Clik here to view.
Kaltura Remote PHP Code Execution
This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server...
View ArticleClik here to view.
Sync Breeze Enterprise 9.5.16 Import Command Buffer Overflow
This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.MD5 |...
View ArticleClik here to view.
Professional Local Directory Script 1.0 - SQL Injection
EDB-ID: 43870Author: Ihsan SencanPublished: 2018-01-24CVE: CVE-2018-5973 Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Professional Local Directory Script 1.0 - SQL Injection # Dork:...
View ArticleClik here to view.
WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure
EDB-ID: 43872Author: ThreatPress SecurityPublished: 2018-01-24CVE: N/A Type: WebappsPlatform: PHPVulnerable App: # Google Dork: # Date: 2018-01-23 # Exploit Author: ThreatPress Security # Vendor...
View ArticleClik here to view.
RAVPower 2.000.056 - Root Remote Code Execution
EDB-ID: 43871Author: Daniele LinguaglossaPublished: 2018-01-24CVE: CVE-2018-5997 Type: RemotePlatform: HardwareVulnerable App: N/A # Exploit Title: RAVPower - remote root # Date: 23/01/2018 # Exploit...
View ArticleClik here to view.
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit)
EDB-ID: 43875Author: MetasploitPublished: 2018-01-24CVE: CVE-2017-7310 Type: LocalPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: # This module...
View ArticleClik here to view.
GoAhead Web Server - LD_PRELOAD Arbitrary Module Load (Metasploit)
EDB-ID: 43877Author: MetasploitPublished: 2018-01-24CVE: CVE-2017-17562 Type: RemotePlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: N/A # This module...
View ArticleClik here to view.
Kaltura - Remote PHP Code Execution over Cookie (Metasploit)
EDB-ID: 43876Author: MetasploitPublished: 2018-01-24CVE: CVE-2017-14143 Type: RemotePlatform: PHPAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: N/A # This module...
View ArticleClik here to view.
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape
EDB-ID: 43878Author: SecuriTeamPublished: 2018-01-24CVE: CVE-2018-2698 Type: LocalPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Blizzard Update Agent - JSON RPC DNS Rebinding
EDB-ID: 43879Author: Google Security ResearchPublished: 2018-01-23CVE: N/A Type: LocalPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A The agent utility creates an JSON...
View ArticleClik here to view.
Oracle VirtualBox Guest To Host Escape
Oracle VirtualBox versions prior to 5.1.30 and 5.2-rc1 suffer from a guest to host escape vulnerability.MD5 | f4883fbd65fd9c887b09bc14319f0e1dDownload# SSD Advisory a Oracle VirtualBox Multiple Guest...
View ArticleClik here to view.
MixPad 5.00 Buffer Overflow
MixPad version 5.00 suffers from a buffer overflow vulnerability.MD5 | a32d3a1768736554aa97dc28a11b2d03Download#!/usr/bin/python## Exploit Author: bzyo# Twitter: @bzyo_# Exploit Title: NCH Software...
View ArticleClik here to view.
RAVPower 2.000.056 Memory Disclosure
RAVPower version 2.000.056 suffers from a memory disclosure vulnerability.MD5 | 3f342c39101e7e911a25a0944f2accaeDownload"""# Exploit Title: RAVPower - remote stack disclosure# Date: 22/01/2018# Exploit...
View ArticleClik here to view.
WordPress Email Subscribers And Newsletters 3.4.7 Information Disclosure
WordPress Email Subscribers and Newsletters plugin version 3.4.7 suffers from an information disclosure vulnerability.MD5 | 74c7be672d0f561d60c3b5faaf2613cfDownload# Exploit Title: WordPress Plugin...
View ArticleClik here to view.
Professional Local Directory Script 1.0 SQL Injection
Professional Local Directory Script version 1.0 suffers from a remote SQL injection vulnerability.MD5 | d6361b679aaf7d70f8ac1ec7211ca878Download# # # # # # Exploit Title: Professional Local Directory...
View ArticleClik here to view.
Apache Hadoop YARN NodeManager Password Leak
In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete. The YARN NodeManager can leak the password for credential store provider used by the NodeManager to YARN...
View ArticleClik here to view.
RAVPower 2.000.056 Remote Root Code Execution
RAVPower version 2.000.056 suffers from a remote root code execution vulnerability.MD5 | 286d1b9d4db66d6981a29e5eeb654ba9Download"""# Exploit Title: RAVPower - remote root# Date: 23/01/2018# Exploit...
View ArticleClik here to view.
Evilgrade - The Update Exploitation Framework 2.0.9
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make...
View ArticleClik here to view.
AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution
EDB-ID: 43881Author: Pedro RibeiroPublished: 2018-01-22CVE: CVE-2018-5999... Type: RemotePlatform: HardwareAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A >> Discovered by Pedro...
View ArticleClik here to view.
Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77...
EDB-ID: 43890Author: Hashim JawadPublished: 2018-01-23CVE: N/A Type: ShellcodePlatform: Linux_x86Aliases: N/AAdvisory/Source: LinkTags: N/AShellcode: Download / View Raw Shellcode Size: 77 bytes...
View Article