Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)

Cisco UCS Manager 2.11b - Remote Command Injection Shellshock !/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory:...

FBI Director — "What If Apple Engineers are Kidnapped and Forced to Write (Exploit) Code?"

What If Apple Engineers are Kidnapped and Forced to Write Exploit Code? Exactly this was what FBI Director James Comey asked in the congressional hearing on Tuesday. The House Judiciary Committee hearing on "The Encryption Tightrope: Balancing Americans' Security and Privacy" over the ongoing...

GpicView 0.2.5 - Crash (PoC)

GpicView 0.2.5 - Crash PoC !/usr/bin/python Exploit Title: GpicView Buffer Overflow DOS Date: 25th February 2016 Exploit Author: David Silveiro Xino.co.uk Vendor Homepage: lxde.sourceforge.net/gpicview/ Software Link:...

QIWI: Content Spoofing in mango.qiwi.com

Доброй ночи. Уязвимость найдена по адресу: https://mango.qiwi.com/partner/dashboard Уязвимый параметр: partnerfirstname Exploit Code: POST Запрос: POST /partner/signup HTTP/1.1 Host: mango.qiwi.com Connection: keep-alive Content-Length: 515 Cache-Control: max-age=0 Accept:...

phpMyBackupPro 2.5 - Remote Command Execution Cross-Site Request Forgery

phpMyBackupPro 2.5 - Remote Command Execution Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site:...

phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

Microsoft Windows WebDAV BSoD Proof Of Concept

/ Source: https://github.com/koczkatamas/CVE-2016-0051 Proof-of-concept BSoD Blue Screen of Death code for CVE-2016-0051 MS-016. Full Proof of Concept: https://github.com/koczkatamas/CVE-2016-0051/archive/master.zip...

dotDefender Firewall 5.00.12865 / 5.13-13282 Cross Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is a Web application...

dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is a Web application firewall WAF for preventing hacking attacks like XSS, SQL...

Ramui Forum Script 9.0 - SQL Injection

Title: Ramui forum script 9.0 SQL Injection Exploit Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com/ Download: http://ramui.com/forum-script/download-v9.html Google-Dork: n/a ---Script-Kiddie protection! : Direct SQL-Path: n/a ---Script-Kiddie protection! : Description: I've...

The Linux kernel mention the right vulnerability analysis and the use of CVE-2 0 1 6-0 7 2 8-a vulnerability warning-the black bar safety net

Security research team Perception Point found a Linux system the kernel exists in a high-risk level of the local privilege escalation 0day vulnerabilities, numbered CVE-2 0 1 6-0 7 2 8 in. There are currently more than 6 6% of Android phones and 1 0 0 0 million Linux PCS and servers are affected ...

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ====================================...

Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers? Probably Not. Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious...

DeleGate 9.9.13 - Local Privilege Escalation

Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor: National Institute of Advanced Industrial Science...

DeleGate 9.9.13 - Local Privilege Escalation

DeleGate 9.9.13 - Local Privilege Escalation Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor:...

WordPress ilightbox Plugin File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin ilightbox File Upload Vulnerability Date : 2015-12-09 Vendor Homepage : http://www.ilightbox.net/ Version : 2.2.0 Google dork: inurl:/wp-content/plugins/ilightbox =========================================== POC...

WordPress Cool Video Gallery 1.9 Command Injection

Title: Command Injection in cool-video-gallery v1.9 Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-11-29 Download Site: https://wordpress.org/plugins/cool-video-gallery/ Vendor: https://profiles.wordpress.org/praveen-rajan/ Vendor Notified: 2015-11-30 Vendor Contact:...

Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net

The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...

SuperScan 4.1 - Scan Hostname/IP Field Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- Exploit Title : SuperScan 4.1 Scan Hostname/IP Field Buffer Overflow Crash PoC Discovery by : Luis Martínez Email : [email protected] Discovery Date : 18/11/2015 Vendor Homepage : http://www.foundstone.com Software Link :...