Clik here to view.
Core FTP LE 2.2 Buffer Overflow
Core FTP LE version 2.2 buffer overflow proof of concept exploit.MD5 | 9374afe7a9fa94be48ccc3512a486640Download# Exploit Title: Core FTP LE 2.2 - Buffer Overflow (PoC)# Date: 2018-06-28# Exploit...
View ArticleClik here to view.
Dolibarr ERP CRM 7.0.3 Code Injection
Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.MD5 | c3c0b8993ddf32695f9afefe4a832269Download# Exploit Title: Unauthenticated Remote Code Evaluation in...
View ArticleClik here to view.
DAMICMS 6.0.0 Cross Site Request Forgery
DAMICMS version 6.0.0 suffers from an add administrator cross site request forgery vulnerability.MD5 | e3829f2034d656b4cbfaf68599c29175Download<!--# Exploit Title: DAMICMS 6.0.0 - Cross-Site Request...
View ArticleClik here to view.
Linux/x86 Execve /bin/cat /etc/passwd Shellcode
37 bytes small Linux/x86 execve /bin/cat /etc/passwd shellcode.MD5 | 4d27f629e415202443486cfadf82494bDownload/*# Linux/x86 - execve /bin/cat /etc//passwd shellcode (37 bytes)# Author: Anurag...
View ArticleClik here to view.
Axis Cameras Authorization Bypass / Unrestricted Access / Command Injection
Axis Cameras suffer from authorization bypass, unrestricted dbus access, command injection, denial of service, and information disclosure vulnerabilities.MD5 |...
View ArticleClik here to view.
EMC ECS S3 Authentication Bypass
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying...
View ArticleClik here to view.
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly...
View ArticleClik here to view.
WeChat Pay SDK XXE Injection
The WePay Chat SDK suffers from an XML external entity injection vulnerability.MD5 | d342061025f7c5d2655f550f549bb5daDownloadHi List,[Title]XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant...
View ArticleClik here to view.
extjs getTip() Cross Site Scripting
extjs versions prior to 6.6.0 suffer from a cross site scripting vulnerability.MD5 | 6918d7270bd31d8743adad33428062bcDownloadA XSS vulnerability exists in the getTip() method of Action Columns.The Ext...
View ArticleClik here to view.
ntop-ng Authentication Bypass
ntop-ng versions prior to 3.4.180617 suffer from a deterministic session ID vulnerability.MD5 | 04275f6faa506014249ae19f4b73f191Download# Vulnerability title: ntop-ng < 3.4.180617 - Authentication...
View ArticleClik here to view.
D-Link DIR-890L A2 Improper Access Control
An issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an...
View ArticleClik here to view.
NuCom NC-WR644GACV Unauthenticated Configuration File Download
NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials.MD5 |...
View ArticleClik here to view.
openslp 2.0.0 Double Free
An issue was found in openslp version 2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's doubly-linked memory chunk list. An exploit in included in the...
View ArticleClik here to view.
Microsoft Windows Kernel (win32k.sys) Local Denial Of Service
Microsoft Windows Kernel (win32k.sys) suffers from a local denial of service null pointer vulnerability in NtUserConsoleControl.MD5 | 3fd18ac6710b6c0e6ed7b3cfb9170e55DownloadHello,It is possible to...
View ArticleClik here to view.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities.MD5 | b4faef1ad16b321741447e57a22a0b31DownloadProduct: OX App...
View ArticleClik here to view.
Boxoft WAV To MP3 Converter 1.1 Buffer Overflow
This Metasploit module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter versions 1.0 and 1.1. By constructing a specially crafted WAV file and attempting to convert it to an MP3 file in...
View ArticleClik here to view.
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
EDB-ID: 44968Author: MetasploitPublished: 2018-07-02CVE: CVE-2018-7573 Type: RemotePlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: # This module...
View ArticleClik here to view.
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)
EDB-ID: 44969Author: MetasploitPublished: 2018-07-02CVE: CVE-2018-8733... Type: RemotePlatform: LinuxAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF), SQL Injection (SQLi),...
View ArticleClik here to view.
ModSecurity 3.0.0 - Cross-Site Scripting
EDB-ID: 44970Author: Adipta BasuPublished: 2018-07-03CVE: N/A Type: WebappsPlatform: LinuxVulnerable App: N/A # Date: 2018-07-02 # Vendor Homepage: https://www.modsecurity.org # Software: ModSecurity #...
View ArticleClik here to view.
GNU Mailman CVE-2018-5950 Cross Site Scripting Vulnerability
GNU Mailman is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the...
View Article