41207 matches found
qdPM 9.1 - type Cross-Site Scripting
qdPM 9.1 - type Cross-Site Scripting =========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...
Chamilo LMS 1.11.8 - firstname Cross-Site Scripting
Chamilo LMS 1.11.8 - firstname Cross-Site Scripting Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link:...
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10...
Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Linux Kernel 3.x Ubuntu 14.04 Mint 17.3 Fedora 22 - Double-free usb-midi SMEP Privilege Escalation Source: https://xairy.github.io/blog/2016/cve-2016-2384 Source: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 Source: https://www.youtube.com/watch?v=lfl1NJn1nvo Exploit-DB Note...
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY -------------------------...
ADB - Backup Archive File Overwrite Directory Traversal
ADB - Backup Archive File Overwrite Directory Traversal ADB backup archive path traversal file overwrite ------------------------------------------------ Using adb one can create a backup of his/her Android device and store it on the PC. The backup archive is based on the tar file format. By...
Sphider Search Engine - Multiple Vulnerabilities
Sphider Search Engine - Multiple Vulnerabilities Exploit Title: Sphider Search Engine - Multiple Vulnerabilities Google Dork: ext:php intext:sphider inurl:search.php Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.sphider.eu/ Version: Sphider 1.3.6 ...
OpenSSL - ASN1 BIO Memory Corruption
OpenSSL - ASN1 BIO Memory Corruption Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...
Magic Music Editor - Local Buffer Overflow
Magic Music Editor - Local Buffer Overflow !/usr/bin/perl +Exploi Title: Exploit Buffer Overflow Magic Music Editor +Date: 03\01\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.magic-video-software.com/downloadserver/Magic-Music-Editor.exe +POC Found By:...
RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray
RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray . . . \ / |/| . | | | ||/ \ .| RSP MP3 Player OCX ActiveX Buffer Overflow heap spray By : MadjiX , Dz8aHotmail.com Discovered by Blake: http://www.exploit-db.com/exploits/14309/ Greetings: His0k4 , Bibi-info , The g0bl!n y , sec4ever.com...
BoastMachine 3.1 - Arbitrary File Upload
BoastMachine 3.1 - Arbitrary File Upload :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Exploit Title : boastMachine v3.1 Remote File Upload Vulnerability Author: alnjm33 Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip Software...
PHP 5.2.6 - error_log Safe_mode Bypass
PHP 5.2.6 - errorlog Safemode Bypass SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affected...
XOOPS Module Gallery 0.2.2 - gid SQL Injection
XOOPS Module Gallery 0.2.2 - gid SQL Injection XOOPS Module Gallery 0.2.2 SQL Injection Exploit AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 HOME : http://securityreason.com/search/101/c0BidW4=/1/0 MAİL : [email protected] DORKS 1 : allinurl :"modules/gallery" DORK 2 ...
eMerge E3 1.00-06 - Arbitrary File Upload
eMerge E3 1.00-06 - Arbitrary File Upload Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...
Apple macOS 10.15.1 - Denial of Service (PoC)
Apple macOS 10.15.1 - Denial of Service PoC Exploit Title: Apple macOS 10.15.1 - Denial of Service PoC Date: 2019-11-02 Exploit Author: 08Tc3wBB Vendor Homepage: Apple Software Link: Version: Apple macOS msghlocalport, msg1.msghsize, msg4.msghreserved, unsigned intmsg4.msghid, QWORD...
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series - Multiple Vulnerabilities !/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitab...
NETGEAR WiFi Router JWNR2010v5 R6080 - Authentication Bypass
NETGEAR WiFi Router JWNR2010v5 R6080 - Authentication Bypass Exploit Title: NETGEAR WiFi Router R6080 - Security Questions Answers Disclosure Date: 13/07/2019 Exploit Author: Wadeek Hardware Version: R6080-100PES Firmware Version: 1.0.0.34 / 1.0.0.40 Vendor Homepage:...
SEIG Modbus 3.4 - Remote Code Execution
SEIG Modbus 3.4 - Remote Code Execution Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable...
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal ''' --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Directory Traversal Date: 2018-03-27 Exploit...
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control Trend Micro Smart Protection Server Multiple Vulnerabilities 1. Advisory Information Title:: Trend Micro...
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation Exploit Title: Cisco AnyConnect Start Before Logon SBL local privilege escalation. CVE-2017-3813 Date: 02/27/2017 Exploit Author: @Pcchillin Software Link:...
Micro Focus Filr 2 2.0.0.4211.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.4211.2 1.2.0.846 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Micro Focus former Novell Filr Appliance vulnerable version: Filr 2...
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset Local Privilege Escalation
Linux Kernel 4.4.0-21 Ubuntu 16.04 x64 - netfilter targetoffset Local Privilege Escalation / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root...
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)
Cisco UCS Manager 2.11b - Remote Command Injection Shellshock !/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory:...
Gnew 2013.1 - Multiple Vulnerabilities (2)
Gnew 2013.1 - Multiple Vulnerabilities 2 Advisory ID: HTB23171 Product: Gnew Vendor: Raoul Proença Vulnerable Versions: 2013.1 and probably prior Tested Version: 2013.1 Advisory Publication: August 28, 2013 without technical details Vendor Notification: August 28, 2013 Public Disclosure: October...
FOSCAM IP-Cameras - Improper Access Restrictions
FOSCAM IP-Cameras - Improper Access Restrictions Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...
HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
HP JetDirect PJL - Interface Universal Directory Traversal Metasploit Exploit Title: HP JetDirect PJL Interface Universal Path Traversal Date: Aug 7, 2011 Author: Myo Soe Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit...
Oracle Document Capture - Actbar2.ocx Insecure Method
Oracle Document Capture - Actbar2.ocx Insecure Method Source: http://packetstormsecurity.org/files/view/97866/DSECRG-11-004.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release...
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass SEH Metasploit Exploit Title: ASX to MP3 Converter v3.1.2.1 SEH Exploit Multiple OS, DEP and ASLR Bypass Date: July 13, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/ASXtoMP3Converter.exe Version: Mini-Stream...
Microsoft Windows 72008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 72008 R2 - SMB Client Trans2 Stack Overflow MS10-020 PoC import sys,SocketServer Windows 7/2008R2 SMB Client Trans2 stack overflow MS10-020 Date: 17/04/10 Author: Laurent Gaffié Tested on: Windows 7/2008R2 CVE: CVE-2010-0270 Full advisory:...
Quick Classifieds 1.0 - includesendit.php3?DOCUMENT_ROOT Remote File Inclusion
Quick Classifieds 1.0 - includesendit.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...
PHP 4.4.3 4.4.6 - PHPinfo() Cross-Site Scripting
PHP 4.4.3 4.4.6 - PHPinfo Cross-Site Scripting //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Apache modssl 2.8.x - Off-by-One HTAccess Buffer Overflow source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by...
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Exploit Title: Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Date: 2020-01-08 Exploit Author: Waffles & Paveway3 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0...
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting
D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Date: 2019-12-13 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link:...
Linear eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3 1.00-06 - Remote Code Execution Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a...
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded...
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Exploit Title: D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Author: John Page aka hyp3rlinx Date: 2018-11-09 Vendor: http://us.dlink.com Product Link:...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...
WordPress Plugin Responsive Cookie Consent 1.7 1.6 1.5 - (Authenticated) Persistent Cross-Site Scripting
WordPress Plugin Responsive Cookie Consent 1.7 1.6 1.5 - Authenticated Persistent Cross-Site Scripting Exploit Title: Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting Date: 2018-04-20 Exploit Author: B0UG Vendor Homepage:...
iBall WRA150N - Multiple Vulnerabilities
iBall WRA150N - Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The ke...
GoAhead Web Server 2.5 3.6.5 - HTTPd LD_PRELOAD Remote Code Execution
GoAhead Web Server 2.5 3.6.5 - HTTPd LDPRELOAD Remote Code Execution !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...
Linux Kernel - AF_PACKET Use-After-Free (2)
Linux Kernel - AFPACKET Use-After-Free 2 Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKET sockets “allow users to send or receive packets on the device driver...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText...
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Title: Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Advisory ID:...
C2Box 4.0.0(r19171) - Cross-Site Request Forgery
C2Box 4.0.0r19171 - Cross-Site Request Forgery Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...
RedaxScript CMS 2.2.0 - SQL Injection
RedaxScript CMS 2.2.0 - SQL Injection Exploit Title: Radexscript CMS 2.2.0 - SQL Injection vulnerability Google Dork: N/A Date: 02/09/2015 Exploit Author: Pham Kien Cuong [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://redaxscript.com/ Software Link:...
Linux Kernel 3.4.5 (Android 4.2.24.4 ARM) - Local Privilege Escalation
Linux Kernel 3.4.5 Android 4.2.24.4 ARM - Local Privilege Escalation / Just a lame binder local root exploit stub. Somewhat messy but whatever. The bug was reported in CVE-2013-6282. Tested on Android 4.2.2 and 4.4. Kernels 3.0.57, 3.4.5 and few more. All up to 3.4.5 unpatched should be vulnerabl...
Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)
Oracle Outside In MDB - File Parsing Stack Buffer Overflow PoC !/usr/bin/python Exploit Title: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC Date: 16th January 2014 PoC Author: Citadelo Vendor Homepage: http://www.oracle.com Software Link:...