CBL Mariner 2.0 Security Update: kernel (CVE-2022-3107)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3107 advisory. - An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in...

B&R Systems Diagnostics Manager Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple XSS Vulnerabilities product: B&R Systems Diagnostics Manager vulnerable version: =3.00 and =D4.93 CVE number: CVE-2022-4286 impact: medium homepage:...

FreeBSD : sudo -- Potential out-of-bounds write for small passwords (3310014a-5ef9-11ed-812b-206a8a720317)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3310014a-5ef9-11ed-812b-206a8a720317 advisory. - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c...

Kyocera Command Center RX ECOSYS M2035dn Directory Traversal

Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-10 Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version:...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

ConfluenceCVE-2021-26084 Remote Code Execution on Confluence...

Disk Sorter Server 13.6.12 - (Disk Sorter Server) Unquoted Service Path Vulnerability

Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability Type: Unquoted...

PDFCOMPLETE Corporate Edition 4.1.45 Unquoted Service Path

Exploit Title: PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-11-2020 Vendor Homepage: https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r Software Links : https://pdf-complete.informer.com/download/ Test...

Office Product Key Finder 1.5.4 - Denial of Service (PoC)

Office Product Key Finder 1.5.4 - Denial of Service PoC Exploit Title: Office Product Key Finder 1.5.4 - Denial of Service PoC Date: 2020-01-06 Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/officeproductkeyfindersetup.exe Exploit Author: Gokkul Teste...

Prime95 29.8 Build 6 Buffer Overflow

Exploit Title: Prime95 Version 29.8 build 6 - Buffer Overflow SEH Date: 2019-12-22 Vendor Homepage: https://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v298b6.win32.zip Exploit Author: Achilles Tested Version: 29.8 build 6 Tested on: Windows 7 x64 1.- Run python...

Product Key Explorer 4.2.0.0 - Name Denial of Service (POC)

Product Key Explorer 4.2.0.0 - Name Denial of Service POC Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe...

SQL Server Password Changer 1.90 - Denial of Service Exploit

Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code :Outlook Password...

Tuneclone 2.20 - Local SEH Buffer Overflow

Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python code : TuneClone.py 2.- Open EVIL.txt and cop...

TapinRadio 2.11.6 - (Uername) Denial of Service Exploit

Exploit Title: TapinRadio 2.11.6 - 'Uername' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the cras...

Deluge 1.3.15 - (URL) Denial of Service Exploit

Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7 Service Pack 1 x64 Steps t...

jetCast Server 2.0 - Denial of Service Exploit

Exploit Title: jetCast Server 2.0 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe Tested Version: 2.0 Tested on: Window...

PHPRunner 10.1 - Denial of Service Exploit

Exploit Title: PHPRunner 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/phprunner/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.- Run python code:...

Joomla JiFile 2.3.1 Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: http://www.isapp.it Software Link :...

Joomla! Component ARI Quiz 3.7.4 - SQL Injection

Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...

NSauditor 3.1.2.0 - Name Denial of Service (PoC)

NSauditor 3.1.2.0 - Name Denial of Service PoC Exploit Title: NSauditor 3.1.2.0 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0...