39001 matches found
Ampache 3.8.6 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6 Information -------------------- Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting in Ampache 3.8.6 Affected Software: Ampache Affected Versions: 3.8.6...
MDwiki < 0.6.2 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications MDwiki 0.6.2 - Cross-Site Scripting Vulnerability Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwi...
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork Exploit
/ When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt being shown to the user, asking the user to confirm the action by enteri...
BlogEngine 3.3 - XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service Exploit
function main var vArr = new Array; var bigArray = new Array0x20000000; vArr0 = String.prototype.toLowerCase.callbigArray; vArr1 = String.prototype.toLowerCase.callbigArray; vArr2 = String.prototype.toLowerCase.callbigArray;...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...
Wireshark - (get_t61_string) Heap Out-of-Bounds Read Exploit
The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file". --- cut --- ================================================================= ==16936==ERROR: AddressSanitizer:...
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation Exploit
Exploit for php platform in category web applications !/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage: https://davidtavarez.github.io/ Software...
Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Versio...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ Vendor: ChinaMobile Category: Hardware Version...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection Vulnerability
Exploit for hardware platform in category web applications body...
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal Vulnerability
Exploit for php platform in category web applications ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference Exploit
function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...
phpMoAdmin #MongoDB GUI 1.1.5 - CSRF / XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: phpMoAdmin 1.1.5 - MongoDB GUI | Multiple Vulnerabilities Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmoadmin.com Software Link: http://www.phpmoadmin.com/file/phpmoadmin.zip Version: 1.1.5 Introduction phpMoAdmin ...
Embed Video Scripts - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Embed Video Scripts - Cross-site Script stored Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/...
All in One Video Downloader 1.2 - Authenticated SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: All in One Video Downloader 1.2 - SQL Injection Google Dork: "developed by Niche Office" Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://nicheoffice.web.tr/...
Wordpress UserPro < 4.9.21 Plugin - User Registration Privilege Escalation Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...
BlueAuditor 1.7.2.0 - Key Denial of Service Exploit
Exploit Title: BlueAuditor 1.7.2.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/blueauditorsetup.exe Tested Version: 1.7.2.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10...
LayerBB 1.1.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: LayerBB 1.1.1 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=26 Version: 1.1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-17997 1...
Mailcleaner - Authenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
MyT Project Management 1.5.1 - Charge[group_total] SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MyT-PM 1.5.1 - 'Chargegrouptotal' SQL Injection Exploit Author: Mehmet Önder Key Vendor Homepage: https://manageyourteam.net/ Software Link: https://sourceforge.net/projects/myt/ Version: v1.5.1 Category: Webapps Tested on: WAMP...
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation
Exploit for windows platform in category local exploits Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows Server 2016 Standard x64 CVE :...
SpotFTP Password Recover 2.4.2 - Name Denial of Service Exploit
Exploit Title: SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested Version: 2.4.2 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windo...
Foscam Video Management System 1.1.4.9 - Username Denial of Service Exploit
Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.foscam.es/ Software Link : https://www.foscam.es/descarga/FoscamVMS1.1.4.9.zip Tested Version: 1.1.4.9 Vulnerability Type: Denial of Service DoS Local...
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data Exploit
Exploit for windows platform in category web applications Exploit Title: Ajera Timesheets = 9.10.16 - Deserialization of untrusted data Exploit Author: Anthony Cole Vendor Homepage: https://www.deltek.com/en/products/project-erp/ajera Version: = 9.10.16 Contact: http://twitter.com/acole76 Website...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications input type="hidden" name="txtHelpPage" valu...
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on: Ubuntu 18.04 CVE:...
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS) Exploit
Exploit for hardware platform in category web applications Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version: 21.210.09.00.158 Tested on: Windo...
Apache CouchDB 2.3.0 Cross Site Request Forgery Vulnerability
Apache CouchDB version 2.3.0 suffers from cross site request forgery vulnerabilities providing there's a loose CORs policy. Exploit Title: Apache CouchDB 2.3.0 Cross Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link:...
SugarCRM addLabels PHP Code Injection Vulnerability
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels" method when saving labels through t...
SugarCRM Web Logic Hooks Module Path Traversal Vulnerability
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhooktargetmodule" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited...
SugarCRM portal_get_related_notes SQL Injection Vulnerability
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portalgetrelatednotes" SOAP function. User input passed through the "orderby" parameter is not properly sanitized before being...
SugarCRM Web Logic Hooks Module PHP Code Injection Vulnerability
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "triggerevent" parameter is not properly sanitized before being used to save PHP code into the 'logichooks.php' file through the Web Logic Hooks module. This can be...
SugarCRM SaveDropDown PHP Code Injection Vulnerability
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'listvalue' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This ca...
SugarCRM ConnectorsController Server-Side Request Forgery Vulnerability
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::actionCallRest" method. User input passed through the "url" request parameter is not properly sanitized before being used in a ca...
SugarCRM WorkFlow PHP Code Injection Vulnerability
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $POST'basemodule' parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the...
Oracle Application Express AnyChart Flash-Based Cross Site Scripting Vulnerability
Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "externalobjid" GET parameter is not properly sanitized before being passed to the...
Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit Author: Uday Mittal Vendor Homepage: http://www.ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/src/nftp-1.72.zip Version : below 2.0 Tested on: Microsoft Windows X...
Frog CMS 0.9.5 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under...
NetworkSleuth 3.0.0.0 - Key Denial of Service Exploit
Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested Version: 3.0.0.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows...
NBMonitor Network Bandwidth Monitor 1.6.5.0 - Name Denial of Service Exploit
Exploit Title: NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service PoC Author: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Tested Version: 1.6.5.0 Vulnerability Type: Denial of Service DoS Local Tested o...
Vtiger CRM 7.1.0 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link:...
WordPress Adicon Server 1.2 Plugin - selectedPlace SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Software Link: https://wordpress.org/plugins/adicons/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.2 Category: webapps SQL Injection File:...
EZ CD Audio Converter 8.0.7 - Denial of Service Exploit
Exploit Title: EZ CD Audio Converter Date: 30-12-2018 Vendor Homepage: https://www.poikosoft.com/ Software Link : https://download.poikosoft.com/ezcdaudioconvertersetupx64.exe Exploit Author: Achilles Tested Version: 8.0.7 64-bit Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS...
WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write Exploit
WebKit: JSC: A bug in JSArray::shiftCountWithArrayStorage CVE-2018-4441 bool JSArray::shiftCountWithArrayStorageVM& vm, unsigned startIndex, unsigned count, ArrayStorage storage unsigned oldLength = storage-length; RELEASEASSERTcount hasHoles && this-structurevm-holesMustForwardToPrototypevm, thi...
WebKit JSC AbstractValue::set Use-After-Free Exploit
WebKit: JSC: A bug in AbstractValue::set CVE-2018-4443 void AbstractValue::setGraph& graph, RegisteredStructure structure RELEASEASSERTstructure; mstructure = structure; marrayModes = asArrayModesstructure-indexingType; mtype = speculationFromStructurestructure.get; mvalue = JSValue;...
Hashicorp Consul Services API Remote Command Execution Exploit
This Metasploit module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command...
Hashicorp Consul Rexec Remote Command Execution Exploit
This Metasploit module exploits a feature of Hashicorp Consul named rexec. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = ...
Iperius Backup 5.8.1 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Iperius Backup 5.8.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: Iperius Backup 5.8.1 Vendor Homepage: https://www.iperiusbackup.com Version: 5.8.1 Local Buffer Overflow SEH Unicode Software...