Schneider Electric Accutech Manager - Heap Overflow (PoC)

Schneider Electric Accutech Manager Server Heap Overflow PoC RFManagerService - Port: 2537 I think this is the same vuln that ExodusIntel discovered. Credit also goes to Aaron Portnoy, ExodusIntel. The patch has not been released yet. Evren Yalcin, Signalsec Ltd. www.signalsec.com Download app:...

WordPress Audio Player SWF Cross Site Scripting

Exploit Title: Wordpress Audio Player Plugin XSS in SWF Release Date: 31/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip Vendor Homepage: http://wpaudioplayer.com/ Tested...

[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability

------------------------------------------------------------------------------ Invision Power Board = 3.3.4 "unserialize" PHP Code Execution Vulnerability ------------------------------------------------------------------------------ author..............: Egidio Romano aka EgiX...

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 targe...

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy

Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 target" exit 1 fi echo "POST...

PBBoard - Authentication Bypass

PBBoard - Authentication Bypass source: https://www.securityfocus.com/bid/54862/info PBBoard is a web-based messaging board application implemented in PHP. Attackers may exploit these issues to gain unauthorized access to user accounts or to bypass intended security restrictions. Other attacks ma...

DataWatch Monarch Business Intelligence (BI) 5.1 Admin Cross Site Scripting

Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...

Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection

Exploit for linux platform in category web applications !/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerabili...

SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

Microsoft SQL Server Privilege Escalation / SQL Injection

No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...

TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain

Trustwave's SpiderLabs Security Advisory TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt Published: 2011-07-25 Version: 1.0 Vendor: Apple http://www.apple.com Product: iOS Version affected: Versions Prior to...

Pragyan CMS Code Execution / SQL Injection

Affected Software Pragyan CMS Product Link: http://sourceforge.net/projects/pragyan/ Technical Description 1 Code execution in INSTALL/install.php script not correctly validate entered fields. possibly write at password field string: ";echo exec$GET"a";echo " or in another fields with turned of...

NitroSecurity ESM 8.4.0a - Remote Code Execution

NitroSecurity ESM 8.4.0a - Remote Code Execution -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it w...

Solarwindws TFTP Server 10.4.0.13 Denial Of Service

!/usr/bin/python print "\n" print " Nullthreat Network" print " Solarwinds TFTP Server Ver. 10.4.0.13" print " Elliott "Nullthreat" Cutright" print " [email protected]" print "" print "\n" Summary: An long Write Request 1000 A's will cause SolarWinds TFTP Server to crash. Tested on:...

McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure

Advisory Name: Internal Information Disclosure in McAfee Email Gateway formerly IronMail Vulnerability Class: Information Disclosure Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail Ironmail ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local...

McAfee Email Gateway (formerly IronMail) - Local Privilege Escalation

McAfee Email Gateway formerly IronMail - Local Privilege Escalation Advisory Name: Local Privilege Escalation in McAfee Email Gateway formerly IronMail Vulnerability Class: Local Privilege Escalation Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail Ironmail ver.6.7.1 Affected...

NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow

Security Advisory NSOADV-2009-001 Title: Symantec ConsoleUtilities ActiveX Control Buffer Overflow Severity: Critical Advisory ID: NSOADV-2009-001 Found Date: 09.09.2009 Date Reported: 15.09.2009 Release Date: 02.11.2009 Author: Nikolas Sotiriu Mail: nso-research at sotiriu.de URL:...

Traidnt UP 2.0 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================== Traidnt UP 2.0 Remote SQL Injection Exploit =========================================== !/usr/bin/ruby ============================================= Traidnt UP v2.0 Exploit SQL Injection...

IGSuite 3.2.4 - Reverse Shell Blind SQL Injection

IGSuite 3.2.4 - Reverse Shell Blind SQL Injection !/usr/bin/perl 05/18/2008 - IGSuite 3.2.4 Blind SQL Injection - ksOSe 05/21/2008 - Vendor notified 05/23/2008 - A patch was pushed via the igsuited daemonnot enabled by default Fix: run igsuited --update-igsuite or upgrade to 3.2.5-beta. Tested on...

IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection

!/usr/bin/perl 05/18/2008 - IGSuite 3.2.4 Blind SQL Injection - ksOSe 05/21/2008 - Vendor notified 05/23/2008 - A patch was pushed via the igsuited daemonnot enabled by default Fix: run igsuited --update-igsuite or upgrade to 3.2.5-beta. Tested on IGSuite 3.2.4 on linux with MySQL, needs ncin pat...