: 10.0.1206 lowe...
Symphony CMS 3.0.0 Cross Site Scripting
Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...
Nagios Log Server 2.1.6 Cross Site Scripting
Exploit Title: Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting Date: 2020-08-07 Vendor Homepage: https://www.nagios.com/products/nagios-log-server/ Vendor Changelog: https://www.nagios.com/downloads/nagios-log-server/change-log/ Exploit Author: Jinson Varghese Behanan @JinsonCyberSec...
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: ZTE mobile Hotspot MS910S vulnerable version: DLMF910SCNEUV1.00.01 fixed version: - CVE number: CVE-2019-3422 impact: High homepage:...
Mida eFramework 2.9.0 Remote Code Execution
Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...
Eikon Thomson Reuters 4.0.42144 File Permissions
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Extensive file permissions on service executable product: Eikon Thomson Reuters vulnerable version: 4.0.42144 fixed version: - CVE number: CVE-2019-10679 impact: High...
ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow
Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...
Chrome NewFixedArray Missing Array Size Check
Chrome: Missing array size check in NewFixedArray VULNERABILITY DETAILS V8 caps the number of elements a fixed array can contain1. Most of the code that needs to create or resize a fast JS array i.e. one that's backed by a fixed array rather than a dictionary ends up calling either the regular C+...
Linux CoW Incorrect Access Grant
Linux: CoW can wrongly grant write access because of pinned references or THP bug I've stumbled over two ways in which copy-on-write of anonymous memory after fork is currently broken: Page references through the page refcount and a bug in THP logic. == Page refcount isn't being accounted for ==...
LimeSurvey 4.3.10 Cross Site Scripting
Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...
Ericom Access Server 9.2.0 Server-Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ERICOM-ACCESS-SERVER-ACCESS-NOW-BLAZE-9.2.0-SERVER-SIDE-REQUEST-FORGERY.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.ericom.com Product Ericom Access Server x64...
OX App Suite / OX Documents XSS / SSRF / Bypass
Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that ti...
Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal
Eibiz i-Media Server Digital Signage 3.8.0 oldfile File Path Traversal Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business...
Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass
!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser Authentication Bypass Add Admin Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time t...
Seowon SlC 130 Router Remote Code Execution
Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkind=B05&middlekind=B0529 CVE:...
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business...
ElkarBackup 1.3.3 Cross Site Scripting
Exploit Title: ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Date: 2020-08-14 Exploit Author: Enes Özeser Vendor Homepage: https://www.elkarbackup.org/ Version: 1.3.3 Tested on: Linux 1- Go to following url. http://HOST/elkarbackup/login 2- Default username and password is root:root. We mus...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass
Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura from The Missing Link Website:...
Joomla Adagency 6.1.2 Cross Site Scripting
Exploit Title: Joomla! Adagency V 6.1.2 Cross Site Scripting Date: 24.07.2020 Author: Vincent666 ibn Winnie Software Link: https://adagency.ijoomla.com/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/...
Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal
Exploit Title: Ruijie Networks Switch eWeb S29RGOS 11.4 - Directory Traversal Exploit Author: Tuygun Date: 2020-08-19 Vendor Homepage: https://www.ruijienetworks.com/ Version: eWeb S29RGOS 11.41B12P11 Source : https://faruktuygun.com/directorytraversal.html Proof of Concept Request: GET...
PNPSCADA 2.200816204020 SQL Injection
Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Google Dork: - Date: 2020-08-17 Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ---------------------- PNPSCADA 2.200816204020...
Pharmacy Medical Store And Sale Point 1.0 SQL Injection
Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-18 Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Software Link:...
Tailor Management System 1.0 Persistent Cross Site Scripting
Title: Tailor Management System 1.0 - Stored Cross-Site Scripting Exploit Author: Ahmed Abbas Date: 2020-08-09 Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...
WordPress Elegant Testimonial 1.1.6 Persistent Cross Site Scripting
Exploit Title: WordPress Elegant Testimonial Plugin v1.1.6 - Persistent Cross-Site Scripting Date: 2020-08-18 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/wp-elegant-testimonial/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...
D-Link Central WiFi Manager CWM(100) Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Central WiFi Manager CWM100 RCE', 'Description' = %q This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manage...
vBulletin 5.6.2 Persistent Cross Site Scripting
Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...
WordPress Change Login Logo 1.0.1 Persistent Cross Site Scripting
Exploit Title: WordPress Change Login Logo Plugin v1.0.1 - Persistent Cross-Site Scripting Date: 2020-08-18 Vendor Homepage: http://www.boopathirajan.com/ Vendor Changelog: https://wordpress.org/plugins/change-login-logo/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...
WordPress Click To Top 1.2.7 Persistent Cross Site Scripting
Exploit Title: WordPress Click to top Plugin v1.2.7 - Persistent Cross-Site Scripting Date: 2020-08-18 Vendor Homepage: http://wpthemespace.com/ Vendor Changelog: https://wordpress.org/plugins/click-to-top/ Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...
Geutebruck testaction.cgi Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck testaction.cgi Remote Command Execution', 'Description' = %q This module exploits an authenticated arbitrary command execution...
Apache OFBiz XML-RPC Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...
WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting
Exploit Title: WordPress Responsive Lightbox2 Plugin v1.0.2 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/responsive-lightbox2/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...
Microsoft SharePoint Server 2019 Remote Code Execution
Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...
WordPress Fancybox Lightbox 1.0.1 Cross Site Scripting
Exploit Title: WordPress Fancybox Lightbox Plugin v1.0.1 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/wp-fancybox/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...