Clik here to view.
Fortinet FortiClient VPN Credential Disclosure
FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the...
View ArticleClik here to view.
Joomla JBuildozer 1.4.1 SQL Injection
Joomla! JBuildozer component version 1.4.1 suffers from a remote SQL injection vulnerability.MD5 | b95d34e92c1cc7f5191068d8cde1471bDownload# # # # ## Exploit Title: Joomla! Component JBuildozer 1.4.1 -...
View ArticleClik here to view.
Accesspress Anonymous Post Pro Unauthenticated Arbitrary File Upload
Accesspress Anonymous Post Pro versions prior to 3.2.0 suffers from an arbitrary file upload vulnerability.MD5 | dc666e20199943e91f8df230dbe397fcDownload# Exploit Title: Unauthenticated Arbitrary File...
View ArticleClik here to view.
pfSense 2.4.1 CSRF Error Page Clickjacking
This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is...
View ArticleClik here to view.
Advantech WebAccess 8.2 Stack Buffer Overflow
This Metasploit module exploits a stack buffer overflow in Advantech WebAccess version 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary...
View ArticleClik here to view.
Dup Scout Enterprise 10.0.18 Buffer Overflow
This Metasploit module exploits a stack buffer overflow in Dup Scout Enterprise version 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access.MD5...
View ArticleClik here to view.
WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting
Wordpress Qiniu Cloudtuchuang (七牛云图床) plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.MD5 |...
View ArticleClik here to view.
WordPress WordApp Mobile 2.0.3 Cross Site Scripting
WordPress WordApp Mobile App plugin version 2.0.3 suffers from a cross site scripting vulnerability.MD5 | 8739d69174d052be36f4b526e019461bDownloadTitle: *WordPress WordApp Mobile App Plugin a Convert...
View ArticleClik here to view.
WordPress WooPay Inicis 1.1.3 Cross Site Scripting
WordPress WooPay Inicis plugin version 1.1.3 suffers from a cross site scripting vulnerability.MD5 | 32b4477a51f043e97d1f2a9ea2345ddbDownloadTitle: *WordPress WooPay a Inicis 1.1.3 Cross Site...
View ArticleClik here to view.
Microsoft Office DDE Payload Delivery
This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.MD5 |...
View ArticleClik here to view.
Bus Booking Script 1.0 - 'txtname' SQL Injection
EDB-ID: 43336Author: Ihsan SencanPublished: 2017-12-14CVE: CVE-2017-17645 Type: WebappsPlatform: PHPVulnerable App: N/A # # # # # # Exploit Title: Bus Booking Script 1.0 - SQL Injection # Dork: N/A #...
View ArticleClik here to view.
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
EDB-ID: 43337Author: AkityoPublished: 2017-12-14CVE: CVE-2017-10682 Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Piwigo <= 2.9.1 - 'cat_true'/'cat_false' SQL Injection # Dork: N/A...
View ArticleClik here to view.
IBM Support Tools for Lotus WCM CVE-2017-1536 Cross Site Scripting Vulnerability
IBM Support Tools for Lotus WCM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
View ArticleClik here to view.
Dup Scout Enterprise - Login Buffer Overflow (Metasploit)
EDB-ID: 43339Author: MetasploitPublished: 2017-12-14CVE: N/A Type: RemotePlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: # This module requires...
View ArticleClik here to view.
IBM Sterling File Gateway CVE-2017-1632 Cross Site Scripting Vulnerability
IBM Sterling File Gateway is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
View ArticleClik here to view.
Drupal Services Single Sign-On Client Module Cross Site Scripting Vulnerability
The Services Single Sign-On Client module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied text. An attacker may leverage this issue to...
View ArticleClik here to view.
Sync Breeze 10.2.12 - Denial of Service
EDB-ID: 43344Author: Manuel García CárdenasPublished: 2017-12-15CVE: CVE-2017-17088 Type: DosPlatform: WindowsVulnerable App: MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last...
View ArticleClik here to view.
Movie Guide 2.0 - SQL Injection
EDB-ID: 43346Author: Ihsan SencanPublished: 2017-12-15CVE: N/A Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: N/ATags: SQL Injection (SQLi)Vulnerable App: N/A # Exploit Title: Movie Guide 2.0 -...
View ArticleClik here to view.
ITGuard-Manager 0.0.0.1 Remote Command Execution
ITGuard-Manager version 0.0.0.1 suffers from a pre-authentication remote command execution vulnerability.MD5 | 48d3d8f91cfef30e61484bc35145eee4Download# Vulnerability Title: ITGuard-Manager V0.0.0.1...
View ArticleClik here to view.
WordPress Pinterest Badge 1.8.0 Cross Site Scripting
WordPress Pinterest Badge plugin version 1.8.0 suffers from a cross site scripting vulnerability.MD5 | be0616ede646b5b6c06ff210352d9033DownloadClass Input Validation ErrorRemote YesCredit Ricardo...
View Article