39001 matches found
Redis 5.0 - Denial of Service Vulnerability
Exploit for linux platform in category dos / poc Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the...
Redatam Web Server < 7 - Directory Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: Redatam Web Server R+SP WebUtilities Exception Error Number 401 Error Message File not found in folder C:\wamp\apps\redatam\redbin...
Redis-cli < 5.0 - Buffer Overflow Exploit
Exploit for linux platform in category local exploits Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow ...
Microsoft COM for Windows - Privilege Escalation Exploit
Exploit for windows platform in category local exploits Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exis...
phpMyAdmin 4.x Remote Code Execution Exploit
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
Audiograbber 1.83 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Audiograbber 1.83 - Local Buffer Overflow SEH Exploit Author: Dennis 'dhn' Herrmann Vendor Homepage: https://www.audiograbber.org/ Version: 1.83 Tested on: Windows 7 SP1 x86 !/usr/bin/env python $Id: exploit.py,v 1.0 2018/06/1...
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery Vulnerability
Exploit for linux platform in category web applications Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit 0day.today 2018-06-18...
Joomla jomres 9.11.2 Component - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla!Component jomres 9.11.2 - Cross site request forgery Date: 2018-06-15 Exploit Author: L0RD Vendor Homepage: https://www.jomres.net/ Software link: https://extensions.joomla.org/extension/jomres/ Software Download:...
Nikto 2.1.6 - CSV Injection Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on:...
Pale Moon Browser < 27.9.3 - Use After Free Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList'; 0day.today 2018-06-18...
Dimofinf CMS 3.0.0 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS"...
OEcms 3.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1"...
WordPress Redirection 2.7.1 Deserialization Code Execution Vulnerability
Exploit for php platform in category web applications Details ================ Software: Redirection Version: 2.7.1 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/unserialization-redirection/ CVE: Awaiting assignment CVSS: 9 High;...
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Vulnerability
Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway suffer from a privilege escalation vulnerability. Rockwell Automation RSLinx Classic versions 3.90.01, 3.73.00, 3.72.00, and 2.58.00 are susceptible. Rockwell Automation FactoryTalk Linx Gateway version 3.90.00 is susceptible. Rockwe...
Easy Chat Server 3.1 Add User Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python ---------------------------------------------------------------------------------------------------------- Exploit Title : Easy Chat Server 3.1 - 'Add user' Local Buffer Overflow Exploit Author : Hashim Jawad -...
Soroush IM Desktop app 0.15 - Authentication Bypass Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 180...
rtorrent 0.9.6 - Denial of Service Exploit
Exploit for linux platform in category dos / poc Exploit Title: rtorrent 0.9.6 - Denial of Service Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...
Joomla Ek rishta 2.10 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...
OX App Suite 7.8.4 - Multiple Vulnerabilities
Exploit for multiple platform in category web applications Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution...
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Exploit Author: email protected Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMi...
DHCP Client - Command Injection (DynoRoot) Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the...
Canon PrintMe EFI - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Title: Canon PrintMe EFI - Cross-Site Scripting Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...
Canon LBP7110Cw - Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Canon LBP7110Cw - Authentication Bypass Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP7110Cw CVE: CVE-2018-12049 Severity: High Leads to full System Manager Mode account take-over Description ...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Exploit
Exploit for linux platform in category local exploits Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the...
WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...
WordPress Google Map Plugin < 4.0.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE...
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01...
MACCMS 10 - Cross-Site Request Forgery (Add User) Vulnerability
Exploit for php platform in category web applications Exploit Title: MACCMSV10 CSRF vulnerability add admin account Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSR...
glibc - realpath() Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...
Canon LBP6030w - Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Canon LBP6030w - Authentication Bypass Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP6030w Severity: High Leads to full System Manager Mode account take-over CVE: CVE-2018-12049 Description : ...
Siaberry 1.2.2 - Command Injection Vulnerability
Exploit for hardware platform in category web applications Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying a...
Joomla EkRishta 2.10 Component - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win ...
WordPress Pie Register Plugin < 3.0.9 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET...
Event Manager Admin panel - events_new.php SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...
userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page...
userSpice 4.3.24 - Username Enumeration Exploit
Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - Username Enumeration Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if...
Schools Alert Management Script - SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - SQL Injection Vulnerabilities Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application...
Joomla EkRishta 2.10 Component - cid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection Dork: N/A Date: 08.06.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extension/ek-rishta/ Version: 2.10 Tested on: WiN7x64/...
WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit
Exploit for linux platform in category dos / poc Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. ,...
Chrome V8 PromiseAllResolveElementClosure Element Confusion Vulnerability
Exploit for multiple platform in category dos / poc Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion The Promise.all method internally uses PromiseAllResolveElementClosure...
Schools Alert Management Script - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit...
WebKit - Use-After-Free when Resuming Generator Exploit
Exploit for multiple platform in category dos / poc !-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state = email protected...
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access Exploit
Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporali...
Google Chrome - Integer Overflow when Processing WebAssembly Locals Exploit
Exploit for multiple platform in category dos / poc / When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an...
XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit
Exploit for hardware platform in category web applications Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...
WebKit - WebAssembly Compilation Info Leak Exploit
Exploit for multiple platform in category dos / poc arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, th...
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access Exploit
Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed from the...
Splunk < 7.0.1 - Information Disclosure Vulnerability
Exploit for linux platform in category web applications Exploit Title: Splunk 7.0.1 - Information Disclosure Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows...
Ftp Server 1.32 - Credential Disclosure Vulnerability
Exploit for Android platform in category local exploits Exploit Title: Ftp Server 1.32 - Credential Disclosure Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobile...
WordPress Form Maker Plugin 1.12.24 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update released The...