Clik here to view.
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated...
EDB-ID: 44550Author: WadeekPublished: 2018-04-26CVE: N/A Type: WebappsPlatform: HardwareVulnerable App: N/A # Date: 25/04/2018 # Exploit Author: Wadeek # Vendor Homepage: https://www.tp-link.com/ #...
View ArticleClik here to view.
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)
EDB-ID: 44549Author: T3jv1lPublished: 2018-04-26CVE: N/A Type: LocalPlatform: WindowsAliases: N/AAdvisory/Source: N/ATags: LocalVulnerable App: # Exploit Title: Allok AVI to DVD SVCD VCD Converter...
View ArticleClik here to view.
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
EDB-ID: 44547Author: 0xB9Published: 2018-04-26CVE: CVE-2018-10365 Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: N/ATags: Cross-Site Scripting (XSS)Vulnerable App: # Date: 3/15/2018 # Author:...
View ArticleClik here to view.
GitList 0.6 - Unauthenticated Remote Code Execution
EDB-ID: 44548Author: Kacper SzurekPublished: 2018-04-26CVE: N/A Type: WebappsPlatform: PHPVulnerable App: # Exploit Title: GitList 0.6 Unauthenticated RCE # Date: 25-04-2018 # Software Link:...
View ArticleClik here to view.
Google Chrome V8 Arrow Function Scope Fixing Bug
Google Chrome V8 suffers from an arrow function scope fixing bug.MD5 | 4d52efa2602d737aaf7180cc2543c06cDownloadChrome: V8: Arrow function scope fixing bug When the parser parses the parameter list of...
View ArticleClik here to view.
Shopy Point Of Sale 1.0 CSV Injection
Shopy Point of Sale version 1.0 suffers from a CSV injection vulnerability.MD5 | 7855a57d261ff255255a3b991a38bb48Download# Exploit Title: Shopy Point of Sale v1.0 - CSV Injection# Date: 2018-04-23#...
View ArticleClik here to view.
Blog Master Pro 1.0 CSV Injection
Blog Master Pro version 1.0 suffers from a CSV injection vulnerability.MD5 | a1d7f97ae6739beb6ef47629f66a7eaaDownload# Exploit Title: Blog Master Pro v1.0 - CSV Injection# Date: 2018-04-23# Exploit...
View ArticleClik here to view.
HRSALE The Ultimate HRM 1.0.2 CSV Injection
HRSALE The Ultimate HRM version 1.0.2 suffers from a CSV injection vulnerability.MD5 | 10a6a695426e8a25578ed2794f5f5fdbDownload# Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection# Date:...
View ArticleClik here to view.
Nintendo Switch / Nvidia Fusee Gelee Disclosure
This report documents Fusee Gelee, a coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line...
View ArticleClik here to view.
HRSALE The Ultimate HRM 1.0.2 SQL Injection
HRSALE The Ultimate HRM version 1.0.2 suffers from a remote SQL injection vulnerability.MD5 | 6569018432ec37264d5e3000e1b9ba11Download# Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL...
View ArticleClik here to view.
Sitecore.NET 8.1 Directory Traversal
Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.MD5 | 198b808f312fadbed9f8a2a7c4f5beccDownloadSitecore Directory Traversal VulnerabilityCVE-2018-7669 (reserved)An issue was...
View ArticleClik here to view.
hik-connect.com / ezvizlife.com Authentication Bypass
A lack of validation on cookie values allows you to login as any user on hik-connect.com and ezvizlife.com.MD5 | 26e5d7a4fa6f6af98e44e28fff7402faDownloadThere is a full write up of this bug here:...
View ArticleClik here to view.
October CMS User 1.4.5 Cross Site Scripting
October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.MD5 | a9597814bcfd719c08bbaa332563beeaDownload# Exploit Title: October CMS User Plugin v1.4.5 -...
View ArticleClik here to view.
SickRage Credential Disclosure
SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.MD5 | 98abab617b810c5647b3686d23143970Download# Exploit Title: SickRage < v2018.03.09 - Clear-Text Credentials...
View ArticleClik here to view.
WordPress WP With Spritz 1.0 File Inclusion
WordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.MD5 | ed2195b2eaed6e52a28f0a301e44cb86Download# Exploit Title: WordPress Plugin WP with Spritz...
View ArticleClik here to view.
Jfrog Artifactory Code Execution / Shell Upload
Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.MD5 | dc65bc67fb5a4cdd39a3ef7d94a10ce6Download# Exploit Title:...
View ArticleClik here to view.
Drupal drupgeddon3 Remote Code Execution
This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.MD5 |...
View ArticleClik here to view.
HRSALE The Ultimate HRM 1.0.2 Local File Inclusion
HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.MD5 | e6040929e102625a337987f30072da4cDownload# Exploit Title: HRSALE The Ultimate HRM v1.0.2 - Local File...
View ArticleClik here to view.
HRSALE The Ultimate HRM 1.0.2 Cross Site Scripting
HRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.MD5 | 99b5f4f3d0fea051e03aa7c5af9d1642Download# Exploit Title: HRSALE The Ultimate HRM 1.0.2 - Authenticated...
View ArticleClik here to view.
Google Chrome V8 AwaitedPromise Update Bug
Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the...
View Article