41207 matches found
Quick Classifieds 1.0 - includesendit.php3?DOCUMENT_ROOT Remote File Inclusion
Quick Classifieds 1.0 - includesendit.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...
PHP 4.4.3 4.4.6 - PHPinfo() Cross-Site Scripting
PHP 4.4.3 4.4.6 - PHPinfo Cross-Site Scripting //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Apache modssl 2.8.x - Off-by-One HTAccess Buffer Overflow source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by...
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series - Multiple Vulnerabilities !/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitab...
Drupal 8.6.9 - REST Module Remote Code Execution
Drupal 8.6.9 - REST Module Remote Code Execution !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow ''' ======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ========...
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in xpcserializerunpack / xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the...
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Exploit Title: D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Author: John Page aka hyp3rlinx Date: 2018-11-09 Vendor: http://us.dlink.com Product Link:...
SEIG Modbus 3.4 - Remote Code Execution
SEIG Modbus 3.4 - Remote Code Execution Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal ''' --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Directory Traversal Date: 2018-03-27 Exploit...
iBall WRA150N - Multiple Vulnerabilities
iBall WRA150N - Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The ke...
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation Exploit Title: Cisco AnyConnect Start Before Logon SBL local privilege escalation. CVE-2017-3813 Date: 02/27/2017 Exploit Author: @Pcchillin Software Link:...
Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Linux Kernel 3.x Ubuntu 14.04 Mint 17.3 Fedora 22 - Double-free usb-midi SMEP Privilege Escalation Source: https://xairy.github.io/blog/2016/cve-2016-2384 Source: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 Source: https://www.youtube.com/watch?v=lfl1NJn1nvo Exploit-DB Note...
Linux Kernel 3.4.5 (Android 4.2.24.4 ARM) - Local Privilege Escalation
Linux Kernel 3.4.5 Android 4.2.24.4 ARM - Local Privilege Escalation / Just a lame binder local root exploit stub. Somewhat messy but whatever. The bug was reported in CVE-2013-6282. Tested on Android 4.2.2 and 4.4. Kernels 3.0.57, 3.4.5 and few more. All up to 3.4.5 unpatched should be vulnerabl...
Oracle Document Capture - Actbar2.ocx Insecure Method
Oracle Document Capture - Actbar2.ocx Insecure Method Source: http://packetstormsecurity.org/files/view/97866/DSECRG-11-004.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release...
Pandora FMS 3.1 - Authentication Bypass
Pandora FMS 3.1 - Authentication Bypass + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers,...
RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray
RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray . . . \ / |/| . | | | ||/ \ .| RSP MP3 Player OCX ActiveX Buffer Overflow heap spray By : MadjiX , Dz8aHotmail.com Discovered by Blake: http://www.exploit-db.com/exploits/14309/ Greetings: His0k4 , Bibi-info , The g0bl!n y , sec4ever.com...
K-Meleon 1.5.3 - Remote Array Overrun
K-Meleon 1.5.3 - Remote Array Overrun From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/222 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 K-Meleon 1.5.3 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.:...
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Exploit Title: Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Date: 2020-01-08 Exploit Author: Waffles & Paveway3 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0...
Apple macOS 10.15.1 - Denial of Service (PoC)
Apple macOS 10.15.1 - Denial of Service PoC Exploit Title: Apple macOS 10.15.1 - Denial of Service PoC Date: 2019-11-02 Exploit Author: 08Tc3wBB Vendor Homepage: Apple Software Link: Version: Apple macOS msghlocalport, msg1.msghsize, msg4.msghreserved, unsigned intmsg4.msghid, QWORD...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla Convert Forms version 2.0.3 - Formula Injection CSV Injection Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link:...
GoAhead Web Server 2.5 3.6.5 - HTTPd LD_PRELOAD Remote Code Execution
GoAhead Web Server 2.5 3.6.5 - HTTPd LDPRELOAD Remote Code Execution !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
OpenDocMan 1.2.7 - Multiple Vulnerabilities Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12,...
OpenConf 4.11 - authoredit.php Blind SQL Injection
OpenConf 4.11 - authoredit.php Blind SQL Injection ?php / --------------------------------------------------------------------- OpenConf = 4.11 author/edit.php Remote Blind SQL Injection Exploit --------------------------------------------------------------------- author...............: Egidio...
vsp stats processor 0.45 - gamestat.php?gameID SQL Injection
vsp stats processor 0.45 - gamestat.php?gameID SQL Injection Product : vsp stats processor Version : all Dork : "powered by vsp stats processor" Site: http://www.scivox.net/vsp/ Found by: Dimi4 Date : 31.03.09 Greetz: antichat SQL-injection + URL:...
VAMP Webmail 2.0beta1 - yesno.phtml Remote File Inclusion
VAMP Webmail 2.0beta1 - yesno.phtml Remote File Inclusion ToXiC VAMP Webmail Remote File Inclusion by ToXiC CreW BuG FounD by Drago84 Application Affect:VAMP Webmail Page: yesno.phtml Dir : /setup/ Problem: ExPloit :...
BinGo News 3.01 - bnrep Remote File Inclusion
BinGo News 3.01 - bnrep Remote File Inclusion ============================================================================================== BinGo News = v3.01 bnrep Remote File Inclusion Exploit ===============================================================================================...
CaLogic Calendars 1.2.2 - CLPath Remote File Inclusion
CaLogic Calendars 1.2.2 - CLPath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM CaLogic Calendars V1.2.2 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: CaLogic Calenda...
JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection
JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitati...
Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution
Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible f...
AMSS++ 4.7 - Backdoor Admin Account
AMSS++ 4.7 - Backdoor Admin Account Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork : แนะนำให้ใช้บราวเซอร์...
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Date: 2019-12-13 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link:...
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Title: Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Author : Peter Lapp Exploit Date: 2019-12-05 Vendor Homepage : https://www.trendmicro.com/enus/business.html Link Software :...
Microsoft Windows Server 2012 - Group Policy Remote Code Execution
Microsoft Windows Server 2012 - Group Policy Remote Code Execution Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2,...
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Exploit Title: Fiberhome AN5506-04-F - Stored Cross Site Scripting Date: 04.03.2019 Exploit Author: Tauco Vendor Homepage: http://www.fiberhomegroup.com/en/ Version: RP2669 Tested on: Windows 10 CVE : CVE-2019-9556 Description:...
Linux Kernel 4.4.0 4.8.0 (Ubuntu 14.0416.04 Linux Mint 1718 Zorin) - Local Privilege Escalation (KASLR SMEP)
Linux Kernel 4.4.0 4.8.0 Ubuntu 14.0416.04 Linux Mint 1718 Zorin - Local Privilege Escalation KASLR SMEP // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on: // - Ubuntu trusty 4.4.0 kernels // - Ubuntu xenial 4.4.0 and...
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control Trend Micro Smart Protection Server Multiple Vulnerabilities 1. Advisory Information Title:: Trend Micro...
ZyXEL PK5001Z Modem - Backdoor Account
ZyXEL PK5001Z Modem - Backdoor Account Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux...
Linux Kernel 4.4.0-83 4.8.0-58 (Ubuntu 14.0416.04) - Local Privilege Escalation (KASLR SMEP)
Linux Kernel 4.4.0-83 4.8.0-58 Ubuntu 14.0416.04 - Local Privilege Escalation KASLR SMEP // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0- and Ubuntu xenial 4-8-0- kernels. // // EDB Note: Also...
Professional Service Booking Script - SQL Injection
Professional Service Booking Script - SQL Injection Vulnerability: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Professional Service Booking Script Script Buy Now: http://scriptfirm.com/professional-service-booking-engine Author: İhsan Şencan...
Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)
Oracle Outside In MDB - File Parsing Stack Buffer Overflow PoC !/usr/bin/python Exploit Title: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC Date: 16th January 2014 PoC Author: Citadelo Vendor Homepage: http://www.oracle.com Software Link:...
WebCalendar 1.2.4 - Remote Code Execution
WebCalendar 1.2.4 - Remote Code Execution ?php / ----------------------------------------------------------------------- WebCalendar = 1.2.4 install/index.php Remote Code Executionn Exploit ----------------------------------------------------------------------- author..........: Egidio Romano aka...
Google Chrome 14.0.835.163 - .pdf File Handling Memory Corruption
Google Chrome 14.0.835.163 - .pdf File Handling Memory Corruption ----------------Security Adisory---------------- Title: Google Chrome = 14.0.835.163 Discovered by: Mario Gomes ----------------Summary---------------- Google Chrome is a web browser developed by Google that uses the WebKit layout...
PHP 5.3.3 - NumberFormatter::getSymbol Integer Overflow
PHP 5.3.3 - NumberFormatter::getSymbol Integer Overflow From: Maksymilian Arciemowicz Date: Fri, 10 Dec 2010 14:43:32 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.ne...
Adobe Reader 9.3.2 - CoolType.dll Remote Memory Corruption Denial of Service
Adobe Reader 9.3.2 - CoolType.dll Remote Memory Corruption Denial of Service / Title: Adobe Reader 9.3.2 CoolType.dll Remote Memory Corruption / DoS Vulnerability Summary: Adobe Reader software is the global standard for electronic document sharing. It is the only PDF file viewer that can open an...
OpenLDAP 2.3.39 - MODRDN Remote Denial of Service
OpenLDAP 2.3.39 - MODRDN Remote Denial of Service Attackers use readily available LDAP commands to exploit this issue. source: https://www.securityfocus.com/bid/27778/info OpenLDAP is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny service to legitimate...
phpBB Static Topics 1.0 - phpbb_root_path File Inclusion
phpBB Static Topics 1.0 - phpbbrootpath File Inclusion --------------------------------------------------------------------------- phpBB Static Topics = 1.0 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By...
TikiWiki 1.8.1 - Multiple Vulnerabilities
TikiWiki 1.8.1 - Multiple Vulnerabilities TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: = 1.8.1 Website: http://www.tikiwiki.org/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184...
Cisco Data Center Network Manager 11.2 - Remote Code Execution
Cisco Data Center Network Manager 11.2 - Remote Code Execution !/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 -...
NEOWISE CARBONFTP 1.4 - Weak Password Encryption
NEOWISE CARBONFTP 1.4 - Weak Password Encryption Exploit Title: NEOWISE CARBONFTP 1.4 - Weak Password Encryption discovery Date: 2019-01-24 published : 2020-01-20 Exploit Author: hyp3rlinx Vendor Homepage: https://www.neowise.com Software Link: https://www.neowise.com/freeware/ Version: 1.4 +...