39001 matches found
rimbalinux AhadPOS 1.11 - (alamatCustomer) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/rimbalinux/AhadPOS Software Link: https://github.com/rimbalinux/AhadPOS.git Version: 1.11 Tested on: CentOS 7 CVE...
WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive Exploit
VULNERABILITY DETAILS bool JSObject::putInlineSlowExecState exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot ASSERT!isThisValueAlteredslot, this; VM& vm = exec-vm; auto scope = DECLARETHROWSCOPEvm; JSObject obj = this; for ;; unsigned attributes; PropertyOffset offset =...
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Exploit
On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....
html5_snmp 1.11 - (Router_ID) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for...
html5_snmp 1.11 - (Remark) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: html5snmp 1.11 - 'Remark' Persistent Cross-Site Scripting Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7...
SD.NET RIM 4.7.3c - (idtyp) SQL Injection Vulnerability
Exploit for asp platform in category web applications Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlich...
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Vulnerability
Exploit for hardware platform in category web applications Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541 Advisory URL:...
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects Exploit
The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std::removepointer::type::info ../../So...
Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...
FileOptimizer 14.00.2524 - Denial of Service Exploit
Exploit Title: FileOptimizer 14.00.2524 - Denial of Service PoC Exploit Author: Chase Hatch SYANiDE Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/ Software Link: https://sourceforge.net/projects/nikkhokkho/files/FileOptimizer/14.00.2524/FileOptimizerSetup.exe/download Version:...
thejshen Globitek CMS 1.4 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested...
QNAP NetBak Replicator 4.5.6.0607 - (QVssService) Unquoted Service Path Vulnerability
Exploit Title: QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path Exploit Author: Ivan Marmolejo Vendor Homepage: https://www.qnap.com/en/ Software Link: https://www.qnap.com/en/download Version: 4.5.6.0607 Vulnerability Type: Local Tested on: Windows XP Profesional Español S...
thrsrossi Millhouse-Project 1.414 - (content) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting Exploit Author: Cakes Vendor Homepage: https://github.com/thrsrossi/Millhouse-Project Software Link: https://github.com/thrsrossi/Millhouse-Project.gi...
Wacom WTabletService 6.6.7-3 - (WTabletServicePro) Unquoted Service Path Vulnerability
Exploit Title: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path Discovery by: Marcos Antonio León psk Discovery Date: 2019-11-04 Vendor Homepage: https://www.wacom.com Software Link : http://cdn.wacom.com/U/drivers/IBMPC/pro/WacomTablet637-3.exe Tested Version: 6.3.7.3...
Network Inventory Advisor 5.0.26.0 - (niaservice) Unquoted Service Path Vulnerability
Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path Exploit Author: Samuel DiazL Vendor Homepage: https://www.network-inventory-advisor.com/ Software Link: https://www.network-inventory-advisor.com/download.html Version: 5.0.26.0 Tested on: Microsoft Windows 10...
Aida64 6.10.5200 - Buffer Overflow (SEH) Exploit
Exploit Title: Aida64 6.10.5200 - Buffer Overflow SEH Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.aida64.com Software Link: https://www.aida64.com/downloads/OTAwMmVmNTE= Version: AIDA64 Enginner 6.10.5200 Tested on: Windows 7 Home Basic SP1 CVE : N/A Step 1 File - Preferences -...
Ayukov NFTP client 1.71 - (SYST) Buffer Overflow Exploit
Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...
Launch Manager 6.1.7600.16385 - (DsiWMIService) Unquoted Service Path Vulnerability
Title: Launch Manager 6.1.7600.16385 'DsiWMIService' Unquoted Service Path Author: Gustavo Briseño Vendor Homepage: https://www.acer.com/ Software Link:...
OpenVPN Connect 3.0.0.272 - (agent_ovpnconnect) Unquoted Service Path Vulnerability
Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type: Unquoted Service Path Tested on...
Apple macOS 10.15.1 - Denial of Service Exploit
Exploit Title: Apple macOS 10.15.1 - Denial of Service PoC Exploit Author: 08Tc3wBB Vendor Homepage: Apple Software Link: Version: Apple macOS msghlocalport, msg1.msghsize, msg4.msghreserved, unsigned intmsg4.msghid, QWORD &msg1.msghreserved, // inputmem1 msg2.msghsize 2, // inputmem1len QWORD...
eIDAS-Node 2.3 Authentication Bypass Exploit
Exploit for multiple platform in category web applications ======================================================================= title: Authentication Bypass product: eIDAS-Node vulnerable version: =v2.3 v2.1 vulnerability 2 fixed version: v2.3.1 CVE number: - impact: critical homepage:...
Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit
This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attack...
Microsoft Office 365 / ProPlus 16.0.11929.202.88 docx2docm Protection Bypass Vulnerability
Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...
Microsoft Office 365 / ProPlus 16.0.11929.202.88 Remote Code Execution Vulnerability
Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...
ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability
Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...
Apache Solr 8.2.0 - Remote Code Execution Exploit
Exploit for java platform in category web applications Title: Apache Solr 8.2.0 - Remote Code Execution Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github:...
OpenVPN Private Tunnel 2.8.4 - (ovpnagent) Unquoted Service Path Vulnerability
Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Vendor Homepage: https://openvpn.net/ Software Link: https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe Version : PrivateTunnel v2.8.4 Tested on: Windows 10 64bitEN CVE : N/A...
TheJshen contentManagementSystem 1.04 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Version: 1.04 Software Link:...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS installs CVE :...
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH) Exploit
Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Exploit Author: Doan Nguyen 4ll4u Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Version: v4.6.1217 Tested on: Windows XP SP3 CVE : N/A Reference from : 1...
Wordpress Google Review Slider 6.1 Plugin - (tid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendo...
Nostromo 1.9.6 Directory Traversal / Remote Command Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function httpverify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. This module...
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Title: Linux/x86 NOT|ROT+8 Encoded execve/bin/sh null-free Shellcode 47 bytes Author: Daniel Ortiz Date: 2019-10-30 Tested on: Linux 4.18.0-25-generic 26 Ubuntu Size: 47 bytes SLAE ID: PA-9844 ----------------------- execve ------------------------------------------------ global start section .te...
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation Exploit
The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter = whatever: 42; function v2v5 const v10 = Object; if v5 const v1...
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version: v4.6.1217 Tested on: Windows 7 x64 Windows XP SP3 1.- Run python code :poc.py 2.-...
Ajenti 2.1.31 - Remote Code Exection Exploit
Exploit for jsp platform in category web applications Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit:...
Citrix StoreFront Server 7.15 - XML External Entity Injection Vulnerability
Exploit for xml platform in category web applications Exploit Title: Citrix StoreFront Server 7.15 - XML External Entity Injection Exploit Author: Vahagn Vardanya Vendor Homepage:https://www.citrix.com/downloads/storefront/ Software Link: https://support.citrix.com/article/CTX251988 Version: Citr...
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure Exploit
Exploit for hardware platform in category web applications Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor: iSeeQ Product web...
Microsoft Windows Server 2012 - (Group Policy) Remote Code Execution Exploit
Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and...
Intelligent Security System SecurOS Enterprise 10.2 - (SecurosCtrlService) Unquoted Service Path Exp
Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link: https://www.issivs.com/schedule-a-free-demo/trial version for...
Microsoft Windows Server 2012 - (Group Policy) Security Feature Bypass Exploit
Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, an...
rConfig 3.9.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9.2 - Remote Code Execution Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/pyth...
Win10 MailCarrier 2.51 - (POP3 User) Remote Buffer Overflow Exploit
Exploit Title: Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow Author: Lance Biggerstaff Original Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Tested on: Windows 10 Note: Every version of Windows 10 has a different offset ¯\ツ...
Wordpress 5.2.4 - Cross-Origin Resource Sharing Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-jso...
PHP-FPM + Nginx - Remote Code Execution Exploit
Exploit for php platform in category web applications PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have...
delpino73 Blue-Smiley-Organizer 1.32 - (datetime) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link: https://github.com/delpino73/Blue-Smiley-Organizer.git...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - (start) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link:...
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed Exploit
VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL const if document.page && document.page-subframeCount =...
JumpStart 0.6.0.0 - (jswpbapi) Unquoted Service Path Vulnerability
Exploit Title: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path Exploit Author: Roberto Escamilla Vendor Homepage:https://www.inforprograma.net/ Software Link: https://www.inforprograma.net/ Version: = 0.6.0.0 wpspin.exe Tested on: Windows 10 Home CVE : N/A STEPS 1.- Install the JumpStart...
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on...