39001 matches found
Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting Vulnerability
An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...
Sierra #Wireless #AirLink ES450 #ACEManager upload.cgi Unverified Password Change Exploit
Exploit for hardware platform in category web applications...
Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery Vulnerability
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being...
Sierra Wireless AirLink ES450 ACEManager Information Exposure Exploit
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution Exploit
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticat...
Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials Vulnerability
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can activat...
Joomla ARI Quiz 3.7.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...
Pycat Simple Windows Reverse TCP backdoor Exploit
Pycat is a simple Windows reverse TCP backdoor akin to a netcat TCP reverse connection clone. Written in Python. Pycat Simple Windows Reverse TCP backdoor Exploit import asyncio import socket import argparse parser = argparse.ArgumentParserformatterclass=argparse.RawTextHelpFormatter, description...
GAT-Ship Web Module Unrestricted File Upload Vulnerability
Exploit for asp platform in category web applications GAT-Ship Web Module before the current version 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrad...
systemd DynamicUser SetUID Binary Creation Exploit
This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not...
NSauditor 3.1.2.0 - Community Denial of Service Exploit
Exploit Title: NSauditor 3.1.2.0 - 'Community' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0 Tested on: Windows 7 x64 Service Pack 1...
NSauditor 3.1.2.0 - Name Denial of Service Exploit
Exploit Title: NSauditor 3.1.2.0 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0 Tested on: Windows 7 x64 Service Pack 1 Steps to produce the crash: 1.- Ru...
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version:...
JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Vendor Homepage: https://www.jio.com/ Hardware Link:...
HeidiSQL 10.1.0.5464 - Denial of Service Exploit
Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/downloads/releases/HeidiSQL10.164Portable.zip Tested Version: 10.1.0.5464 Tested on: Windows 10 Single Language x6...
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Introduction Exploit Title: Rabbit Shellcode Crypter Date: 24.4.2019 Exploit Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Description: Crypter which encrypts, decrypts and executes given shellcode using Rabbit symmetric cipher Keep in mind before use 1. Max...
Lavavo CD Ripper 4.20 Local SEH Exploit
Exploit for windows platform in category local exploits Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Tested on: Windo...
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion Vulnerabilities
Exploit for php platform in category web applications Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link:...
JioFi 4G M2S 1.0.2 - Denial of Service Exploit
Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Vendor Homepage: https://www.jio.com/ Hardware Link:...
Backup Key Recovery 2.2.4 - Denial of Service Exploit
Exploit Title: Backup Key Recovery 2.2.4 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested Version: 2.2.4 Tested on: Windows 7 x64 Service Pack 1 Steps to produce the...
AnMing MP3 CD Burner 2.0 Local Dos Exploit
Exploit Title: AnMing MP3 CD Burner 2.0 Local Dos Exploit Date: 25.04.2019 Vendor Homepage:http://www.ddz1977.com/ Software Link: https://files.downloadnow.com/s/software/10/56/16/74/anmingsetup.zip?token=1556228877063f2dc0aed064ee5d13374d8509661c&fileName=anmingsetup.zip Exploit Author: Achilles...
RARLAB WinRAR ACE Format Input Validation Remote Code Execution Exploit
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Exploit
Exploit for windows platform in category local exploits VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading...
Google Chrome 72.0.3626.121 / 74.0.3725.0 - NewFixedDoubleArray Integer Overflow Exploit
Google Chrome 72.0.3626.121 / 74.0.3725.0 - NewFixedDoubleArray Integer Overflow Exploit VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure...
Confluence Server / Data Center Path Traversal Vulnerability
Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2. Confluence Server / Data Center Path...
Sony Smart TV Information Disclosure / File Read Vulnerabilities
Exploit for hardware platform in category local exploits ADVISORY INFORMATION TITLE: Multiple vulnerabilities in Sony Smart TVs ADVISORY URL: https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/ DATE PUBLISHED: 23/04/2019 AFFECTED VENDORS: Sony RELEASE MODE: Coordinated...
Ross Video DashBoard 8.5.1 - Insecure Permissions Vulnerability
Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag Modify or 'C' flag Chan...
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition Exploit
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition Exploit / The Siemens R3964 line discipline code in drivers/tty/nr3964.c has a few races around its ioctl handler; for example, the handler for R3964ENABLESIGNALS just allocates and deletes elements in a linked list with zero...
Linux - (page->_refcount) Overflow via FUSE Exploit
Linux: page-refcount overflow via FUSE with 140GiB RAM usage Tested on: Debian Buster distro kernel "4.19.0-1-amd64 1 SMP Debian 4.19.12-1 2018-12-22" KVM guest with 160000MiB RAM A while back, there was some discussion about possible overflows of the mapcount in struct page, started by Daniel...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit Exploit
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size DoS
var arr1 = 0,1; function ObjCreatemake this.make = make; var obj1 = new ObjCreate; function main arr1.reducef3; Object.getOwnPropertyDescriptorsArray99.joinobj1.make; function f3 obj1"make" = RegExpArray60000.join"CCC";...
LabF nfsAxe 3.7 Ping Client Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: LabF nfsAxe 3.7 Ping Client - Buffer Overflow Vanilla Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.labf.com/nfsaxe Version: 3.7 Software Link :...
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User) Exploit
Exploit for php platform in category web applications Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE : CVE-2019-11374 74CMS...
WordPress Contact Form Builder 1.0.67 Plugin - CSRF / Local File Inclusion Exploit
Exploit for php platform in category web applications Exploit Title: Contact Form Builder CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-builder Version: 1.0.67 Tested on: WordPress...
Msvod 10 - Cross-Site Request Forgery (Change User Information) Exploit
Exploit for php platform in category web applications Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375 Msvod v10 has a CSRF...
QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service Exploit
!/usr/bin/python Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.qnap.com Version: 1.3.4.0317 and below are vulnerable Software Link: https://www.qnap.com/en/utilities/essentials Contact:...
Ease Audio Converter 5.30 Audio Cutter Dos Exploit
Exploit Title: Ease Audio Converter 5.30 Audio Cutter Dos Exploit Date: 19.04.19 Vendor Homepage:http://www.audiotool.net/download.htm Software Link: http://www.audiotool.net/download/audioconverter.exe Exploit Author: Achilles Tested Version: 5.30 Tested on: Windows 7 x64 Sp1 1.- Run the python...
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in...
Oracle Business Intelligence / XML Publisher 12.2.1.4.0 - XML External Entity Injection Exploit
Exploit for windows platform in category web applications Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link: https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html Version:...
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal Exploit
Exploit for windows platform in category web applications Exploit Title: Directory traversal in Oracle Business Intelligence Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link: https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html Version:...
ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the...
Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...
Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference Exploit
Exploit Title: Netwide Assembler NASM 2.14rc15 NULL Pointer Dereference PoC Exploit Author: Fakhri Zulkifli Vendor Homepage: https://www.nasm.us/ Software Link: https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D Version: 2.14rc15 and earlier Tested on: 2.14rc15 CVE : CVE-2018-16517 asm/labels.c ...
Evernote 7.9 - Code Execution via Path Traversal Exploit
Exploit for macOS platform in category local exploits Exploit Title: Code execution via path traversal Exploit Author: Dhiraj Mishra Vendor Homepage: http://evernote.com/ Software Link: https://evernote.com/download Version: 7.9 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-10038 References:...
LibreOffice 6.0.7 / 6.1.3 - Macro Code Execution Exploit
Exploit for multiple platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Code Execution', 'Description' = %q LibreOffice comes bundled with...
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in scFindExtrema4 A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library...
ASUS HG100 - Denial of Service Exploit
Exploit Title:ASUS HG100 devices denial of serviceDOS via IPv4 packets/SlowHTTPDOS Date: 2019-04-14 Exploit Author: YinT Wang; Vendor Homepage: www.asus.com Version: Hardware version: HG100 、Firmware version: 1.05.12 Tested on: Currnet 1.05.12 CVE : CVE-2018-11492 1. Description The attack at sam...
MailCarrier 2.51 - POP3 (RETR) SEH Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "RETR" commandPOP3 Date: 16/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesyste...
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself ...