Lenovo Mouse Suite Escalation of Privileges

Lenovo Security Advisory: LEN-2015-066 Potential Impact: Escalation of Privileges Severity: High Summary: A user with local privileges may be able to run files as an administrator in Lenovo Mouse Suite included with ThinkPad Precision Wireless Mouse –part number 0B47161. Description: The Lenovo...

ISPConfig 3.0.5 Cross Site Request Forgery

!-- tanks: Dr Ms Jk - n1arash - Milad Hacking - malahsky...

Multiple Vulnerabilities in Easy Hosting Control Panel

Easy Hosting Control Panel EHCP is an open source site management panel. There are arbitrary file upload vulnerabilities and information leakage vulnerabilities in EHCP, which can be exploited by attackers to upload and run arbitrary code in the web server process to obtain sensitive information...

KLA10896 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer & Edge. For details look at KLA10830. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: don’t click a link in an email message or...

PT-2016-07: Unauthorized Access in Vesta Control Panel

The specialists of the Positive Research center have detected an Unauthorized Access vulnerability in Vesta Control Panel. Directory /web/filemanager/ contains scenarios which perform file manager operations in control panel. Scenario files.php lacks active user session checking that allows...

Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)

Exploit for windows platform in category remote exploits Exploit Title: Microsoft Windows Media Center .MCL File Processing Remote Code Execution Vulnerability MS16-059 Date: May 11th, 2016 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com Version: All prior to May...

KLA10810 Code execution vulnerabilities in Adobe Flash Player

Type confusion, use-after-free, buffer overflow, memory corruption and unsafe search path vulnerabilities were found in Adobe Flash Player. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely. Technical details To update...

Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)

Exploit Title: Microsoft Windows Media Center .MCL File Processing Remote Code Execution Vulnerability MS16-059 Date: May 11th, 2016 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com Version: All prior to May 10th, 2016 update. Tested on: Windows Media Center running ...

Vesta Control Panel Cross-Site Scripting Vulnerability

Vesta Control Panel is an open source web hosting control panel. Vesta Control Panel suffers from a cross-site scripting vulnerability that could be exploited by attackers to conduct cross-site scripting attacks...

DirectAdmin Control Panel 1.50.0 Cross Site Scripting

@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...

DirectAdmin 1.491 Cross Site Request Forgery

============================================================================= Title : DirectAdmin 1.491 CSRF Vulnerability Date : 27-10-2014 updated 18-02-2016 Version : =1.491 Author : Necmettin COSKUN =@babayarisi Blog :http://ha.cker.io Vendor : http://www.directadmin.com/ Download:...

DirectAdmin 1.491 - Cross-Site Request Forgery

DirectAdmin 1.491 - Cross-Site Request Forgery ============================================================================= Title : DirectAdmin 1.491 CSRF Vulnerability Date : 27-10-2014 updated 18-02-2016 Version : =1.491 Author : Necmettin COSKUN =@babayarisi Blog :http://ha.cker.io Vendor...

DirectAdmin 1.491 - Cross-Site Request Forgery

Exploit for php platform in category web applications ============================================================================= Title : DirectAdmin 1.491 CSRF Vulnerability Date : 27-10-2014 updated 18-02-2016 Version : =1.491 Author : Necmettin COSKUN =@babayarisi Blog :http://ha.cker.io...

Vesta Control Panel 0.9.8-15 Cross Site Scripting

Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4. We log-in VestaCP via password we changed https:...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title :Vesta Control Panel " http://victimserve...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4. We log-in VestaCP via passwo...

DirectAdmin 1.491 - Cross-Site Request Forgery

============================================================================= Title : DirectAdmin 1.491 CSRF Vulnerability Date : 27-10-2014 updated 18-02-2016 Version : =1.491 Author : Necmettin COSKUN =@babayarisi Blog :http://ha.cker.io Vendor : http://www.directadmin.com/ Download:...

Kangle虚拟主机本地文件包含漏洞

测试环境：kangle-3.3.9.msi，ep-2.6.4.exe（官方4-18日更新），windows XP 首先安装kangle server，然后安装easypanel，安装成功后访问http://127.0.0.1:3312/，会自动跳转到http://127.0.0.1:3312/vhost/?c=session&a=loginForm。 然后随便输入用户名密码登陆，如图发送的请求： 然后修改请求url中的参数c的值，将session改为： C=../../../../../../../../../../../windows/system.ini%00...

Advanced Electron Forum 1.0.9 - Remote File Inclusion Cross-Site Request Forgery

Advanced Electron Forum 1.0.9 - Remote File Inclusion Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt Vendor: ============================= www.anelectron.com/downloads/ Product:...