39001 matches found
Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks Exploit
Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks...
Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks Exploit
Noise-Java suffers from an issue located in the ChaChaPolyCipherState.encryptWithAd method defined in ChaChaPolyCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were fou...
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks Exploit
Noise-Java suffers from an issue located in the AESGCMOnCtrCipherState.encryptWithAd method defined in AESGCMOnCtrCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were...
Nord VPN 6.31.13.0 - (nordvpn-service) Unquoted Service Path Vulnerability
Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path Discovery by: chipo Vendor Homepage: https://nordvpn.com Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Tested Version: 6.31.13.0 Tested on OS: Windows 10 Pro x64 es...
BarracudaDrive v6.5 - Insecure Folder Permissions Vulnerability
Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Tested On: Windows 10 Pro CVSS Base...
COVR 3902 1.01B0 Hardcoded Credentials Vulnerability
Title: Telnet Hardcoded Credentials Summary: The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data Affected Firmware: COVR-3902REVAROUTERFIRMWAREv1.01B0 CV...
Sagemcom F@ST 5280 Privilege Escalation Vulnerability
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the...
Kamailio 5.4.0 Header Smuggling Exploit
Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of removehf. Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date &...
Apache2 mod_proxy_uwsgi Incorrect Request Handling Exploit
Apache2 suffers from an incorrect handling of large requests issue in modproxyuwsgi. Apache2: Incorrect handling of large requests in modproxyuwsgi modproxyuwsgi as included in current versions of Apache httpd incorrectly handles large HTTP requests. The UWSGI line protocol uses uint16t length...
TP-Link WDR4300 Remote Code Execution Exploit
TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit. !/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using...
BlazeDVD 7.0 Professional - (.plf) Local Buffer Overflow (SEH/ASLR/DEP) Exploit
Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...
MikroTik RouterOS Memory Corruption / NULL Pointer Dereference Vulnerbilities
MikroTik RouterOS suffers from NULL pointer dereference, memory corruption and division by zero vulnerabilities. Advisory: three vulnerabilities found in MikroTik's RouterOS Details ======= MikroTik RouterOS Memory Corruption / NULL Pointer Dereference Vulnerbilities Product: MikroTik's RouterOS...
Eikon Thomson Reuters 4.0.42144 File Permissions Vulnerability
Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution. ======================================================================= title: Extensive file permissions on service executable product: Eikon Thomson Reuters vulnerable version: 4.0.421...
ASX to MP3 converter 3.1.3.7.2010.11.05 - (.wax) Local Buffer Overflow (DEP,ASLR Bypass) Exploit
Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...
SUPERAntiSpyware Professional X Trial Privilege Escalation Vulnerability
Exploit Title: SUPERAntiSpyware Professional X Trial 10.0.1206 Local Privilege Escalation Date: 2020-08-28 Exploit Author: b1nary Vendor Homepage: https://www.superantispyware.com/ Software Link: https://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE Version: 10.0.1206 lowe...
Linux CoW Incorrect Access Grant Exploit
A Linux copy-on-write issue can wrongly grant write access. Linux: CoW can wrongly grant write access because of pinned references or THP bug I've stumbled over two ways in which copy-on-write of anonymous memory after fork is currently broken: Page references through the page refcount and a bug ...
Linux/x86 reverse TCP Shellcode (84 bytes)
Title: Linux/x86 - Reverse TCP Shellcode 84 bytes Author: Xenofon Vassilakopoulos Tested on: Linux 3.13.0-32-generic 57precise1-Ubuntu i686 i386 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 84 bytes SLAE-ID: SLAE - 1314 --------------------- Reverse Shellcode ---------------------...
Chrome NewFixedArray Missing Array Size Check Vulnerability
Chrome suffers from a missing array size check in NewFixedArray. Chrome: Missing array size check in NewFixedArray VULNERABILITY DETAILS V8 caps the number of elements a fixed array can contain1. Most of the code that needs to create or resize a fast JS array i.e. one that's backed by a fixed arr...
Ericom Access Server 9.2.0 Server-Side Request Forgery Exploit
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target...
Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal Vulnerability
Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter...
Seowon SlC 130 Router - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link:...
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover Exploit
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object part of ActionScript object graphs, effectively elevating to an administrative role or...
Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Exploit
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoin...
Complaint Management System 1.0 - (cid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Complaint Management System 1.0 - 'cid' SQL Injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...
Linux/x86 execve /bin/sh Shellcode (10 bytes)
Exploit Title: Linux/x86 - execve "/bin/sh" 10 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 10 SLAE-id : Purchased | email protected Reference :...
vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' = %q This module exploits a PHP...
Linux/x86 /dev/sda Partition Wiping Shellcode (35 bytes)
Exploit Title: Linux/x86 - Shred /dev/sda wipe partition Shellcode 35 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 35 SLAE-id : Purchased | email protected ; Descripti...
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vulnerability
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability. Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass Vulnerability
Exploit for php platform in category web applications Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura...
PNPSCADA 2.200816204020 - (interf) SQL Injection (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ----------------------...
Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ruijie Networks Switch eWeb S29RGOS 11.4 - Directory Traversal Exploit Author: Tuygun Vendor Homepage: https://www.ruijienetworks.com/ Version: eWeb S29RGOS 11.41B12P11 Source : https://faruktuygun.com/directorytraversal.ht...
ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Exploit Author: Enes Özeser Vendor Homepage: https://www.elkarbackup.org/ Version: 1.3.3 Tested on: Linux 1- Go to following url. http://HOST/elkarbackup/login 2- Default...
Pharmacy Medical Store And Sale Point 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...
PAC Bypass Due To Unprotected Function Pointer Imports Exploit
PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers as well as some data pointers at runtime. However, it seems that imports of function pointers from shared libraries in...
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit
Exploit for php platform in category web applications !/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link:...
Savsoft Quiz 5 - Stored Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10...
Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...
vBulletin 5.6.2 Persistent Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...
XenForo 2.1.10 Patch 2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: XenForo v2.1.10 Patch 2 Stored XSS Author: Vincent666 ibn Winnie Software Link: https://xenforo.com/demo/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog :https://pentest-vincent.blogspot.com/ PoC...
Apache OFBiz XML-RPC Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04. This module requires Metasploit: https://metasploit.com/download Current source:...
D-Link Central WiFi Manager CWM(100) Remote Code Execution Exploit
This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes i...
Tailor Management System 1.0 Persistent Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Tailor Management System 1.0 - Stored Cross-Site Scripting Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...
Geutebruck testaction.cgi Remote Command Execution Exploit
This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 'Geutebruck...
Microsoft SharePoint Server 2019 - Remote Code Execution Exploit
Exploit for asp platform in category web applications Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013...
Safari Webkit For iOS 7.1.2 JIT Optimization Bug Exploit
This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we...
QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability
QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for...
Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Vulnerabilities
Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen@cq674350529 of Qihoo 360 Nirvan Team Product Description ================== Router...
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability
Exploit for hardware platform in category web applications QiHang Media Web QH.aspx Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected...
Avian JVM 1.2.0 Integer Overflow Exploit
Vulnerability title: Avian JVM vm::arrayCopy Multiple Integer Overflows Author: Pietro Oliva CVE: CVE-2020-17360 Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 Description: The issue is located in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks...
QiHang Media Web Digital Signage 3.0.9 Password Disclosure Vulnerability
QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital Signage 3.0.9...