11967 matches found
NetZip-Classic-SEH
Exploit Title: Exploit Buffer Overflow NetZip ClassicSEH Date: 01\30\2011 Author: C4SS!0 G0M3S Software Link: http://proforma.real.com/real/nzclassic/nzclassic.html Version: 7.5.1.86 Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN def usage system"cls" system"color 4f"; end if ARGV.length !=1 usage...
GOM-Player-2.1.33.5071-ASX-File-Unicode
Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution. Version: 2.1.33.5071 Date: 30-11-2011 Author: Debasish Mandal Peter Van Eeckhoutte corelanc0d3r rawinput" Press Enter to generate the crafted ASX..." size = 2046 Shellcode WinExec "Calc.exe"...
Lattice-Semiconductor-PAC-Designer-6.21
Exploit: Lattice Semiconductor PAC-Designer 6.21 possibly all versions CVE: CVE-2012-2915 Author: b33f Ruben Boonen - http://www.fuzzysecurity.com/ OS: WinXP SP1 Software: http://www.latticesemi.com/products/designsoftware/pacdesigner/index.cfm filename="evil.PAC" PAC1 = """ 1 ispPAC-CLK5410D...
Beetel-Connection-Manager
Exploit Title:Beetel Connection Manager SEH Buffer Overflow Software for usb wireless Homepage:http://www.beetel.in/business-solutions/international-business/3g-products/g31-3g-data-card Version:PCWBTLINDV1.0.0B04 Software...
XM-Easy-Personal-FTP-Server
Because this address is relative and has a static base in this environment, I was able to use the heap chunk address as the pointer to write at the vtable. Then a function is called at offset 0xb0 or 0x98 and we can reliably return into a ROP payload and execute arbitrary code. import socket impo...
Ubiquiti-AirOS-5.5.2
The http://IP/test.cgi "essid" parameter is not sanitized for input which allows for execution of operating system commands. The parameter input field can be like this to create a file /tmp/test.txt: LINKTEST /bin/touch /tmp/test.txt " import urllib, urllib2, cookielib, sys, random, mimetools,...
Wordpress WP-EMail 2.64 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title : Wordpress WP-EMail 2.64 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : https://wordpress.org/plugins/wp-email/ Date : 2015-01-03 Software Link :...
HDWIKI鸡肋SQL注入(PHP弱类型实例)
简要描述: 见drops中@小飞发了一篇文章:http://drops.wooyun.org/tips/4483 我一直认为没有实例的文章不是好文章,于是来帮他加个实例,由PHP弱类型造成的SQL注入,非常典型。 为了不拉低大号的平均rank,小号交起嘿 详细说明: /control/list.php 109行 function dofocus $doctype = $this-get2; switch$doctype case 2: $type = 'hot'; $navtitle = $this-view-lang'hotDoc'; break; case 3: $type =...
PHPAPP注入第四枚(各种无视过滤)
简要描述: PHPAPP注入第四枚(各种无视过滤) 详细说明: 在wooyun上看到了有人提了PHPAPP的漏洞: http://wooyun.org/bugs/wooyun-2010-055604,然后去官网看了看,前几天刚有更新,就在官网下了PHPAPP最新的v2.6来看看2014-12-11更新的。 PSOT注入点:wwww.xxx.com/member.php?action=1&app=43&cid=1&rid=2, 存在漏洞的文件在/phpapp/apps/refund/memberphpapp.php 下面分析一下漏洞产生的原因 第一处绕过:...
phpyun v3.2 (20141222) 三处注入
简要描述: 20141222 详细说明: 第一处在 api/alipay/alipayto.php 现在的少了以前的验证。 errorreporting0; requireonce"alipayconfig.php"; requireonce"class/alipayservice.php"; requireoncedirnamedirnamedirnameFILE."/data/db.config.php"; requireoncedirnamedirnamedirnameFILE."/plus/config.php";...
[SECURITY] Fedora 21 Update: kernel-3.17.7-300.fc21
The kernel meta package...
Lexmark MarkVision Enterprise < 2.1 Multiple Vulnerabilities
The version of Lexmark MarkVision Enterprise installed on the remote host is prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability due to improper handling of user input to the 'GfdFileUploadServerlet' servlet. CVE-2014-8741 - An...
Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) Detection (HTTP)
HTTP based detection of the Microsoft Exchange Outlook Web App / Outlook Web Access OWA and the Microsoft Exchange Server running this OWA application. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion
!/bin/sh Exploit Title: Cacti - Superlinks Plugin 1.4-2 RCELFI via SQL Injection Date: 19/12/2014 Exploit Author: Wireghoul Software Link: http://docs.cacti.net/plugin:superlinks Identifiers: CVE-2014-4644, EDB-ID-33809 Exploit explanation through inline comments Patch provided at the end This is...
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload
!/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification Twitter 2014-12-02: Vendor Notification Web Site 2014-12-04:...
Iwebsns最新版SQL注入第五枚
简要描述: Iwebsns最新版SQL注入第五枚 详细说明: 在wooyun上看到雨牛提了5个iwebsns的漏洞了( WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,已对比,不重复,下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复,我先把存在漏洞的文件和注入参数分别写在这里:action/group/groupexit.action.php groupid 下面看看漏洞是怎么产生的 ction/group/groupexit.action.php 无关代码 //变量区 $userid=getsessuserid;...
Flat Calendar 1.1 - HTML Injection
!/usr/bin/perl -w Title : Flat Calendar v1.1 HTML Injection Exploit Download : http://www.circulargenius.com/flatcalendar/FlatCalendar-v1.1.zip Author : ZoRLu / [email protected] Website : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultima...
IceHrm 7.1 Multiple Vulnerabilities
IceHrm versions 7.1 and below suffer from cross site request forgery, cross site scripting, local file inclusion, and code execution via remote shell upload vulnerabilities. IceHrm =7.1 Multiple Vulnerabilities Vendor: IceHRM Product web page: http://www.icehrm.com Affected version: = 7.1 Summary...
Microsoft Windows Kerberos - Privilege Escalation (MS14-068)
!/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache import CCache, gettgtcred, kdcrep2ccache from kek.crypto...
Apadana CMS SQL Injection
000000000000000000000000000000000 0 0 Exploit Title : Apadana CMS Sql Injection Vulnerability 0 Exploit Author : SeRaVo.BlackHat 0 Vendor Homepage : http://www.apadanacms.ir/ 0 Google Dork : powered by apadana CMS 0 Date: 2014/November/25 0 Tested On : windows + linux | Mozila | Havij 0 Software...