39001 matches found
Monstra CMS 3.0.4 Remote Shell Upload Vulnerability
Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution. Exploit Title: Monstra CMS - 3.0.4 RCE Vendor Homepage: http://monstra.org/ Software Link: https://bitbucket.org/Awilum/monstra/downloads/monstra-3.0.4.zip Discovered by: Ishaq Mohamm...
VLC 2.2.8 MP4 Demux Type Conversion Vulnerability
Exploit for linux platform in category dos / poc About ===== A type conversion vulnerability exist in the MP4 demux module in VLC =2.2.8. This issue has been assigned CVE-2017-17670 and it could be used to cause an arbitrary free. Details ======= MP4 is a container format for video, audio,...
WordPress FormCraft Plugins - Cross-Site Scripting Image type Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugins FormCraft - Cross-Site Scripting Image Type Google Dork: inurl:/wp-content/plugins/formcraft/ Exploit Author: AlHikam0x Tested on: Ubuntu Proof of Concept Check blank page :...
Joomla JBcatalog Component - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla Component JBcatalog - Arbitrary File Upload Google Dork: inurl:/components/comjbcatalog/ Date: 16 December 2017 Indonesia Exploit Author: AlHikam0x Tested on: Ubuntu Proof of Concept 1. Check Vulnerability...
Western Digital MyCloud multi_uploadify File Upload Exploit
This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multiuploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a...
WordPress Pinterest Badge 1.8.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Pinterest Badge 1.8.0 Pinterest Badge is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...
ITGuard-Manager 0.0.0.1 - Remote Code Execution Exploit
Exploit for cgi platform in category remote exploits Vulnerability Title: ITGuard-Manager V0.0.0.1 PreAuth Remote Code Execution Author: Nassim Asrir Contact: email protected / @asrirnassim CVE: Waiting ... CVSS:...
WordPress Wunderbar Basic 1.1.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Wunderbar Basic 1.1.3 Wunderbar Basic is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...
Kemp Load Balancer WAF 7.2.40 Bypass Vulnerability
Exploit for hardware platform in category web applications 1. ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions...
Sync Breeze 10.2.12 - Denial of Service Exploit
Exploit for windows platform in category dos / poc ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...
Movie Guide 2.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Movie Guide 2.0 - SQL Injection Dork: N/A Date: 15.12.2017 Vendor Homepage: http://applebitemedia.com/ Software Link: http://applebitemedia.com/amwdl/AMMovieGuide.tar.gz Version: 2.0 Category: Webapps Tested on:...
Advantech WebAccess 8.2 Stack Buffer Overflow Exploit
This Metasploit module exploits a stack buffer overflow in Advantech WebAccess version 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit: http://metasploit.com/download Current source:...
EMC Isilon OneFS Privilege Escalation Vulnerability
EMC Isilon OneFS versions 7.x and 8.x suffer from a privilege escalation vulnerability. They contain an issue where a 'compadmin' user can potentially run restricted system commands with elevated root privilege on a cluster in compliance mode. EMC Isilon OneFS Privilege Escalation Vulnerability C...
Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass Vulnerability
Exploit for cgi platform in category web applications Title: Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability affects:...
Piwigo 2.9.1 - cat_true / cat_false SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Piwigo = 2.9.1 - 'cattrue'/'catfalse' SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://piwigo.org/ Software Link: http://piwigo.org/basics/downloads Version: = 2.9.1 Category: Webapps Tested on: WiN7x64/WIN10X64...
Palo Alto Networks Firewalls Remote Root Code Execution Vulnerability
Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and PAN-OS versions 8.0.5 and earlier. Full...
Microsoft Office DDE Payload Delivery Exploit
This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
vBulletin 5 routestring Unauthenticated Remote Code Execution Vulnerability
Exploit for php platform in category web applications Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin version 5. vBulletin, also known as vB, is a widespread proprietary Internet forum...
Dup Scout Enterprise 10.0.18 Buffer Overflow Exploit
This Metasploit module exploits a stack buffer overflow in Dup Scout Enterprise version 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access. This module requires Metasploit: https://metasploit.com/download Current source:...
FS Lynda Clone 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications 0day.today 2018-04-06...
WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting Vulnerability
Wordpress Qiniu Cloudtuchuang 七牛云图床 plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Title: WordPress Qiniu Cloudtuchuang a,caoa3/4ao 1.8 Cross Site Scripting File: Class Input Validation Error Remote Yes Cred...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Vulnerability (2)
Exploit for cgi platform in category web applications Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload Path Traversal Author: Jakub Palaczynski CVE: CVE-2017-16788 Exploit was tested on: ====================== Meinberg LANTIME Web Configuration Utility 6.16.008...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Vulnerability
Exploit for cgi platform in category web applications Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability affects:...
WordPress WordApp Mobile 2.0.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: WordPress WordApp Mobile App Plugin a Convert your WordPress Site to a Mobile App 2.0.3 Cross Site Scripting File: Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable WordApp Mobile App Plugin a Convert your...
WordPress WooPay Inicis 1.1.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: WordPress WooPay a Inicis 1.1.3 Cross Site Scripting File: Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable WooPay a Inicis 1.1.3 WooPay a Inicis Plugin is prone to a stored cross-site scripting vulnerability...
Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password Vulnerabilities
Zivif PR115-204-P-RS cameras version 2.3.4.2103 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities. Researcher: Silas Cutler p1nk Release date: December 10, 2017 Full Disclosure: 90 days CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 Vulnerable...
Joomla JEXTN Question And Answer 3.1.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
pfSense 2.4.1 - CSRF Error Page Clickjacking Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module...
glibc ld.so - Memory Leak / Buffer Overflow Vulnerability
Exploit for linux platform in category local exploits Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer...
Readymade Video Sharing Script 3.2 - HTML Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo:...
Joomla JEXTN Video Gallery 3.0.5 Component - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
Fortinet FortiClient VPN Credential Disclosure Vulnerability
FortiClient stores the VPN authentication credentials in a configuration file on Linux or Mac OSX or in registry on Windows. The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforemention...
Bus Booking Script 1.0 - txtname SQL Injection Vulnerability
Exploit for php platform in category web applications 0day.today 2018-01-01...
Paid To Read Script 2.0.5 - uid / fnum / fn SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps...
vBulletin 5 cacheTemplates Unauthenticated Remote Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as...
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkCo
Exploit for macOS platform in category dos / poc...
WordPress Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Vulnerab
Exploit for php platform in category web applications Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: email protected Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...
Vanguard 1.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Vanguard - Marketplace Digital Products PHP 1.4 - SQL Injection Dork: N/A Date: 11.12.2017 Vendor Homepage: https://www.codegrape.com/user/Vanguard/portfolio Software Link:...
Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 3
Exploit for macOS platform in category dos / poc is a pointer to a further arguments descriptor in userspace with the following structure on 32-bit: struct user32posixspawnargsdesc uint32t attrsize; / size of attributes block / uint32t attrp; / pointer to block / uint32t fileactionssize; / size o...
macOS necp_get_socket_attributes so_pcb Type Confusion Exploit
Exploit for macOS platform in category dos / poc MacOS sopcb type confusion in necpgetsocketattributes CVE-2017-13855 When setsockopt is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls...
macOS / iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is...
Basic Job Site Script 2.0.5 SQL Injection Vulnerability
Exploit for php platform in category web applications Ver Ayari 0day.today 2018-04-12...
Libraw 0.18.5 Denial Of Service Vulnerability
Libraw version 0.8.15 suffers from a denial of service vulnerability. ====================================================================== LibRaw Multiple Denial of Service Vulnerabilities ====================================================================== Table of Contents Affected...
macOS / iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in I
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the...
macOS getrusage Stack Leak Exploit
Exploit for macOS platform in category dos / poc MacOS getrusage stack leak through struct padding CVE-2017-13869 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int...
Joomla JBuildozer 1.4.1 Component - appid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JBuildozer 1.4.1 - SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://jbuildozer.com/ Software Link:...
Vanguard 1.4 Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Vanguard - Marketplace Digital Products PHP 1.4 - Arbitrary File Upload Dork: N/A Date: 11.12.2017 Vendor Homepage: https://www.codegrape.com/user/Vanguard/portfolio Software Link:...
Responsive Realestate Script 3.2 - property-list?tbud SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Responsive Realestate Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-realestate-script/ Version: 3.2...
Opensource Classified Ads Script 3.2 - SQL Injection Vulnerability
Exploit for php platform in category web applications 0day.today 2018-03-01...
Laundry Booking Script 1.0 - list?city SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Laundry Booking Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/laundry-booking-script/ Version: 1.0 Category: Webapps...