Vivotek IP Camera Buffer Overflow / Injection Vulnerabilities

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly...

BigAnt Server 2.97 - DDNF 'Username' Remote Buffer Overflow

!/usr/bin/python Title: BigAnt Server 2.97 DDNF Username Buffer Overflow Author: Craig Freyman @cd1zz http://pwnag3.com Tested on: Windows 7 64 bit DEP/ASLR Bypass Similar Exploits: http://www.exploit-db.com/exploits/24528/ http://www.exploit-db.com/exploits/24527/...

[Http-enum] Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool...

SAP NetWeaver Message Server - Multiple Vulnerabilities

SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...

PHP-CGI Argument Injection Remote Code Execution

!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution This exploit abuses an arguement injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user. Feel free to give me abuse about this " sys.exit0 target =...

Broadcom DoS on BCM4325 and BCM4329 Devices

Exploit for hardware platform in category dos / poc Exploit Author: CoreLabs Core Security Technologies fue descubierta por el investigador argentino Andrés Blanco, Vendor Homepage: Software Link: download link if available Version: 1.0 Tested on: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HT...

ActFax Server 4.31 Build 0225 - Local Privilege Escalation

!/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html msfpayload windows/exec CMD=cmd.exe R | msfencode -e...

Symantec Web Gateway 5.0.3.18 Password Change

!/usr/bin/python import urllib import urllib2 import re import sys print " " print " Symantec Web Gateway " exit0 ip = sys.argv1 username = sys.argv2 password = sys.argv3 url = "https://%s/spywall/temppassword.php" % ip opts = 'target':'executivesummary.php', 'USERNAME':username,...

Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change

Exploit for linux platform in category web applications !/usr/bin/python import urllib import urllib2 import re import sys print " " print " Symantec Web Gateway " exit0 ip = sys.argv1 username = sys.argv2 password = sys.argv3 url = "https://%s/spywall/temppassword.php" % ip opts =...

HP Data Protector Client 6.11 / 6.20 Remote Code Execution

!/usr/bin/env python Exploit Title: HP Data Protector Client EXECCMD Remote Code Execution Vulnerability Date: 2012-12-06 Exploit Author: Ben Turner Vendor Homepage: www.hp.com Version: 6.11 & 6.20 Tested on: Windows 2003 Server SP2 en CVE: CVE-2011-0922 Notes: ZDI-11-056 Reference:...

F5 BIG-IP Remote Root Authentication Bypass

!/usr/bin/python Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w" filewrite.write"""-----BEGIN RSA PRIVATE KEY-----...

F5 BIG-IP - Authentication Bypass

F5 BIG-IP - Authentication Bypass !/usr/bin/python Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w"...

F5 BIG-IP - Authentication Bypass

!/usr/bin/python Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w" filewrite.write"""-----BEGIN RSA PRIVATE KEY-----...

Heap spraying Adobe Illustrator

Due to the recent patched vulnerabilities in Adobe Illustrator CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026 it becomes interesting to analyze the exploitability facts of the .ai file format. Early versions of the AI file format are true EPS files with a restricted, compact synta...

HT Editor Spawning Root Shell

Exploit for linux platform in category remote exploits !/usr/bin/python Exploit Title: HT Editor Spawning Root Shell Date: 29-Mar-2012 Author: blusp10it Version: 2.0.18 Download: http://sourceforge.net/projects/hte/files/ht-source/ht-2.0.18.tar.gz Tested on: BackTrack 4 R2, Ubuntu 10.04 Run with:...

Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH)

!/usr/bin/python Title: Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit Egghunter Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Software Versions Tested: 5.53 Date Discovered: Febrary 22, 2012 Vendor Contacted: Febrary 23, 2012 Vendor Response: February 27, 2012 Vendor Fix: Version 5.55...

DPScan : Drupal Security Scanner Released

DPScan : Drupal Security Scanner Released The First Security scanner for Drupal CMS has been released by Ali Elouafiq, on his Blog. His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines. This small tool is publ...

Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution (Egghunter)

Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution Egghunter !/usr/bin/python Title: Sysax Multi Server " sys.exit1 target = sys.argv1 port = intsys.argv2 user = sys.argv3 password = sys.argv4 opersys = sys.argv5 base64 encode the provided creds creds =...

Microsoft Windows - Assembly Execution (MS12-005)

Exploit Title: MS12-005 : Microsoft Windows Assembly Execution Vulnerability Date: 1/14/2012 Author: Byoungyoung Lee, http://exploitshop.wordpress.com Version: Windows 7 32bit, fully patched until Jan 2012 Tested on: Windows 7 32bit CVE : CVE-2012-0013 PoC:...