70 matches found
MPS Box 0.1.8.0 - uuid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested o...
exploitdb-bin-sploits
This repository is an official collection of exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is a valuable resource for those who need actionable data right away. The repository is updated daily with the most recently adde...
Domaintrader 2.5.3 Cross Site Scripting
i? Domaintrader v.2.5.3 Cross-Site Scripting 6th of February, 2018 Found by Uladzislau Murashka - https://sm0k3.net Vendor homepage: www.smartscriptsolutions.com Software link: http://www.smartscriptsolutions.com/domain-trader/ Version of local application copy: 2.5.2 but valid also for 2.5.3...
TOVA 8 Unquoted Service Path Privilege Escalation
Exploit Title: TOVA 8 Precision Test Environment P.T.E - Unquoted Service Path Privilege Escalation Date of Discovery: February 17 2017 Exploit Author: Rithwik Jayasimha Author Homepage/Contact: https://thel3l.me Vendor Name: The TOVA Company Vendor Homepage: http://www.tovatest.com/ Software Lin...
WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting
Vulnerability information Vulnerability title: WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting Plugin home page: https://wordpress.org/plugins/corner-ad/ Affected Plugin version: 1.0.7 Test environment: Firefox 44, Windows10 Vulnerability details...
INTELLITAMPER . map code execution vulnerability, CVE-2008-5755-a vulnerability warning-the black bar safety net
Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/91891f4b53d5e61e66061454ab87ccc7-intellitamperv2.07.exe PoC: import sys maptheader = "\x23\x23\x23\x20\x53\x49\x54\x45\x4D"...
For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net
Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...
Collaborative Penetration Test & Vulnerability Management Platform: Faraday
Collaborative Penetration Test & Vulnerability Management Platform Faraday introduces a new concept – IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit. The main purpose of...
CVE-2016-8610: to cause a denial of service“SSL-Death Alert”vulnerability patch analysis-vulnerability warning-the black bar safety net
Recently, one for OpenSSL Red AlertSSL Death Alertvulnerability security patch caught our attention. Other serious security vulnerabilities, this vulnerability also caught our attention, because according to the vulnerability discoverer said, there is this vulnerability of OpenSSL Web servermay b...
SDN Security Evaluation Framework: DELTA
DELTA is a penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique. Agent-Manager is the control tower. It takes full control over all...
Revive Adserver: Reflected XSS on Zones > Invocation Code
"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...
Subversion 1.6.6 / 1.6.12 - Code Execution
Exploit for linux platform in category remote exploits This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne email protected Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available,...
Revive Adserver: Stored XSS on Admin Access Page - Email field
"Cricetinae" : Short Description The Email field is not sanitized on Inventory Admin Access page resulting in to Stored Cross-Site Scripting vulnerability. Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client side risks including bu...
Malware Evades Detection with Novel Technique
Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...
PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability
Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...
CVE-2 0 1 5-7 5 4 7 analysis and use-vulnerability and early warning-the black bar safety net
0x01 analysis This vulnerability analysis and how to build a test environment k0 chef in seebug and mrh God in the drops of the articles are written very in detail, in the following reference to Annex A of the original address. I was standing on the shoulders of Giants to write some of your own i...
Faraday v1.0.20 - Collaborative Penetration Test and Vulnerability Management Platform
Faraday introduces a new concept - IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. A brand new Faraday version is ready! Faraday v1.0.20 Community, Pro &...
WordPress Tubepress 2 Cross Site Scripting
^^^^^^^^^^^ ^ Exploit Title : Wordpress Tubepress Plugin v 2 Cross Site Scripting ^ Exploit Author : Ashiyane Digital Security Team ^ Vendor Homepage : https://wordpress.org/plugins/tubepress/ ^ Date: 13 Jan 2016 ^ Tested On : Win 10 | CyberFox Browser & Kali Linux | IceWeasel ^ ^^^^^^^^^^^ ^...
Windows 2008 GPP exploit-vulnerability warning-the black bar safety net
The test environment Windows 7 ordinary members of the domain Windows 2008 domain controller The first deployment of the GPP, here my deployment strategy is to the domain members are added to a test user, the password is test123 ! Add a local user ! Then came the Group Policy Management ! Will th...
Seemingly tasteless ESPCMS background injected, can actually be a lot of fun-vulnerability warning-the black bar safety net
Yesterday, the black bar safety net loophole platform exposes a ESPCMS of injection vulnerabilities, Ali cloud computing security attack and defense against a team of friends first time on the vulnerability to do an impact assessment. Did not think need to login to the backend before it can be...