39001 matches found
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities
SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities. ======================================================================= title:...
Revive Adserver 4.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/...
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Vulnerability
Exploit Title: Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Discovery by: hyp3rlinx Date: 2019-12-03 Vendor Homepage: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery Exploit Author: Joas Antonio Vendor Homepage: intelbras.com.br Software Link: https://www.intelbras.com/pt-br/roteador-wireless-smart-dual-band-action-rf-1200...
Visual Studio 2008 - XML External Entity Injection Vulnerability
Exploit Title: Visual Studio 2008 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Software Link: Visual Studio 2008 Express IDE Tested Version: 2008 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source...
Anviz CrossChex 4.3.12 - Local Buffer Overflow Exploit
Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 = V4.3.12 Tested on: 4.3.8.0, 4.3.12 CVE : N/A More info:...
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Vulnerability
Exploit Title: Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Discovery by: hyp3rlinx Vendor Homepage: www.maxpcsecure.com Tested Version: 19.0.4.020 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Microsoft Excel 2016 1901 Import Error XML Injection Vulnerability
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-2016-v1901-IMPORT-ERROR-EXTERNAL-ENTITY-INJECTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Excel 2016 v1901 Microsoft Excel is a spreadsheet...
Allied Telesis AT-GS950/8 Directory Traversal Vulnerability
Exploit for hardware platform in category web applications ============================================= CVEID: CVE-2019-18922 NAME OF AFFECTED PRODUCT: Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 1.00.047 PROBLEM TYPE: Directory Traversal DESCRIPTION: A Directory Traversal in the We...
WordPress Plainview Activity Monitor 20161228 Remote Command Execution Exploit
WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activitiesoverview.php. Privileges are required in order to exploit...
OwnCloud 8.1.8 Username Disclosure Vulnerability
OwnCloud version 8.1.8 suffers from a username disclosure vulnerability. OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything...
Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection Vulnerability
NAPC Xinet interface Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginFormusername field when double quotes are used. + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities
Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software :...
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat pwn.c include include include void attributec...
FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption Vulnerability
Fortinet products, including FortiGate and Forticlient, regularly send information to Fortinet servers using XOR "encryption" with a static key. FortiClientWindows versions 6.0.6 and below, and FortiClientMac versions 6.2.1 and below. After this advisory was released, Fortinet has confirmed that...
Mersive Solstice 2.8.0 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk...
Android-Gif-Drawable Double-Free Vulnerability
A double free vulnerability in the DDGifSlurp function in decoding.c in libpldroidsonroidsgif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawab...
Debian pari/gp 2.x Arbitrary File Overwrite Vulnerability
pari/gp versions 2.9.1 on Debian Stretch and 2.11 on Debian Buster allow arbitrary file write and hence arbitrary code execution. pari/gp on debian stable allow arbitrary file write pari/gp is CAS computer algebra system. pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster allow...
SpotAuditor 5.3.2 - (Name) Denial of Service Exploit
Exploit Title: SpotAuditor 5.3.2 - 'Name' Denial Of Service Exploit Author : ZwX Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: email protected ''' Proof of...
SpotAuditor 5.3.2 - (Key) Denial of Service Exploit
Exploit Title: SpotAuditor 5.3.2 - 'Key' Denial of Service Exploit Author : ZwX Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 Social: twitter.com/ZwX2a ''' Proof of Concept PoC:...
TexasSoft CyberPlanet 6.4.131 - (CCSrvProxy) Unquoted Service Path Vulnerability
Exploit Title: TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path Exploit Author: Cristian Ayala G Vendor Homepage: https://tenaxsoft.com/index.html Software Link: https://tenaxsoft.com/descargas.html Version: 6.4.131 Tested on: Windows 10 Pro x64 Step to discover the unquoted...
Xiaomi Mi Box Display Corruption Exploit
The vulnerability allows rescaling and corrupting the Xiaomi Mi Box model: MIBOX3, build.id : MHC19 display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for...
Wordpress 5.3 - User Disclosure Exploit
Exploit for php platform in category web applications Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text...
GHIA CamIP 1.2 for iOS - (Password) Denial of Service Exploit
Exploit Title: GHIA CamIP 1.2 for iOS - 'Password' Denial of Service PoC Discovery by: Ivan Marmolejo Vendor Homepage: https://apps.apple.com/mx/app/ghia-camip/id1342090963 Software Link: App Store for iOS devices Tested Version: 1.2 Vulnerability Type: Denial of Service DoS Local Tested on OS:...
Microsoft DirectX SDK 2010 - (.PIXrun) Denial Of Service Exploit
Exploit Title: Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service PoC Exploit Author : ZwX Vendor Homepage : https://www.microsoft.com/ Link Software : https://www.microsoft.com/en-us/download/details.aspx?id=681 Tested on OS: Windows 7 Proof of Concept PoC: ======================= 1.Downlo...
SpotAuditor 5.3.2 - (Base64) Denial Of Service Exploit
Exploit Title: SpotAuditor 5.3.2 - 'Base64' Denial Of Service PoC Exploit Author : ZwX Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 ''' Proof of Concept PoC: ======================= 1.Download a...
InduSoft Web Studio 8.1 SP1 - (Atributos) Denial of Service Exploit
Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows ...
ClamAV < 0.102.0 - (bytecode_vm) Code Execution Exploit
!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname', 'debugprintstr', 'debugpr...
InTouch Machine Edition 8.1 SP1 - (Atributos) Denial of Service Exploit
Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Vendor Homepage: https://on.wonderware.com/ Software Link : https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS Local Tested on...
Easy-Hide-IP 5.0.0.3 - (EasyRedirect) Unquoted Service Path Vulnerability
Exploit Title: Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path Exploit Author: Rene Cortes S Vendor Homepage: https://easy-hide-ip.com Software Link: https://easy-hide-ip.com Version: 5.0.0.3 Tested on: Windows 7 Professional Service Pack 1 Step to discover the unquoted Service:...
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Vulnerability
Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability Class: Local...
VMware WorkStation 12.5.5 - Virtual Machine Escape Exploit
VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate because I'm not good at doing heap "fengshui" on winows...
Waves MaxxAudio Drivers 1.1.6.0 - (WavesSysSvc64) Unquoted Service Path Vulnerability
Exploit Title: Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.dell.com/ Software Link : https://www.dell.com/support/home/mx/es/mxbsdt1/drivers/driversdetails?driverid=vwpkk Tested Version: 1.1.6.0 Vulnerability Typ...
Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password. Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities I. VULNERABILITY...
VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit
VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...
SMPlayer 19.5.0 - Denial of Service Exploit
Title : SMPlayer 19.5.0 - Denial of Service PoC Tested on : Windows 7 64 bit Vulnerable Software: SMPlayer v 19.5.0 Exploit Author: Malav Vyas Vendor Homepage: https://smplayer.info Version : 19.5.0 Software Link : https://smplayer.info/en/downloads POC run this python file, which will generate...
GNU Mailutils 3.7 - Privilege Escalation Exploit
Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback Exploit
There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache Exploit
Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...
ProShow Producer 9.0.3797 - (ScsiAccess) Unquoted Service Path Vulnerability
Exploit Title: ProShow Producer 9.0.3797 - 'ScsiAccess' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-21 Vendor Homepage : http://www.photodex.com/ Link Software : http://files.photodex.com/release/pspro903797.exe Tested on OS: Windows 7 Analyze PoC : ==============...
LiteManager 4.5.0 - Insecure File Permissions Exploit
Exploit Title: LiteManager 4.5.0 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2019-11-21 Vendor Homepage : LiteManager Team Software Link: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on OS: Windows 7 Proof of Concept PoC:...
Network Management Card 6.2.0 - Host Header Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Network Management Card 6.2.0 - Host Header Injection Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link: https://www.apc.com/shop/in/en/products/Network-Management-Card...
OpenNetAdmin 18.1.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: OpenNetAdmin v18.1.1 RCE Exploit Author: mattpascoe Vendor Homepage: http://opennetadmin.com/ Software Link: https://github.com/opennetadmin/ona Version: v18.1.1 Tested on: Linux !/bin/bash URL="$1" while true;do echo -n "$ ";...
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs Exploit
Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this is attack surface from unprivileged userspace in the default...
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c: ================================================================== +define vmafputvma vmadofputvma, func, LINE...
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd Exploit
mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is com.apple.audio.AudioFileServer, a fairly simple XPC service which will parse...
WordPress Core 5.2.3 - Viewing Unauthenticated/Password/Private Posts Vulnerability
Exploit for multiple platform in category web applications WordPress Core 5.2.3 - Viewing Unauthenticated/Password/Private Posts So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc ...
Bludit - Directory Traversal Image File Upload Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...
Centova Cast 3.2.12 - Denial of Service Exploit
Exploit Title: Centova Cast 3.2.12 - Denial of Service PoC Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.12 Tested on: Debian 9, CentOS 7 =============================================== The Centova Cast becomes out of control and causes 100% CPU load on all...