The Latest Infosec News, Tools, and Exploits – Got Root?
Exploit Title: SQL Injection Vulnerability in Issue Trak <= 7.0 (Possibly applicable up to version 9.7) Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; <= 7.0 extremely likely; up to 9.7 very likely Google Dork: […]
# Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 – Cross-Site Scripting # Date: 5/25/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 # Version: 1.0.2 # Tested on: Ubuntu […]
# Exploit Title: Pivotal Spring Java Framework < 5.0 – Remote Code Execution # Date: 2018-05-28 # Exploit Author: JameelNabbo # Website: jameelnabbo.com <http://jameelnabbo.com/> # Vendor Homepage: # https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development # CVE: CVE: CVE-2018-1270 # Version: […]
# Exploit Title: Facebook Clone Script 1.0.5 – ‘search’ SQL Injection # Date: 2018-05-29 # Exploit Author: L0RD # Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ # Version: 1.0.5 # Tested on: Win 10 # POC : SQLi : […]
# Exploit Title: Facebook Clone Script 1.0.5 – Cross-Site Request Forgery # Date: 2018-05-29 # Exploit Author: L0RD # Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ # Version: 1.0.5 # Tested on: Win 10 # Description : # Facebook […]
# Exploit: CloudMe Sync < 1.11.0 – Buffer Overflow (SEH) (DEP Bypass) # Date: 2018-05-27 # Author: Juan Prescotto # Tested Against: Win7 Pro SP1 64 bit # Software Download: https://www.cloudme.com/downloads/CloudMe_1109.exe # Tested Against Version: […]
# Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution # Google Dork: N/A # Date: 27/05/2018 # Exploit Author: Corrado Liotta # Vendor Homepage: https://www.bitmain.com/ # Software Link: N/A # […]
# Exploit Title: Honeywell XL Web Controller – Cross-Site Scripting # Date: 2018-05-24 # Exploit Author: t4rkd3vilz # Vendor Homepage: https://www.honeywell.com # Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB # 104 […]
# Exploit Title: WordPress Plugin Peugeot Music – Arbitrary File Upload # Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ # Date: 2018-05-23 # Exploit Author: Mr.7z # Vendor Homepage: – # Software Link: – # Version: 1.0 # Tested […]
# Exploit Title: Easy File Uploader 1.7 – SQL Injection / Cross-Site Scripting # Dork: N/A # Date: 22.05.2018 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) # Vendor Homepage: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 # Version: 1.4 / fourth […]
