39001 matches found
Kanboard 1.2.7 Code Execution / Cross Site Request Forgery Vulnerabilities
Kanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to...
AirDrop 2.0 - Denial of Service Exploit
include include include include include include include include include include include // // Author: Marcelo Vázquez aka s4vitar // AirDrop 2.0 Remote Denial of Service DoS // // Exploit Title: AirDrop 2.0 Remote Denial of Service DoS // Date: 2019-02-21 // Exploit Author: Marcelo Vázquez aka...
RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...
Teracue ENC-400 Command Injection / Missing Authentication Vulnerabilities
Teracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities. Teracue ENC-400 Command Injection / Missing Authentication Vulnerabilities Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including...
Valentina Studio 9.0.5 Linux - Host Buffer Overflow Exploit
-- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudiox64lin-deb?format=raw Version: 9.0.5 Tested on:...
ScreenStream 3.0.15 - Denial of Service Exploit
!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ScreenStream 3.0.15 Remote Denial of Service DoS Exploit Title: ScreenStream 3.0.15 Remote Denial of Service DoS Date: 2019-02-21 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: http://mobzapp.com/mirroring/index.html...
WebKit JSC reifyStaticProperty Attribute Flag Issue Exploit
WebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter. WebKit: JSC: reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter CVE-2019-6215...
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: C4G Basic Laboratory Information System BLIS 3.4 - Multiples SQL Injection Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php Version: C4G Basic Laboratory Information System v3.4 Exploit...
Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload Exploit
The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal ..\..\ characters. Therefore, this function can be abused to overwrite any files in the installation drive of...
Virtual VCR Max .0a - .vcr Buffer Overflow Exploit
!/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max Version .0a Tested on: Win XP SP3 CVE : N/A...
Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation Vulnerabilities
Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities. Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...
eDirectory - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Admin auth bypass, SQLi and File Disclosure Google Dork: no defacers please ! Date: March 2019 reported to vendor without response :D Exploit Author: Efren Diaz Author contact: https://twitter.com/elefr3n Vendor Homepage:...
FaceTime - Texture Processing Memory Corruption Vulnerability
FaceTime - Texture Processing Memory Corruption There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. thread 7, stop reason = EXCBADACCESS code=EXCI386GPFLT frame 0: 0x00007fff56baaa92...
BulletProof FTP Server 2019.0.0.50 - SMTP Server Denial of Service Exploit
Exploit Title: BulletProof FTP Server 2019.0.0.50 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 7 x64 Service Pack 1 Steps t...
Jenkins - Remote Code Execution Exploit
Exploit for java platform in category web applications Jenkins - Remote Code Execution Exploit In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...
NetSetMan 4.7.1 - Workgroup Denial of Service Exploit
Exploit Title: NetSetMan 4.7.1 'Workgroup' - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows 10 Single Language x64 / Windows 7 x32 Service Pack 1 Steps...
Find a Place CMS Directory 1.5 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor...
Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 19, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Listing Hub CMS 1.0 - pages.php id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...
Android Kernel < 4.8 - ptrace seccomp Filter Bypass Exploit
/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...
WinRAR 5.61 - (.lng) Denial of Service Exploit
Exploit Title: WinRAR 5.61 - Denial of Service Author: Kağan Çapar Software Link: https://win-rar.com/predownload.html?spV=true&subD=true&f=wrar561tr.exe Vendor Homepage : https://www.win-rar.com Tested Version: 5.61 32 Bit Tested on OS: Windows 10 Education 64 Bit Steps to Reproduce: Run perl...
Valentina Studio 9.0.4 - Host Denial of Service Exploit
Exploit Title: Valentina Studio 9.0.4 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://valentina-db.com/en/ Software Link: https://valentina-db.com/en/developer/database/download-valentina-database-adk Tested Version: 9.0.4 Tested on: Windows 7 x64 Service Pack 1...
FTPShell Server 6.83 - Account name to ban Denial of Service Exploit
Exploit Title: FTPShell Server 6.83 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/downloadserver.htm Tested Version: 6.83 Tested on: Windows 7 x64 Service Pack 1 Steps to produce the crash: 1.- Run...
Belkin Wemo UPnP - Remote Code Execution Exploit
V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...
Zuz Music 2.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://zuz.host/ Software Link:...
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version: 1.6.2.0 May affect other versions Tested on: Win ...
HotelDruid 2.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection CVE: CVE-2019-8937 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications !-- Exploit Title: Cross Site Scripting in XAMPP 5.6.8 and previous Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/ Software Link:...
Apple macOS 10.13.5 - Local Privilege Escalation Exploit
Exploit for macOS platform in category local exploits import import import import import import import "offsets.h" //utils define ENFORCEa, label \ do \ if builtinexpect!a, 0 \ \ timedlog"! %s is false l.%d\n", a, LINE; \ goto label; \ \ while 0 // from...
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates Vulnerability
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
Exploit for jsp platform in category web applications !-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc...
qdPM 9.1 - search[keywords] Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software...
qdPM 9.1 - type Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...
DASAN H665 Backdoor Account Vulnerability
DASAN H665 has a vendor backdoor built into BusyBox /bin/login that provides remote root access with no password. DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named "dnsekakf2$$" gives access to admin uid 0 account over telnet without any password, at least for...
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module Exploit
Exploit for php platform in category web applications --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99...
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting Exploit Author: Ozer Goker Vendor Homepage: https://cdome.comodo.com/firewall/ Software Link:...
Oracle Java Runtime Environment - Heap Out-of-Bounds AlternateSubstitutionSubtable
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process ----------------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment...
Oracle Java Runtime Environment - Heap Out-of-Bounds Read ExtractBitMap_blocClass
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMapblocClass --------------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 lates...
Oracle Java Runtime Environment - Heap Out-of-Bounds OpenTypeLayoutEngine
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions ----------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment...
WordPress WooCommerce Plugin - Payment Bypass / Unauthorized Order Status Spoofing
Exploit for php platform in category web applications WordPress Plugin WooCommerce - GloBee cryptocurrency Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing -------------------------------------------------------------- ?php Exploit Title: WordPress WooCommerce - GloBee...
M/Monit 3.7.2 - Privilege Escalation Exploit
Exploit for multiple platform in category web applications !/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL =...
Master IP CAM 01 3.3.4.2103 - Remote Command Execution Exploit
Exploit for cgi platform in category web applications Exploit Title: Master IP CAM 01 Remote Command Execution Date: 09-02-2019 Remote: Yes Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CVE: CVE-2019-8387 import sys import request...
CMSsite 1.0 - post SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: CMSsite 1.0 - 'post' SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 17, 2019 Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link :...
Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) Exploit
-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on: Windows 10 / Windows ...
Oracle Java Runtime Environment - Heap Out-of-Bounds glyph_CloseContour
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyphCloseContour ---------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the...
NBMonitor 1.6.5.0 - Key Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: NBMonitor 1.6.5 - 'Key' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Version: 1.6.5.0 Tested on: Windows 10 Proof of Concept: 1.- Run the python...
Digi TransPort LR54 Restricted Shell Escape Vulnerability
Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell. CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry,...
Realterm Serial Terminal 2.0.0.70 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on: Windows 10 Proof of Concept...
HTMLy 2.7.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4 Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4 Affected Software: HTMLy Affected Versions: 2.7.4 Homepage:...
macOS execve(/bin/sh) Null Free Shellcode (31 bytes)
/ Title: macOS - execve/bin/sh + Null-Free Shellcode 31 bytes Tested: macOS 10.14.1 Author: Ken Kitahara Compilation: gcc -o loader loader.c dev:works devuser$ swvers ProductName: Mac OS X ProductVersion: 10.14.1 BuildVersion: 18B75 dev:works devuser$ cat binsh.s section .text global start start:...