Clik here to view.
MEDHOST Connex Hardcoded Password
MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access.MD5 |...
View ArticleClik here to view.
iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation
EDB-ID: 42407Author: Google Security ResearchPublished: 2017-08-01CVE: CVE-2017-7047 Type: LocalPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A When XPC serializes large...
View ArticleClik here to view.
libmad 0.15.1b - 'mp3' Memory Corruption
EDB-ID: 42409Author: qflb.wuPublished: 2017-08-01CVE: CVE-2017-11552 Type: DosPlatform: LinuxAliases: N/AAdvisory/Source: N/ATags: Denial of Service (DoS)Vulnerable App: N/A ================ Author :...
View ArticleClik here to view.
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
EDB-ID: 42408Author: Andy TanPublished: 2017-08-01CVE: CVE-2017-11494 Type: WebappsPlatform: HardwareAliases: N/AAdvisory/Source: N/ATags: Credentials Bypass aka Admin Bypass AKA Auth Bypass...
View ArticleClik here to view.
VehicleWorkshop Authentication Bypass / SQL Injection
VehicleWorkshop suffers from a remote SQL injection vulnerability that allows for authentication bypass.MD5 | 64764044ccdef8622fdfc659f7902ff2Download[*] Type: Admin or Customer login bypass via SQL...
View ArticleClik here to view.
Microsoft Windows LNK Shortcut File Code Execution
This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020...
View ArticleClik here to view.
VehicleWorkshop Arbitrary File Upload
VehicleWorkshop suffers from a remote file upload vulnerability.MD5 | 711f39a07eb8caa7b24fb3d075b31bb8Download# Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload# Exploit Author:...
View ArticleClik here to view.
SOL.Connect ISET-mpp Meter 1.2.4.2 SQL Injection
SOL.Connect ISET-mpp meter version 1.2.4.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.MD5 | d40e7347505a93e02228175bfe382feeDownloadVulnerability type: SQL...
View ArticleClik here to view.
Advantech SUSIAccess 3.0 Directory Traversal / Information Disclosure
This Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server...
View ArticleClik here to view.
macOS / iOS xpc_data Objects Sandbox Escapes
macOS and iOS sandbox escapes and privilege escalation vulnerabilities exist due to unexpected shared memory-backed xpc_data objects.MD5 |...
View ArticleClik here to view.
Advantech SUSIAccess 3.0 File Upload
Advantech SUSIAccess versions 3.0 and below suffers from a RecoveryMgmt file upload vulnerability.MD5 | 7bdeef14532b16a57b5c3958af561cf9Download#! /usr/bin/env ruby=beginExploit Title: Advantech...
View ArticleClik here to view.
Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution
This Metasploit module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file...
View ArticleClik here to view.
Nmap Port Scanner 7.60
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be...
View ArticleClik here to view.
Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service
EDB-ID: 42411Author: Guillaume KaddouchPublished: 2017-08-01CVE: N/A Type: DosPlatform: WindowsVulnerable App: # Date: 26/05/2017 # Exploit Author: Guillaume Kaddouch # Twitter: @gkweb76 # Blog:...
View ArticleClik here to view.
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection
EDB-ID: 42415Author: Ihsan SencanPublished: 2017-08-02CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Joomla! Component LMS King Professional v3.2.4.0 - SQL Injection # Dork:...
View ArticleClik here to view.
Entrepreneur B2B Script - 'pid' Parameter SQL Injection
EDB-ID: 42412Author: Meisam MonsefPublished: 2017-08-02CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 2017-08-02 # Exploit Author: Meisam Monsef meisamrce@yahoo.com or...
View ArticleClik here to view.
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection
EDB-ID: 42417Author: Ihsan SencanPublished: 2017-08-02CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Joomla! Component Ultimate Property Listing v1.0.2 - SQL Injection # Dork:...
View ArticleClik here to view.
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection
EDB-ID: 42413Author: Ihsan SencanPublished: 2017-08-02CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Joomla! Component SIMGenealogy v2.1.5 - SQL Injection # Dork: N/A # Date:...
View ArticleClik here to view.
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection
EDB-ID: 42414Author: Ihsan SencanPublished: 2017-08-02CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection # Dork: N/A # Date:...
View ArticleClik here to view.
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection
EDB-ID: 42416Author: Ihsan SencanPublished: 2017-08-02CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Exploit Title: Joomla! Component Event Registration Pro Calendar v4.1.3 - SQL Injection #...
View Article