39001 matches found
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities Software Link:...
macOS < 10.14.5 / iOS < 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free Exploit
macOS soflags & SOFPCBCLEARING struct ipmoptions imo; struct ip6moptions im6o; inp-inpvflag = 0; if inp-in6poptions != NULL mfreeminp-in6poptions; inp-in6poptions = NULL; // in6poutputopts; // in6proute; // free IPv4 related resources in case of mapped addr if inp-inpoptions != NULL void...
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications I. VULNERABILITY ------------------------- httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. II. CVE REFERENCE ------------------------- CVE-2019-12167 III. VENDOR...
Freelance Cockpit CRM 3.3.1 SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Freelance Cockpit CRM - SQL Inj. Dork: N/A Date: 17-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
phpKF 1.10 XSS / CSRF / SQL Injection Vulnerabilities
phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Exploit Title: phpKF - Multi Vulnerabilities XSS , SQLi , CSRF Google Dork: Yazılım: phpKF © 2007-2019 Exploit Author: Ahmethan GULTEKIN @inject0r16 b4 Vendor Homepage:...
Oracle CTI Web Service - (EBS_ASSET_HISTORY_OPERATIONS) XML Entity Injection Exploit
Exploit for java platform in category web applications Exploit Title: Oracle CTI Web Service XML Entity Exp. Exploit Author: omurugur Author Web: https://www.justsecnow.com Author Social: @omurugurrr URL : http://10.248.68.188/EBSASSETHISTORYOPERATIONS As can be seen in the following request /...
Deluge 1.3.15 - (URL) Denial of Service Exploit
Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7 Service Pack 1 x64 Steps t...
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: TL-WR840N v5 00000005 Exploit Author: purnendu ghosh Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Category: Hardware Firmware...
GAT-Ship Web Module 1.30 Information Disclosure Vulnerability
Exploit for multiple platform in category web applications GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...
Cisco Expressway Gateway 11.5.1 Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Cisco Expressway Gateway 11.5.1 Directory Traversal Vulnerability Details ======= Product: Cisco Expressway Gateway Affected Versions: 11.5.1, possibly others Fixed Versions: See Cisco Bug ID CSCvo47769 1 Vulnerability Type: Directory...
WordPress WPGraphQL 0.2.3 Plugin - Multiple Vulnerabilities
Exploit for php platform in category web applications...
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit
Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit
macOS 10.14.5 / iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its...
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment
macOS 10.14.5 / iOS 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds...
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT
macOS 13.37; stackspray = ; for let v15 = 0; v15 100; v15++ function v19v23 // This weird loop form might be required to prevent loop unrolling... for let v30 = 0; v30 3; v30 = v30 + "asdf" // Generates the specific CFG necessary to trigger the bug. const v33 = Error != Error; if v33 else // Forc...
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution Exploit
Exploit for java platform in category web applications / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X....
Solaris 10 1/13 (#Intel) - (dtprintinfo) Local Privilege Escalation Exploit
Exploit for solaris platform in category local exploits / raptordtprintnameintel.c - dtprintinfo 0day, Solaris/Intel Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...
docPrint Pro 8.0 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Document Converter docPrint Pro v8.0 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...
PCL Converter 2.7 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: VeryPDF PCL Converter v2.7 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/pcltools/pcl-converter.exe Version: 2.7 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...
Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (2) Exploit
Exploit for solaris platform in category local exploits / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability a...
BulletProof FTP Server 2019.0.0.50 - (Storage-Path) Denial of Service Exploit
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...
AbsoluteTelnet 10.16 - (License name) Denial of Service Exploit
Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet10.16.exe Tested Version: 10.16 Tested on: Windows 7 Service Pack 1 x...
BulletProof FTP Server 2019.0.0.50 - (DNS Address) Denial of Service Exploit
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...
Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (1) Exploit
Exploit for solaris platform in category local exploits / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...
Encrypt PDF 2.3 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Encrypt PDF v2.3 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/encryptpdf/encryptpdf.exe Version: 2.3 Tested on: Windows 10 Proof of Concept: 1.- Run the python script "EncryptPDF.py", ...
GetSimpleCMS - Unauthenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GetSimpleCMS Unauthenticated RCE", 'Description' = %q This module exploits a vulnerability found in GetSimpleCMS, which allows unauthenticated...
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8....
Linux/x86-64 - Delete File Shellcode (28 bytes)
;Title: Linux/x8664 - delete ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 28 bytes This shellcode deletes file declared in "fname" ==================ASSEMBLY ======================================== global start section .text start: jmp short file delete: push 87...
Huawei eSpace 1.1.11.103 - DLL Hijacking Exploit
Exploit for windows platform in category local exploits / Huawei eSpace Desktop DLL Hijacking Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create...
Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Exploit
Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced...
Huawei eSpace Meeting 1.1.11.103 - (cenwpoll.dll) SEH Buffer Overflow (Unicode) Exploit
!/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected application: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpac...
Huawei eSpace 1.1.11.103 - (ContactsCtrl.dll) / (eSpaceStatusCtrl.dll) ActiveX Heap Overflow Exploit
Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC eSpace UC V200R002C02 Summary: Create...
Sandboxie 5.30 - (Programs Alerts) Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Sandboxie 5.30 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.sandboxie.com Software https://www.sandboxie.com/SandboxieInstall.exe Version: 5.30 Tested on: Windows 10 Proof of Concept: 1.- Run the python script 'Sandboxie.py', it...
CEWE Photoshow 6.4.3 - (Password) Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: CEWE PHOTO SHOW 6.4.3 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of Concept: 1.- Run the pytho...
CEWE Photo Importer 6.4.3 - (.jpg) Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: CEWE PHOTO IMPORTER 6.4.3 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of Concept: 1.- Run the...
Iperius Backup 6.1.0 - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...
Interspire Email Marketer 6.20 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach...
ZOC Terminal v7.23.4 - (Private key file) Denial of Service Exploit
Exploit Title: ZOC Terminal v7.23.4 - 'Private key file' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the...
ZOC Terminal v7.23.4 - (Shell) Denial of Service Exploit
Exploit Title: ZOC Terminal v7.23.4 - 'Shell' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.-...
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service Exploit
!/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD package version: 2.38.0 Summary: Substation communications networks...
Axessh 4.2 - (Log file name) Denial of Service Exploit
Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on: Windows 7 Service Pack 1 x32 Steps to produce the crash: 1.- Run python code:...
JetAudio jetCast Server 2.0 - (Log Directory) Local SEH Alphanumeric Encoded Buffer Overflow Exploit
Exploit for windows platform in category local exploits Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...
ZOC Terminal 7.23.4 - (Script) Denial of Service Exploit
Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1....
WeChat for Android 7.0.4 - vcodec2_hls_filter Denial of Service Exploit
Exploit Title: DoS Wechat with an emoji Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0.4 Tested on: Android 9.0 CVE : CVE-2019-11419 Description: vcodec2hlsfilter in...
VMware Workstation 15.1.0 - DLL Hijacking Exploit
Exploit for windows platform in category local exploits --------------------------------------------------------- Title: VMware Workstation DLL hijacking DLLIMPORT void SHGetFolderPathW MessageBox0, "s1kr10s", "VMWare-Poc", MBICONINFORMATION; exit0; --------------------------...
DeepSound 1.0.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: DeepSound 1.0.4 - SQL Inj. Dork: N/A Date: 15-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability
Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in trackimportexport.php. 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injectio...
PHP-Fusion 9.03.00 Remote Code Execution Exploit
This Metasploit module exploits a command execution vulnerability in PHP-Fusion versions 9.03.00 and below. It is possible to execute commands in the system with ordinary user authority. This module requires Metasploit: https://metasploit.com/download Current source:...
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
Exploit for php platform in category web applications input type="hidden" name="password2" value="newpass1...
CommSy 8.6.5 - SQL injection Vulnerability
Exploit for php platform in category web applications Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security...