Centreon 'insertLog()' Function RCE

The Centreon application hosted on the remote web server is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input before using it in a SQL query. The application uses the 'echo' system command with the PHP exec function which allows a remote,...

Low: Red Hat Bug Fix Advisory: docker bug fix and enhancement update

An updated docker package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 7 Extras. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually...

NASA Orion - Bypass, Persistent Issue & Embed Code Exec

Document Title: =============== NASA Orion - Bypass, Persistent Issue & Embed Code Exec References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1339 VU666988 US CERT Vulnerability Magazine:...

e-Commerce Vision Design Group Code injection Vulnerability

Exploit for php platform in category web applications Exploit Title: e-Commerce Vision Design Group Code injection Date: 10/09/2014 Exploit Author: MindCracker - Team MaDLeeTs Contact : email protected | FB.Com/Pakistani1337 Greetz : KhantastiC - b0x - 1337 - H4x0rl1f3 - Shadow008 - Invectus...

CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code Exec Exploit

The phpspeedywp WordPress plugin was affected by a admincontainer.php Remote Code Exec Exploit security vulnerability...

Node Browserify 4.2.0 - Remote Code Execution

!/usr/bin/python """ Browserify POC exploit http://iops.io/blog/browserify-rce-vulnerability/ To run, just do: $ python poc.py exploit.js $ browserify exploit.js BITCH I TOLD YOU THIS SHIT IS FABULOUS garbage output ,,,1 00:08:32 up 12:29, 3 users, load average: 0.00, 0.02, 0.05 uid=1001foxx...

JITed exec notepad Shellcode

No description provided by source. Title: JITed exec notepad shellcode EDB-ID: CVE-ID: OSVDB-ID: Author: Alexey Sintsov Published: Verified: yes Download N/A // JIT.swf // // By Alexey Sintsov // [email protected] // [email protected] // // DSecRG - Digital Security Research Group dsecrg.com // //...

J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow Exploit

No description provided by source. !-- Exploit Title: J-Integra v2.11 ActiveX SetIdentity Buffer Overflow Exploit Found By: DrIDE Download: http://j-integra.intrinsyc.com/ Greets: bz1p, [email protected] for finding the app. Tested on: XP SP3 IE7 CVE: 0day Notes: This is not the same control as...

Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)

No description provided by source. %@ page import=java.util.,java.io.% % % %-- abysssec inc public material just upload this file with abysssec.jsp and execute your command your command will run as administrator . you can download sam file add user or do anything you want . note : please be gentl...

Fire Soft Board <= 2.0.1 Persistent XSS Vulnerability (admin panel)

No description provided by source. Exploit Title: Fire Soft Board = 2.0.1 Persistent XSS Vulnerability admin panel Date: 2011-07-11 Author: jill for A-S Software Link: http://www.fire-soft-board.com/index.php?p=download&mode=cat&id=2 Version: 2.0.1 There is a vulnerability on Fire Soft Board foru...

Veritas Backup Exec Name Service Overflow

No description provided by source. $Id: nameservice.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

freebsd/x86-64 exec("/bin/sh") shellcode 31 bytes

No description provided by source. / | | | | | | | \ | | | | || |/ |/ | |/ / ' \ | | / | | | | | | | | | | | | | | | | || ||,|||\| || || \/||| http://www.hacknroll.com Description: FreeBSD x86-64 exec/bin/sh Shellcode - 31 bytes Authors: Maycon M. Vitali 0ut0fBound Milw0rm .:...

Download & Exec polymorphed shellcode Engine

No description provided by source. Download & Exec polymorphed shellcode engine POC This downloading and execution code is not detectable by popular AVs. Greetz 2: DarkEagle and Unl0ck researcherz; Str0ke and milw0rm; HD Moor and metasploit project; Maxus, Fuchunic, YrSam, Garry; Offtopic and PTT...

Batch Audio Converter Lite Edition <= 1.0.0.0 - Stack Buffer Overflow (SEH)

No description provided by source. Software Link: http://www.freesoftwaretoolbox.com/files/batchaudiosetup.exe Tested on: Windows XP SP2 Type of Vuln: SEH Code : bacon-exploit.py Greetz: Otoy, Postnix, Jasakom Community, Kilurah, Gesang, dan wedus-wedus lainnya ^^ Thanks: All OffSec member...

Symantec Backup Exec System Recovery Manager 7.0 FileUpload Class Unauthorized File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27487/info Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server. This issue resides in the Symantec...

wu-ftpd 2.4.2/2.5 .0/2.6 .0 - Remote Format String Stack Overwrite (2)

No description provided by source. source: http://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the...

IBM AIX 4.3.x/5.1 ERRPT Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5885/info The IBM AIX errpt command is prone to a locally exploitable buffer overflow condition. It is possible to exploit this condition to execute arbitrary attacker-supplied instructions with root privileges...

Slaed CMS Code Exec Vulnerability

No description provided by source. Exploit Title: Slaed CMS Code exec Google Dork: Powered by SLAED CMS Date: 03.05.2011 Author: brainpillow Software Link: http://slaed.net/ Version: OpenSlaed 1.2 free, Slaed CMS = 4. On different versions of this software next vulnerabilities are availible:...