41207 matches found
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution !/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning...
Ikraus Anti Virus 2.16.7 - Remote Code Execution
Ikraus Anti Virus 2.16.7 - Remote Code Execution Vulnerability summary The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7. KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects yo...
ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities
ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9...
Mambo 4.5.3h - Multiple Vulnerabilities
Mambo 4.5.3h - Multiple Vulnerabilities Mambo Multiple Vulnerabilities Vendor: Miro International Pty Ltd Product: Mambo Version: = 4.5.3h Website: http://www.mamboserver.com BID: 16775 CVE: CVE-2006-0871 CVE-2006-1794 OSVDB: 23402 23503 23505 SECUNIA: 18935 PACKETSTORM: 44191 Description: Mambo ...
Microsoft Windows 8.08.1 (x64) - TrackPopupMenu Local Privilege Escalation (MS14-058)
Microsoft Windows 8.08.1 x64 - TrackPopupMenu Local Privilege Escalation MS14-058 Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation http://www.offensive-security.com Thx to Moritz Jodeit for the beautiful writeup...
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
Linux Kernel 3.17.5 - IRET Instruction SS Fault Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-9322poc.c arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with...
Shopizer 1.1.5 - Multiple Vulnerabilities
Shopizer 1.1.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable...
GLPI 0.84.1 - Multiple Vulnerabilities
GLPI 0.84.1 - Multiple Vulnerabilities Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12,...
GNU C library dynamic linker - $ORIGIN Expansion
GNU C library dynamic linker - $ORIGIN Expansion from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is...
Sun xVM VirtualBox 1.6.4 - Privilege Escalation (PoC)
Sun xVM VirtualBox 1.6.4 - Privilege Escalation PoC -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Sun xVM VirtualBox Privilege Escalation Vulnerability Advisory Information Title: Sun xVM VirtualBox Privilege...
HP System Event Utility - Local Privilege Escalation
HP System Event Utility - Local Privilege Escalation Exploit Title: HP System Event Utility - Local Privilege Escalation Author: hyp3rlinx Date: 2020-02-11 Vendor: www.hp.com Link: https://hp-system-event-utility.en.lo4d.com/download CVE: CVE-2019-18915 + Credits: John Page aka hyp3rlinx + Websit...
microASP (Portal+) CMS - pagina.phtml?explode_tree SQL Injection
microASP Portal+ CMS - pagina.phtml?explodetree SQL Injection + Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and...
Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 6.20 - WebKit Code Execution PoC PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as...
Drupal 8.6.9 - REST Module Remote Code Execution
Drupal 8.6.9 - REST Module Remote Code Execution !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...
Realterm Serial Terminal 2.0.0.70 - Denial of Service
Realterm Serial Terminal 2.0.0.70 - Denial of Service -- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Indusoft Web Studio 8.1 SP2 - Remote Code Execution Exploit Title: Indusoft Web Studio Unauthenticated RCE Date: 02/04/2019 Exploit Author: Jacob Baines Vendor Homepage: http://www.indusoft.com/ Software http://www.indusoft.com/Products-Downloads/Download-Library Version: 8.1 SP2 and below Tested...
ZyXEL VMG3312-B10B - Cross-Site Scripting
ZyXEL VMG3312-B10B - Cross-Site Scripting Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B1...
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...
Linux Kernel 3.16.39 (Debian 8 x64) - inotfiy Local Privilege Escalation
Linux Kernel 3.16.39 Debian 8 x64 - inotfiy Local Privilege Escalation / CVE-2017-7533 inotfiy linux kernel vulnerability. $ gcc -o exploit exploit.c -lpthread $./exploit Listening for events. Listening for events. alloclen : 50 longname="testdir/bbbb32103210321032100��1����" handleevents...
Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)
Microsoft Windows - Kerberos Security Feature Bypass MS16-014 Exploit Title: Windows Kerberos Security Feature Bypass Date: 12-02-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-0049 Category: Local Exploit 1 Prerequisites: - Standard Windows 7 Fully...
2Moons - Multiple Vulnerabilities
2Moons - Multiple Vulnerabilities Title: 2Moons - Multiple Vulnerabilities Date: 08-07-2015 Author: bRpsd skype: vegnox Vendor: 2Moons Vendor HomePage: http://2moons.cc/ CMS Download: https://github.com/jkroepke/2Moons Google Dork: intext:Powered by 2Moons 2009-2013 Affected Versions: All Current...
.NET Remoting Services - Remote Command Execution
.NET Remoting Services - Remote Command Execution Source: https://github.com/tyranid/ExploitRemotingService Exploit Database Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35280.zip ExploitRemotingService c 2014 James Forshaw...
SPIP CMS 2.0.23 2.1.223.0.9 - Privilege Escalation
SPIP CMS 2.0.23 2.1.223.0.9 - Privilege Escalation !/usr/bin/env python Exploit Title: SPIP - CMS " exit baseurl = sys.argv1 login =...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
OpenDocMan 1.2.7 - Multiple Vulnerabilities Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12,...
WordPress Plugin fGallery 2.4.1 - fimrss.php SQL Injection
WordPress Plugin fGallery 2.4.1 - fimrss.php SQL Injection -------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin fGallery...
PHPGiggle 12.08 - CFG_PHPGIGGLE_ROOT File Inclusion
PHPGiggle 12.08 - CFGPHPGIGGLEROOT File Inclusion Title : Php Giggle Télécharger milw0rm.com 2006-11-06...
MySpeach 3.0.2 - my_ms[root] Remote File Inclusion
MySpeach 3.0.2 - mymsroot Remote File Inclusion ============================================================================================== MySpeach = v3.0.2 mymsroot Remote File Inclusion Exploit ===============================================================================================...
TP LINK TL-WR849N - Remote Code Execution
TP LINK TL-WR849N - Remote Code Execution Exploit Title: TP LINK TL-WR849N - Remote Code Execution Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/Firmware Version: TL-WR849N 0.9.1 4.16...
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Title: Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Author : Peter Lapp Exploit Date: 2019-12-05 Vendor Homepage : https://www.trendmicro.com/enus/business.html Link Software :...
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link:...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
Microsoft Windows - AppX Deployment Service Local Privilege Escalation 2 There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found: https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/ If you create the following: GetFavDirectory gets the...
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in xpcserializerunpack / xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the...
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller...
PostgreSQL 9.4-0.5.3 - Privilege Escalation
PostgreSQL 9.4-0.5.3 - Privilege Escalation Exploit Title: PostgreSQL 9.4-0.5.3 - Privilege Escalation Date: 2017-10-11 Exploit Author: Johannes Segitz Vendor Homepage: https://bugzilla.suse.com/showbug.cgi?id=1062722 Software Link: - Version: Before postgresql-init-9.4-0.5.3.1 Tested on: SUSE...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memor...
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass)
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free EMET 5.52 Bypass CVE-2016-1960 / Exploit Title: Mozilla Firefox . 1 https://bugzilla.mozilla.org/showbug.cgi?id=1246014 2 https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/ / "use strict"; / This is executed after having pivot...
Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass
Red-Gate SQL Monitor 3.10 4.2 - Authentication Bypass Exploit Title: Red-Gate SQL Monitor authentication bypass Version: Redgate SQL Monitor before 3.10 and 4.x before 4.2 Date: 2017-08-10 Red-Gate made a security announcement and publicly released the fixed version more than two years before thi...
Linux Kernel (Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425) - ldso_dynamic Stack Clash Local Privilege Escalation
Linux Kernel Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425 - ldsodynamic Stack Clash Local Privilege Escalation / Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms o...
Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
Oracle OpenJDK Runtime Environment 1.8.0112-b15 - Java Serialization Denial Of Service ''' Application: Java SE Vendor: Oracle Bug: DoS Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Author: Roman Shalymov 1. ADVISORY INFORMATIO...
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product:...
Apple Mac OSX 10.10.x - GateKeeper Bypass
Apple Mac OSX 10.10.x - GateKeeper Bypass Exploit Title: OS X Gatekeeper bypass Vulnerability Date: 01-27-2015 Exploit Author: Amplia Security Research Vendor Homepage: www.apple.com Version: OS X Lion, OS X Mountain Lion, OS X Mavericks, OS X Yosemite Tested on: OS X Lion, OS X Mountain Lion, OS...
Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (Metasploit)
Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 "Windows...
AuraCMS 2.3 - Multiple Vulnerabilities
AuraCMS 2.3 - Multiple Vulnerabilities Advisory ID: HTB23196 Product: AuraCMS Vendor: AuraCMS Vulnerable Versions: 2.3 and probably prior Tested Version: 2.3 Advisory Publication: January 8, 2014 without technical details Vendor Notification: January 8, 2014 Vendor Patch: January 30, 2014 Public...
K-Meleon 1.5.3 - Remote Array Overrun
K-Meleon 1.5.3 - Remote Array Overrun From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/222 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 K-Meleon 1.5.3 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.:...
Joomla! Component Mosets Tree 1.0 - Remote File Inclusion
Joomla! Component Mosets Tree 1.0 - Remote File Inclusion !!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : Joomla Mosets Tree = 1.0 Remote File Include Vulnerability...
Mafia Moblog 6 - Big.php Remote File Inclusion
Mafia Moblog 6 - Big.php Remote File Inclusion source: https://www.securityfocus.com/bid/19458/info Mafia Moblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...
Persian VIP Download Script 1.0 - active SQL Injection
Persian VIP Download Script 1.0 - active SQL Injection Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Data: 2020-03-09 Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested...
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...
Inteno IOPSYS Gateway - Improper Access Restrictions
Inteno IOPSYS Gateway - Improper Access Restrictions Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650...