39001 matches found
GoodTravel Travel And Locations 1.0 Cross Site Scripting Vulnerability
GoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: GoodTravel - Travel & Locations PHP Script & Mobile App - xss Google Dork: N/A Date: 2017/28/12 Exploit Author: ShanoWeb Author Mail :...
Tripbuddy Travel, Locations, And Events 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Tripbuddy - Travel, Locations and Events Web App - xss Google Dork: N/A Date: 2017/28/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://tripbuddy-app.com/ Software Buy:...
Joomla JomEvents 3.7 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla JomEvents 3.7 - SQL Injection Credit: Bilal KARDADOU Vendor: http://comdev.eu URL: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jomevents/ Product: 'Joomla JomEvents 3.7' Developer: Comdev Extensio...
Joomla JomHoliday 4.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla JomHoliday 4.0 - SQL Injection Credit: Bilal KARDADOU Vendor: http://comdev.eu URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jomholiday/ Product: 'Joomla JomHoliday 4.0' Developer...
Joomla JomEstate PRO 3.7 SQL Injection Vulnerability
Joomla JomEstate PRO component version 3.7 suffers from a remote SQL injection vulnerability. Title: Joomla JomEstate PRO 3.7 - SQL Injection Credit: Bilal KARDADOU Vendor: http://comdev.eu URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/ Product...
Joomla Jtag Members Directory 5.3.7 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla Jtag Members Directory 5.3.7 - SQL injection Credit: Bilal KARDADOU Vendor: https://joomlatag.com URL: https://extensions.joomla.org/extensions/extension/clients-a-communities/members-lists/jtag-members-directory/ Product: 'Jooml...
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the non-default SSL option is turned off. By sending a specially crafted...
NetWin SurgeFTP 23f2 Cross Site Scripting Vulnerability
NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities. Exploit Title: Multiple stored Cross-site scripting in NetWin SurgeFTP version 23f2 CVE: CVE-2017-17933 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...
NetWin SurgeFTP 23f2 Cross Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: Multiple stored Cross-site scripting in NetWin SurgeFTP version 23f2 CVE: CVE-2017-17933 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://netwinsite.com Category...
Library CMS 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Library CMS - Powerful Book Management System - xss Google Dork: N/A Date: 2017/27/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://kaasoft.pro/ Software Buy:...
Joomla YJ Filter For K2 1.0.5 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla YJ Filter for K2 1.0.5 Module SQL Injection Credit: Bilal KARDADOU Vendor: http://www.youjoomla.com URL: https://extensions.joomla.org/extensions/extension/extension-specific/k2-extensions/yj-filter-for-k2/ Product: 'Joomla YJ...
Joomla YJ Live Search 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site Scripting Credit: Bilal KARDADOU Vendor: http://www.youjoomla.com URL: http://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html Product: 'Joomla...
Cambium ePMP1000 3.1-3.5-RC7 Command Injection Exploit
This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions...
HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability
HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...
Joomla YouBumpit 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla YouBumpit Extension 2.0 SQL Injection Credit: Bilal KARDADOU Vendor: http://www.youjoomla.com URL: http://extensions.youjoomla.info/youbumpit-extension.html Product: 'Joomla YouBumpit Extension 2.0' Extension type: Plugin...
Cambium ePMP1000 2.5 ping Shell via Command Injection Exploit
This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. This module requires Metasploit:...
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution Exploit
pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the rrdgraphimg.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject...
NetTransport 2.96L - Buffer Overflow (DEP Bypass) Exploit
Exploit for windows platform in category remote exploits Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J. Makalanga Contact:...
Huawei P8 wkupccpu debugfs Kernel Buffer Overflow Vulnerability
Exploit for hardware platform in category dos / poc Vulnerability Summary The following advisory describes a buffer overflow found in Huawei P8 Lite ALE-21 HI621sft, operating system versions EMUI 3.1 – wkupccpu debugfs driver. Huawei Technologies Co. Ltd. is “a multinational networking and...
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure Vulnerability
Exploit for hardware platform in category web applications Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0...
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service Exploit
Exploit for hardware platform in category dos / poc !/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1...
Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Exploit
Exploit for windows platform in category dos / poc Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at...
Trustwave SWG Unauthorized Access Vulnerability
Exploit for multiple platform in category web applications Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway SWG “provid...
ALLMediaServer 0.95 - Buffer Overflow (Metasploit) Exploit
Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit4 'ALLMediaServer 0.95 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of...
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model:...
Ichano AtHome IP Cameras Multiple Vulnerabilities
Exploit for hardware platform in category remote exploits Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and table...
Joomla JEXTN FAQ Pro 4.0.0 Component - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JEXTN FAQ Pro 4.0.0 - SQL Injection Dork: N/A Date: 24.12.2017 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/faq/jextn-faq-pro/...
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure Vulnerability
Exploit for php platform in category web applications Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive...
Sony Playstation 4 4.05 FW - Local Kernel Exploit
Exploit for bsd platform in category local exploits PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level...
Biometric Shift Employee Management System 3.0 - Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Biometric Shift Employee Management System 3.0 - Local File Download Dork: N/A Date: 24.12.2017 Vendor Homepage: https://www.shiftsystems.net/ Software Link:...
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download Exploit
Exploit for asp platform in category web applications Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork: inurl:/DesktopModules/DreamSlider/ CVE:...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince...
WordPress Easy Appointments 1.2.1 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities Vendor: Alex Tselegidis Product web page: http://www.easyappointments.org Affected version: 1.2.1 Summary: Easy!Appointments is a highly customizable web application that allows your...
COMTREND ADSL Router CT-5367 - Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits Exploit Title: Globalnet COMTREND ADSL Router CT-5367 Remote Code Execute Date: 11-12-2017 Exploit Author: TnMch Software Link : null Type : HardWare Risk of use : High Type to use : Remote 1. Description Any user can edit all users passwo...
SysGauge Server 3.6.18 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepag...
ALLMediaServer 0.95 - Buffer Overflow Exploit
Exploit for windows platform in category dos / poc Exploit Title: Buffer overflow in ALLPlayer ALLMediaServer 0.95 and earlier CVE: CVE-2017-17932 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.allmediaserver.org/ Category:...
Sendroid < 6.5.0 - SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: Sendroid - Bulk SMS Portal, Marketing Script 5.0.0 - 6.5.0 - SQL Injection Google Dork: "welcome to SMS portal" Date: 22/12/2017 Exploit Author: Onwuka Gideon Contact: http://twitter.com/@gideononwuka Vendor Homepage:...
EMC VNX1 / VNX2 Family Cross Site Scripting Vulnerability
A fix is available for certain versions of VNX Control Station for VNX1 and VNX2 that contain a reflected cross site scripting vulnerability. This vulnerability could potentially be exploited by malicious users to compromise the affected system. Affected includes Dell EMC VNX2 versions prior to...
GetGo Download Manager 5.3.0.2712 Buffer Overflow Exploit
Exploit for windows platform in category dos / poc Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link:...
Ubiquiti UniFi Video 3.7.3 Local Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-280 CVSSv3 Score: 7.8...
Vitek Remote Code Execution / Information Disclosure Vulnerabilities
Exploit for php platform in category remote exploits STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Ful...
phpMars 1.0.9 Cross Site Scripting Vulnerability
phpMars version 1.0.9 suffers from a cross site scripting vulnerability. Exploit Title: phpMars - Photos Social Network instagram clone - Cross Site Scripting Google Dork: N/A Date: 2017/20/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://grohsfabian.com...
Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Exploit
Exploit for linux platform in category remote exploits !/usr/bin/env python SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 Usage: ./fgtsshbackdoor.py import socket import select import sys import paramiko from paramiko.py3compat import u import base64 import hashlib import termios import t...
Palo Alto Networks PAN-OS Cookie Injection Vulnerability
Palo Alto Networks PAN-OS versions before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. !/bin/bash Exploit Title: Fake Cookie Injection PoC - CVE-2017-15944 Date: December...
Joomla JB Bus 2.3.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla JB Bus 2.3.0 SQL Injection Credit: Bilal KARDADOU Vendor: https://joombooking.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jbtransport/ Product: 'Joomla JB Bus component...
Xbox 360 Aurora 0.6b Default Credentials / FTP BruteForce Exploit
Exploit for linux platform in category remote exploits Exploit Title: XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce Date: 20/12/2017 Exploit Author: Daniel Godoy Vendor Homepage: http://phoenix.xboxunity.net//news Tested on: XBOX 360 GREETZ: Iker Legorreta, RemoteExecution Team...
Online Hotel Booking System Pro 1.3 Cross Site Scripting Vulnerability
Online Hotel Booking System Pro version 1.3 suffers from a cross site scripting vulnerability. Exploit Title: Online Hotel Booking System Pro 1.3 - Cross Site Scripting Google Dork: N/A Date: 2017/08/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage:...
Joomla JB Tour Booking 2.2.2 SQL Injection Vulnerability
Joomla JB Tour Booking extension 2.2.2 suffers from a remote SQL injection vulnerability. Title: Joomla JB Tour Booking 2.2.2 SQL Injection Credit: Bilal KARDADOU Vendor: https://joombooking.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-tou...
Roommate And Real Estate Listing Classified Response 1.0 XSS Vulnerability
Roommate and Real Estate Listing Classified Response version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: Roommate and Real Estate Listing Classified Responsive Web Application - Cross Site Scripting Google Dork: N/A Date: 2017/22/12 Exploit Author: ShanoWeb Author Mail :...
Linux Kernel >= 4.9 eBPF memory corruption bugs Vulnerability
Exploit for linux platform in category dos / poc Hi! A few BPF verifier bugs in the Linux kernel, most of which can be used for controlled memory corruption, have been fixed over the last days. One of the bugs was introduced in 4.9, the others were only introduced in 4.14. The fixes are in the ne...