The Latest Infosec News, Tools, and Exploits – Got Root?
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/POLARISOFFICE-2017-v8-REMOTE-CODE-EXECUTION.txt [+] ISR: Apparition Security Vendor: ============= www.polarisoffice.com Product: =========== PolarisOffice 2017 v8 Polaris Document Solution is an integrated solution for corporate document life […]
# Exploit Title: Online Trade 1 – Information Disclosure # Date: 2018-07-03 # Exploit Author: L0RD # Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?s_rank=14 # CVE: CVE-2018-12908 # Version: 1 # Tested on: Win 10 ======================================= # Description : […]
# Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =<7.0.3 # Date: 06/29/2018 # Exploit Author: om3rcitak – https://omercitak.com # Vendor Homepage: https://dolibarr.org # Software Link: https://github.com/Dolibarr/dolibarr # Version: =<7.0.3 # Tested on: […]
# Exploit Title: DAMICMS 6.0.0 – Cross-Site Request Forgery (Add Admin) # Date: 2018-06-30 # Exploit Author: bay0net # Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9248562.html # Software Link: https://www.damicms.com/Down# # Version: DAMICMS_V6.0.0 # CVE : N/A # DamiCMS […]
# Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud # Date: 2018-06-29 # Exploit Author: paragonsec @ Critical Start # Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start […]
* Vulnerability: Authenticated Blind Command Injection * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Patched Version: None ##### Overview The ping and traceroute functionalities allow for OS […]
# Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass # Exploit Author: Berk Dusunur # Vendor Homepage: http://www.hycus.com/ # Software Link: http://demosite.center/hycus/ # Version: 1.0.4 # Tested on: Pardus / Debian Web Server […]
Cisco Adaptive Security Appliance – Path Traversal (CVE-2018-0296) A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability […]
Exploit Title: HongCMS 3.0.0 – SQL Injection Google Dork: [if applicable] Date: 2018/06/26 Exploit Author: Hzllaga Software Link: https://github.com/Neeke/HongCMS/ Version: 3.0.0 Tested on: php5.4 mysql5 CVE : CVE-2018-12912 POC (Administrator Privilege): [su_quote] /admin/index.php/database/operate?dbaction=emptytable&tablename=hong_vvc%60%20where%20vvcid%3D1%20or%20updatexml%282%2Cconcat%280x7e%2C%28version%28%29%29%29%2C0%29%20or%20%60[/su_quote]
Title: Liferay Portal < 7.0.4 Blind Server-Side Request Forgery Application: osTicket Remotely Exploitable: Yes Authentication Required: NO Versions Affected: <= 7.0.4 Technology: Java Vendor URL: liferay.com Date of found: 04 December 2017 Disclosure: 25 June […]
