Clik here to view.
Liferay Portal < 7.0.4 - Server-Side Request Forgery
EDB-ID: 44945Author: Mehmet IncePublished: 2018-06-26CVE: N/A Type: WebappsPlatform: JavaVulnerable App: N/A ======================================== Title: Liferay Portal < 7.0.4 Blind Server-Side...
View ArticleClik here to view.
PoDoFo 0.9.5 - Buffer Overflow
EDB-ID: 44946Author: r4xisPublished: 2018-06-26CVE: CVE-2018-8002 Type: DosPlatform: LinuxVulnerable App: # Date: 25.06.2018 # Software Link: https://sourceforge.net/projects/podofo/ # Vuln Version:...
View ArticleClik here to view.
PHP 'ext/exif/exif.c' Denial of Service Vulnerability
PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users. PHP versions 7.2.0 through 7.2.7 are...
View ArticleClik here to view.
PoDoFo 0.9.5 Buffer Overflow
PoDoFo version 0.9.5 suffers from a buffer overflow vulnerability.MD5 | 8bfed571dcda975b809de00adc2768e4Download# Exploit Title: PoDoFo 0.9.5 - Stack-Based Buffer Overflow (PoC)# Date: 25.06.2018#...
View ArticleClik here to view.
Liferay Portal Server-Side Request Forgery
Liferay Portal versions prior to 7.0.4 suffer from a server-side request forgery vulnerability.MD5 | dd6d01a7688e9d716b44c10e42ef9b87Download1. ADVISORY...
View ArticleClik here to view.
Polaris Office 2017 8.1 Remote Code Execution
Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw...
View ArticleClik here to view.
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality...
View ArticleClik here to view.
Quest KACE Systems Management Command Injection
This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows...
View ArticleClik here to view.
WordPress 4.9.6 Arbitrary File Deletion
WordPress versions 4.9.6 and below suffer from an arbitrary file deletion vulnerability.MD5 | d270982093d7d25cd8bacdce78e4057bDownload# Exploit Title: Wordpress <= 4.9.6 Arbitrary File Deletion...
View ArticleClik here to view.
PRTG Command Injection
PRTG versions prior to 18.2.39 suffer from a command execution vulnerability.MD5 | 67b04fa01d539a4d7c74c577383da5d5DownloadBugtraq,I (Josh Berry) discovered an authenticated command injection...
View ArticleClik here to view.
HPE VAN SDN 2.7.18.0503 - Remote Root
EDB-ID: 44951Author: KoreLogicPublished: 2018-06-27CVE: N/A Type: WebappsPlatform: LinuxAliases: N/AAdvisory/Source: LinkTags: Authentication Bypass / Credentials Bypass (AB/CB)Vulnerable App: N/A...
View ArticleClik here to view.
Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
EDB-ID: 44949Author: VulnSpyPublished: 2018-06-27CVE: N/A Type: WebappsPlatform: PHPAliases: N/ATags: N/AVulnerable App: N/A # Date: 2018-06-27 # Exploit Author: VulnSpy # Vendor Homepage:...
View ArticleClik here to view.
Quest KACE Systems Management - Command Injection (Metasploit)
EDB-ID: 44950Author: MetasploitPublished: 2018-06-27CVE: CVE-2018-11138 Type: RemotePlatform: UnixAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF), Command Injection, RemoteVulnerable...
View ArticleClik here to view.
Joomla! Core CVE-2018-12712 Local File Include Vulnerability
Joomla! Core is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...
View ArticleClik here to view.
InPage '.inp' File Parser Remote Code Execution Vulnerability
InPage is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a...
View ArticleClik here to view.
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
EDB-ID: 44952Author: bay0netPublished: 2018-06-28CVE: CVE-2018-12739 Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 2018-06-25 # Exploit Author: bay0net # Vendor Homepage:...
View ArticleClik here to view.
hycus CMS 1.0.4 - Authentication Bypass
EDB-ID: 44954Author: Berk DusunurPublished: 2018-06-28CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Google Dork:N/A # Date: 28.06.2018 # Exploit Author: Berk Dusunur # Vendor Homepage:...
View ArticleClik here to view.
HongCMS 3.0.0 - SQL Injection
EDB-ID: 44953Author: HzllagaPublished: 2018-06-28CVE: CVE-2018-12912 Type: WebappsPlatform: PHPVulnerable App: N/A # Google Dork: [if applicable] # Date: 2018/06/26 # Exploit Author: Hzllaga # Vendor...
View ArticleClik here to view.
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
EDB-ID: 44955Author: Adipta BasuPublished: 2018-06-28CVE: N/A Type: WebappsPlatform: HardwareVulnerable App: N/A # Date: 2018-06-25 # Vendor Homepage: http://www.digisol.com # Hardware Link:...
View ArticleClik here to view.
Xen CVE-2018-12892 Local Security Bypass Vulnerability
Xen is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.Xen 4.7 and later are vulnerable....
View Article