Clik here to view.
IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)
EDB-ID: 42969Author: Dhiraj MishraPublished: 2017-08-31CVE: CVE-2017-1129 Type: DosPlatform: MultipleVulnerable App: N/A # This module requires Metasploit: https://metasploit.com/download # Current...
View ArticleClik here to view.
Complain Management System - Hard-Coded Credentials / Blind SQL injection
EDB-ID: 42968Author: havysecPublished: 2017-10-10CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 10 October 2017 # Exploit Author: havysec # Tested on: ubuntu14.04 # Vendor:...
View ArticleClik here to view.
SAP Customer Relationship Management Mail Form Editor Cross Site Scripting...
SAP Customer Relationship Management Mail Form Editor is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can...
View ArticleClik here to view.
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
EDB-ID: 42963Author: Nitesh ShilpkarPublished: 2017-10-08CVE: CVE-2017-15083 Type: LocalPlatform: WindowsVulnerable App: N/A head ='''<ASX version="3.0"> <Entry> <REF...
View ArticleClik here to view.
GNU Binutils CVE-2017-14939 Remote Denial of Service Vulnerability
GNU Binutils is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application and cause denial-of-service conditions. Due to the nature of this issue, arbitrary...
View ArticleClik here to view.
Microsoft Office CVE-2017-11826 Memory Corruption Vulnerability
Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts...
View ArticleClik here to view.
ASX To MP3 Converter Stack Overflow
ASX to MP3 Converter versions prior to 3.1.3.7 stack overflow exploit with DEP bypass.MD5 | c5d7007bce65ee8f97c18b091f2df3d7Downloadimport struct,syshead ='''<ASX...
View ArticleClik here to view.
Complain Management System Hard-Coded Credentials / Blind SQL Injection
Complain Management System suffers from hard-coded credential and remote SQL injection vulnerabilities.MD5 | 9af494e55a63fec97928ca50389390f8Download# Exploit Title : Complain Management System Blind...
View ArticleClik here to view.
ClipShare 7.0 SQL Injection
ClipShare version 7.0 suffers from a remote SQL injection vulnerability.MD5 | f2c821803858b7b12b3fd9bdd30c4f96Download# Exploit Title: ClipShare v7.0 - SQL Injection# Date: 2017-10-09# Exploit Author:...
View ArticleClik here to view.
Apache Tomcat Upload Bypass / Remote Code Execution
Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.MD5 | ac239efa7275e96eb4acae25202a5546Download#!/usr/bin/pythonimport requestsimport...
View ArticleClik here to view.
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution
ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.MD5 | 09c12eb4a5e480b1ceb5f94f48af3943DownloadUsing an Esri-provided image on...
View ArticleClik here to view.
PostgreSQL 10 Installer For Windows DLL Hijacking
The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.MD5 | f46c2b1ad8a1d5e4276cb73262711868DownloadHi @ll,the executable installers of PostgreSQL 10 for Windows,1....
View ArticleClik here to view.
Subaru Keyfob Predictable Code
Subaru's suffer from an issue where the rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. An attacker can 'clone' the keyfob and,...
View ArticleClik here to view.
IBM Notes 8.5 / 9.0 encodeURI Denial Of Service
IBM Notes versions 8.5 and 9.0 encodeURI denial of service exploit.MD5 | 4a6f94a511ddc2e93499393749dd965cDownload#Here is an MSF Module for CVE-2017-1129### This module requires Metasploit:...
View ArticleClik here to view.
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
WordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.MD5 | 7fd157269cba46da602667f332d87998DownloadClass Input Validation ErrorRemote YesReflected...
View ArticleClik here to view.
WordPress Simple Login Log 1.1.1 SQL Injection
WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.MD5 | 80eca9af5e5ecacd33c8d526809fd7a8DownloadA A A A A A A A A A A A DefenseCode ThunderScan...
View ArticleClik here to view.
WordPress Ad Widget 2.10.0 Local File Inclusion
WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.MD5 | a02c1bb177145fdea032f28a60278396DownloadA A A A A A A A A A A A A DefenseCode ThunderScan...
View ArticleClik here to view.
Trend Micro OfficeScan Remote Code Execution
This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user....
View ArticleClik here to view.
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
EDB-ID: 42971Author: Mehmet IncePublished: 2017-10-11CVE: CVE-2017-11394 Type: WebappsPlatform: PHPVulnerable App: N/A # This module requires Metasploit: http://metasploit.com/download # Current...
View ArticleClik here to view.
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code...
EDB-ID: 42972Author: Mehmet IncePublished: 2017-10-11CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # This module requires Metasploit: http://metasploit.com/download # Current source:...
View Article