50786 matches found
Joomla! paGO Commerce 2.5.9.0 SQL Injection
Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...
Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path
Exploit Title: Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path Date: 2020-08-31 Exploit Author: Angelo D'Amato Vendor Homepage: https://www.rapid7.com Version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE ...
Microsoft Windows Finger Security Bypass / C2 Channel
Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WindowsTCPIPFingerCommandC2ChannelandBypassingSecuritySoftware.txt + twitter.com/hyp3rlinx +...
Pearson Vue VTS 2.3.1911 Unquoted Service Path
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Cross-Site Request Forgery Reboot Date: 2020-08-31 Exploit Author: Uriel Yochpaz and Jonatan Schor Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A...
Linux expand_downwards() / munmap() Race Condition
Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/compiler/windows' class MetasploitModule 'DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation', 'Description' = %q This module...
VTENEXT 19 CE Remote Code Execution
!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
Tea LaTex 1.0 Remote Code Execution
Exploit Title: Tea LaTex 1.0 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-09-01 Exploit Author: nepska Vendor Homepage: https://github.com/ammarfaizi2/latex.teainside.org Software Link: https://github.com/ammarfaizi2/latex.teainside.org Version: v1.0 Tested on: Kali linux /...
Gnome Fonts Viewer 3.34.0 Heap Corruption
!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Date: 2020-09-10 Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take ...
Tiandy IPC / NVR 9.12.7 Credential Disclosure
Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...
Mobile Shop System 1.0 SQL Injection
Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...
IlchCMS 2.1.37 Cross Site Scripting
Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting in IlchCMS Affected Software: IlchCMS Affected Versions: 2.1.37 Vendor Homepage: https://www.ilch.de/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...
ZTE F602W CAPTCHA Bypass
Exploit Title: ZTE Router F602W - Captcha Bypass Exploit Author: Hritik Vijay @MrHritik Vendor Homepage: https://zte.com.cn Reported: 2019-06-14 Version: F6x2W V6.0.10P2T2 Version: F6x2W V6.0.10P2T5 Tested on: F602W CVE: CVE-2020-6862 Background ----------- Captcha is used to make sure the form i...
CuteNews 2.1.2 Remote Code Execution
Exploit Title: CuteNews 2.1.2 - Remote Code Execution Google Dork: N/A Date: 2020-09-10 Exploit Author: Musyoka Ian Vendor Homepage: https://cutephp.com/cutenews/downloading.php Software Link: https://cutephp.com/cutenews/downloading.php Version: CuteNews 2.1.2 Tested on: Ubuntu 20.04, CuteNews...
Input Director 1.4.3 Unquoted Service Path
Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path Discovery Date: 2020-09-08 Response from Input Director Support: 09/09/2020 Exploit Author: TOUHAMI Kasbaoui Vendor Homepage: https://www.inputdirector.com/ Version: 1.4.3 Tested on: Windows Server 2012, Windows 10 Find...
Audio Playback Recorder 3.2.2 Local Buffer Overflow
Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...
ShareMouse 5.0.43 Unquoted Service Path
Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path Discovery Date: 2020-09-08 Discovery by: Alan Lacerda alacerda Vendor Homepage: https://www.sharemouse.com/ Software Link: https://www.sharemouse.com/ShareMouseSetup.exe Version: 5.0.43 Tested on OS: Microsoft Windows 1...
Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery
Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery change admin password Google Dork: inurl:scopia+index.jsp Date: 2020-09-09 Exploit Author: v1n1v131r4 Vendor Homepage: https://avaya.com Software Link:...
Yaws 2.0.7 XML Injection / Command Injection
Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS cfprefsd Arbitrary File Write Local Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write in cfprefsd on...
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Exploit Title: Joomla! Component GMapFP J3.5/J3.5F - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE:CVE-2020-23972 Description: An attacker...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vendor: Rapid7 Product web page: https://www.rapid7.com Affected version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 0 IGNORE BINARYPATHNAM...
Cabot 0.11.12 Cross Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
Grocy 2.7.1 Cross Site Scripting
Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currentl...
ManageEngine Applications Manager Authenticated Remote Code Execution
!/usr/bin/python3 Exploit Title: ManageEngine Applications Manager - Authenticated RCE via Java class reflection in Weblogic server test credential API Google Dork: None Date: 04-09-2020 Exploit Author: Hodorsec Vendor Homepage: https://manageengine.co.uk Vendor Vulnerability Description:...
Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25022 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is...
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W vulnerable version: =2.0.26 fixed version: CVE number: CVE-2020-16210, CVE-2020-16206,...
Hyland OnBase SQL Injection
CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...
Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java ChaChaPolyCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25021 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currently...
SiteMagic CMS 4.4.2 Shell Upload
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
Nord VPN 6.31.13.0 Unquoted Service Path
Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path Discovery Date: 2020-09-03 Discovery by: chipo Vendor Homepage: https://nordvpn.com Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Tested Version: 6.31.13.0 Tested on OS:...
COVR 3902 1.01B0 Hardcoded Credentials
Title: Telnet Hardcoded Credentials Summary: The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data Affected Firmware: COVR-3902REVAROUTERFIRMWAREv1.01B0 CV...
Go CGI / FastCGI Transport Cross Site Scripting
Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return...
Kamailio 5.4.0 Header Smuggling
Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date & issue patched by Kamailio: 2020-07-16 - Kamailio rewrite for header parser better fi...
Bagisto Credential Disclosure
Vendor: Bagisto https://bagisto.com/ Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database a...
Rebar3 3.13.2 Command Injection
Exploit Title: Rebar3 - OS command injection Date: 2020-06-03 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: https://rebar3.org Software Link: https://github.com/erlang/rebar3 Versions affected: 3.0.0-beta.3 - 3.13.2 CVE: CVE-2020-13802 1. Description: ---------------------- Rebar3...
Sagemcom F@ST 5280 Privilege Escalation
privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...
moziloCMS 2.0 Cross Site Scripting
Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...
Mara CMS 7.5 Remote Code Execution
Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...
CMS Made Simple 2.2.14 Shell Upload
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
BlazeDVD 7.0 Professional Buffer Overflow
Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...
Fuel CMS 1.4.8 SQL Injection
Exploit Title: Fuel CMS 1.4.8 - 'fuelreplaceid' SQL Injection Authenticated Date: 2020-08-19 Exploit Author: c0mpu7er(@ymbank.cn) Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.8.zip Version: 1.4.7 Tested on: PHP 5.4.45, Apache...
Online Book Store 1.0 SQL Injection
Title: Online Book Store 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14383/online-book-store.html Software Link: https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store Version: 1.0 Tested...
Symphony CMS 3.0.0 Cross Site Scripting
Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...
TP-Link WDR4300 Remote Code Execution
!/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using CVE-2017-13772. Tested on Firmware versions 3.13.33, Build 130618 and 3.14.3 Build 150518, hardware WDR4300 v1 Usage: 1...
Nagios Log Server 2.1.6 Cross Site Scripting
Exploit Title: Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting Date: 2020-08-07 Vendor Homepage: https://www.nagios.com/products/nagios-log-server/ Vendor Changelog: https://www.nagios.com/downloads/nagios-log-server/change-log/ Exploit Author: Jinson Varghese Behanan @JinsonCyberSec...