Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...

aMSN 0.98.9 Web App - Multiple Vulnerabilities

Exploit for php platform in category web applications from argparse import ArgumentParser import urllib2 import string import random """ Preauth LFI and SQLi in the web app packaged with aMSN 0.98.9 """ def lfioptions: """ exploit the LFI """ addr =...

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

Hello lists, here you find the analysis of a vulnerability I recently discovered. Mikrotik RouterOS 5. and 6. sshd remote preauth heap corruption http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ Additionally it includes a way to drop into a...

UBUNTU-CVE-2012-1016

The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...

DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability

DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28...

DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit

DefenseCode Security Advisory UPCOMING: Cisco Linksys Remote Preauth 0day Root Exploit Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth root access vulnerability in default installation of their Linksys routers that we've discovered. We gave them detailed...

Multiple MySQL database Zero-day vulnerabilities published

Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and Remote Preauth User Enumeration. Common Vulnerabilities and Exposures CVE assigned as : CVE-2012-5611 — MySQL Lin...

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

Samba Remote Directory Traversal

Samba Remote Directory Traversal logic fuckup discovered & exploited by Kingcope in 2010 It seems there was a quite similar bug found back in 2004: http://marc.info/?l=bugtraq&m=109658688505723&w=2 A remote attacker can read, list and retrieve nearly all files on the System remotely. Required is ...

Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS

Some days ago i have discovered a DoS in Windows Vista. Here is the advisory with a detailed description about the vulnerability that will help to Microsoft they have been already notified about the bug to correct it as soon as possible, and it will help you if you need to add any rule for your...

BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)

No description provided by source. !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow 0day Matteo Memelli aka ryujin www.be4mind.com - www.gray-world.net 04/13/2008 Tested on Windows 2000 Sp4 English Vulnerable process is AntServer.exe Offset for SEH overwrite is 954 Bytes...

BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)

PR: n/a I: 10,500 L: 0 LD: 246,240 I: 70400 Rank: 18167 Age: Feb 17, 2004 I: 0 whois source Density Links: 0|0 !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow 0day Matteo Memelli aka ryujin http://www.r57shell.in - http://adult.wikipediatr.com - http://www.wikipediatr.com...

BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)

Exploit for unknown platform in category remote exploits ============================================================ BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit 0day ============================================================ !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH...

[EXPL] Airsensor M520 HTTPD Preauth DoS and Buffer Overflow (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC

No description provided by source. !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted...

Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC

Exploit for hardware platform in category dos / poc ================================================= Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC ================================================= !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC...

Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC

Exploit for linux platform in category dos / poc =========================================================== Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC =========================================================== !/usr/bin/env python kms1.py - Kerio MailServer 6.2.2 preauth remote...

Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC

No description provided by source. !/usr/bin/env python kms1.py - Kerio MailServer 6.2.2 preauth remote DoS fixed in Kerio MailServer 6.3.1 Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided...

MDaemon POP3服务器预认证远程溢出漏洞

Alt-N MDaemon是一款基于Windows的邮件服务程序。 MDaemon POP3服务器在处理USER和APOP命令时存在缓冲区溢出漏洞。如果向USER或APOP命令发送了包含有“@”字符的超长字符串的话，就会触发这个漏洞，导致堆溢出。如果要利用这个漏洞，必须向POP3服务器发送多个USER命令。成功利用这个漏洞的攻击者可能会执行任意代码，具体取决于堆的状态及字符串的长度。 Alt-N MDaemon 9.06 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.altn.com PoC for Mdaemon POP3 preauth...

mdaemon_poc.txt

PoC for Mdaemon POP3 preauth heap overflow Coded by Leon Juranic Infigo IS $host = '192.168.0.105'; use IO::Socket; for $x = 0 ; $x $host,PeerPort = '110', Proto = 'tcp' || die "socket error\n\n"; recv $sock, $var, 10000,0; print $var; print $sock "USER " . "@A" x 160 . "\r\n"; recv $sock, $var,...