SolarWinds Log and Event ManagerTrigeo SIM 6.1.0 - Remote Command Execution

SolarWinds Log and Event ManagerTrigeo SIM 6.1.0 - Remote Command Execution Requirements: Python 2.7 netcat Tested on: Ubuntu 14.04 LTS Vulnerable Appliance Version: 6.1.0 Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe Instructions: Th...

Zerocms v.1.3.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Zerocms = v.1.3.3 SQL injection vulnerability Affected Software: zerocms = v.1.3.3 released 23rd-Jan-2015 Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 ========================== Vulnerability Description...

ZeroCMS 1.3.3 SQL Injection

Advisory: SQL injection vulnerabilities in zerocms = v.1.3.3 Advisory ID: SROEADV-2015-13 Author: Steffen Rösemann Affected Software: zerocms = v.1.3.3 released 23rd-Jan-2015 Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 CVE-ID: - ==========================...

e107 2.0 Alpha2 Cross Site Request Forgery Vulnerability

e107 version 2.0 Alpha2 suffers from a cross site request forgery vulnerability. Advisory: CSRF vulnerability in CMS e107 v.2 alpha2 Author: Steffen Rösemann Affected Software: CMS e107 v.2 alpha2 Release-Date: 08th-Jun-2014 Vendor URL: http://e107.org Vendor Status: solved CVE-ID: -...

e107 2.0 Alpha2 Cross Site Request Forgery

Advisory: CSRF vulnerability in CMS e107 v.2 alpha2 Advisory ID: SROEADV-2014-04 Author: Steffen Rösemann Affected Software: CMS e107 v.2 alpha2 Release-Date: 08th-Jun-2014 Vendor URL: http://e107.org Vendor Status: solved CVE-ID: - ========================== Vulnerability Description:...

THC-Hydra 8.1 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

Android Open Source Platform (AOSP) Browser UXSS

This module exploits a Universal Cross-Site Scripting UXSS vulnerability present in all versions of Android's open source stock browser before 4.4, and Android apps running on 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scriptin...

Hydra Network Logon Cracker 8.0 - Very fast network logon cracker which support many different services

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

Ensnare Web Application Attack Detection Utility Released

BOSTON – Two engineers from Netflix this week released to open source a security tool that detects attacks against web applications—and also reacts to those attacks with responses they hope will flummox a hacker to the point that he moves on to his next target. The utility is called Ensnare and i...

[SECURITY] Fedora 18 Update: nodejs-github-url-from-git-1.1.1-2.fc18

Parse a GitHub git URL and return the GitHub repository URL...

Ruby Gem Curl Command Execution

Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...

Acrobat Reader 9.4 - Memory Corruption

Acrobat Reader 9.4 - Memory Corruption https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/15419.bin xplpdf.bin http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html...

GNUnet 0.7.0d - Empty UDP Packet Remote Denial of Service

GNUnet 0.7.0d - Empty UDP Packet Remote Denial of Service GNUnet = 0.7.0d Empty UDP Packet Remote Denial of Service Exploit https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/1792.zip 05152006-udpsz.zip...