Medium severity flaw in BlackBerry QNX Neutrino RTOS

Summary This advisory concerns the forced disclosure of 2 vulnerabilities that were previously disclosed to BlackBerry. Disclosure has been forced since these vulnerabilities have been publicly disclosed with PoC on the exploit-db web site. Two local privilege escalation vulnerabilities have been...

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs from ips.txt This is a generic exploit for 64-bit...

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

Nginx 1.4.0 Generic Linux x64 - Remote Overflow nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs...

QNX Neutrino RTOS 6.5.0 Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20140311 Date: 11th March 2014 Author: Tim Brown URL: / Product: QNX Neutrino RTOS 6.5.0 Vendor: BlackBerry Risk: Medium Summary This advisory concerns the forced disclosure of 2 vulnerabilities that were previous...

Joomla Fixes Critical SQL Injection Vulnerability

The open-source content management framework Joomla pushed out version 3.2.3 of its product last week, fixing a SQL injection zero-day vulnerability that could have let attackers steal information from databases or insert code into sites running the CMS. While little is being disclosed by Joomla,...

CVE-2014-2043

creationtimestamp| type| source ---|---|--- 2014-03-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32212...

VideoLAN VLC Media Player 2.1.3 - '.avs' Crash (PoC)

Exploit Title: VLC 2.1.3 WriteAV Vulnerability, Decoders Date: 2014/02/20 Exploit Author: kw4 Software Link: http://www.videolan.org/vlc/index.html Version: 2.1.3 Impact Med/High Tested on: Windows 7 64 bits Memory corruption when VLC tries to load crafted .avs files. 2b10.2750: Access violation ...

Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow

Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow Application:Notepad++ Version:6.5.2 UNICODE Get the application from: http://notepad-plus-plus.org/download/v6.5.2.html Plugin:CCompletion Version: Version 1.19 Unicode Get the plugin from:...

Python - socket.recvfrom_into() Remote Buffer Overflow

Python - socket.recvfrominto Remote Buffer Overflow !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-19...

SeaMonkey Multiple XSS Vulnerabilities (Feb 2014) - Windows

SeaMonkey is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wordpress Formcraft Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress formcraft Plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Google Dork : inurl:/wp-content/plugins/formcraft Software Link : www.wordpress.org Tested on: Windows , Linux Date: 2013/12/2 Exploit : S...

WordPress Plugin Formcraft - SQL Injection

WordPress Plugin Formcraft - SQL Injection Exploit Title : Wordpress formcraft Plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Google Dork : inurl:/wp-content/plugins/formcraft Software Link : www.wordpress.org Tested on: Windows , Linux Date: 2013/12/2 Exploit : Sql Injectio...

TVT TD-2308SS-B DVR - Directory Traversal

Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P 3.1.6.P-1.0.2.1-03 3.1.75.B-1.0.2.1-00...

TVT TD-2308SS-B DVR - Directory Traversal

TVT TD-2308SS-B DVR - Directory Traversal Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P...

ALLPlayer 5.6.2 - .m3u File Local Buffer Overflow (SEH Unicode)

ALLPlayer 5.6.2 - .m3u File Local Buffer Overflow SEH Unicode !/usr/bin/perl Exploit Title: ALLPlayer 5.6.2 .m3u - SEH Buffer Overflow Unicode Date: 10-22-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ALLPlayer 5.6.2 Software Link:...

ALLPlayer 5.6.2 SEH Buffer Overflow

!/usr/bin/perl Exploit Title: ALLPlayer 5.6.2 .m3u - SEH Buffer Overflow Unicode Date: 10-22-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ALLPlayer 5.6.2 Software Link: http://www.allplayer.org/download/allplayer Version: 5.6.2 Tested On: Windows XP SP3 Credit to...

Fckeditor2. 6. 8 ASP version file upload bypass-vulnerability warning-the black bar safety net

exploit-db recently released an FCkeditor2. 6. 8 ASP version of an upload bypass, but not very detailed, only made a video, is youtube, there may be brothers who don't see, is forwarded to the National for everyone to see, the country also has a large cattle through the analysis, I also be issued...

OTRS ITSM 'Body' Field HTML Injection Vulnerability (OSA-2012-01)

OTRS Open Ticket Request System or OTRS:ITSM is prone to HTML injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

IBM AIX 6.17.1 - Local Privilege Escalation

IBM AIX 6.17.1 - Local Privilege Escalation Exploit-DB Note: Screenshot provided by exploit author !/bin/sh Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation Date: 2013-09-24 Exploit Author: Kristian Erik Hermansen Vendor Homepage: http://www.ibm.com Software Link:...

PCMAN FTP 2.07 STOR Command - Stack Overflow Exploit (MSF)

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'PCMAN FTP Server STOR Command Stack Overflow', 'Description' = %q This module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP v2.07 Server when the "/../" parameters...