OpenLDAP 2.3.39 - MODRDN Remote Denial of Service

OpenLDAP 2.3.39 - MODRDN Remote Denial of Service Attackers use readily available LDAP commands to exploit this issue. source: https://www.securityfocus.com/bid/27778/info OpenLDAP is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny service to legitimate...

WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures

WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information...

CuteNews 1.4.5 - Admin Password md5 Hash Fetching

CuteNews 1.4.5 - Admin Password md5 Hash Fetching ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 //...

BrudaNews 1.1 - adminindex.php Remote File Inclusion

BrudaNews 1.1 - adminindex.php Remote File Inclusion ============================================================================================== BrudaNews ================================================================================================ Exploit : --------------------------------...

PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities

PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/14439/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker ma...

Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution

Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible f...

QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 - SQL Injection Exploit Title: QuickDate 1.3.2 - SQL Injection Dork: N/A Date: 2020-02-07 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...

Codoforum 4.8.3 - input_txt Persistent Cross-Site Scripting

Codoforum 4.8.3 - inputtxt Persistent Cross-Site Scripting Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link:...

Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite

Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Title: Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Author : Peter Lapp Exploit Date: 2019-12-05 Vendor Homepage : https://www.trendmicro.com/enus/business.html Link Software :...

LayerBB 1.1.4 - Cross-Site Request Forgery

LayerBB 1.1.4 - Cross-Site Request Forgery Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1...

CMS Made Simple 2.2.10 - SQL Injection

CMS Made Simple 2.2.10 - SQL Injection !/usr/bin/env python Exploit Title: Unauthenticated SQL Injection on CMS Made Simple = 2.2.9 Date: 30-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

SEIG Modbus 3.4 - Remote Code Execution

SEIG Modbus 3.4 - Remote Code Execution Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...

PostgreSQL 9.4-0.5.3 - Privilege Escalation

PostgreSQL 9.4-0.5.3 - Privilege Escalation Exploit Title: PostgreSQL 9.4-0.5.3 - Privilege Escalation Date: 2017-10-11 Exploit Author: Johannes Segitz Vendor Homepage: https://bugzilla.suse.com/showbug.cgi?id=1062722 Software Link: - Version: Before postgresql-init-9.4-0.5.3.1 Tested on: SUSE...

Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control

Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control Trend Micro Smart Protection Server Multiple Vulnerabilities 1. Advisory Information Title:: Trend Micro...

Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload

Web Viewer 1.0.0.193 Samsung SRN-1670D - Unrestricted File Upload Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com...

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as roo...

Flash ActiveX 28.0.0.137 - Code Execution (2)

Flash ActiveX 28.0.0.137 - Code Execution 2 CVE-2018-4878 Pop up a calculator - Requires Flash ActiveX 28.0.0.137 Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44745.swf...

15 TOTOLINK Router Models - Multiple Remote Code Execution Vulnerabilities

15 TOTOLINK Router Models - Multiple Remote Code Execution Vulnerabilities Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL:...

C2Box 4.0.0(r19171) - Cross-Site Request Forgery

C2Box 4.0.0r19171 - Cross-Site Request Forgery Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...

Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)

Oracle Outside In MDB - File Parsing Stack Buffer Overflow PoC !/usr/bin/python Exploit Title: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC Date: 16th January 2014 PoC Author: Citadelo Vendor Homepage: http://www.oracle.com Software Link:...

Apache Tomcat 5.5.25 - Cross-Site Request Forgery

Apache Tomcat 5.5.25 - Cross-Site Request Forgery +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti...

Gnew 2013.1 - Multiple Vulnerabilities (2)

Gnew 2013.1 - Multiple Vulnerabilities 2 Advisory ID: HTB23171 Product: Gnew Vendor: Raoul Proença Vulnerable Versions: 2013.1 and probably prior Tested Version: 2013.1 Advisory Publication: August 28, 2013 without technical details Vendor Notification: August 28, 2013 Public Disclosure: October...

VUPlayer 2.49 - .m3u File Universal Buffer Overflow (DEP Bypass) (1)

VUPlayer 2.49 - .m3u File Universal Buffer Overflow DEP Bypass 1 !/usr/bin/env python VUPlayer =2.49 .M3u Universal buffer overflow exploit w/ DEP bypass Author: mrme Download: http://vuplayer.com/ Tested on Wind0ws XP SP3 /noexecute=alwayson Greetz: Corelan Security Team...

Factux - Local File Inclusion

Factux - Local File Inclusion InformatioN Title : Factux LFI Vulnerability Author: altbta l9athotmail.com download : http://www.toocharger.com/telecharger/scripts/factux/3468.htm ExploiT dork: "Factux le facturier libre V 1.1.5" includeonce"include/language/$lang.php"; Vulnerable File :...

Smart Vision Script News - newsdetail.php SQL Injection (2)

Smart Vision Script News - newsdetail.php SQL Injection 2 !usr/bin/perl Exploit Title: Smart Vision Script News newsdetail SQL Injection Exploit Date: 01-04-2010 Author: darkmasking This was written for educational purpose only. Use it at your own risk. Author will be not responsible for any...

Linux Kernel 2.x (Android) - sock_sendpage() Local Privilege Escalation

Linux Kernel 2.x Android - socksendpage Local Privilege Escalation Source for exploiting CVE-2009-2692 on Android; Hole is closed in Android kernels released August 2009 or later. http://zenthought.org/content/file/android-root-2009-08-16-source Exploit-DB Mirror:...

phpMyAdmin - scriptssetup.php PHP Code Injection

phpMyAdmin - scriptssetup.php PHP Code Injection !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testin...

BBS E-Market Professional - Full Path Disclosure File Inclusion

BBS E-Market Professional - Full Path Disclosure File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV06$2004 --------------------------------------------------------------------------- Multiple vulnerabilities 1n BBS E-Market Professional...

RunCMS 1.2 - class.forumposts.php Remote File Inclusion

RunCMS 1.2 - class.forumposts.php Remote File Inclusion ?php ---runcms13axpl.php 17.30 09/02/2006 RunCMS = 1.2 arbitrary remote inclusion exploit " = 1.3a shell upload through FCKEditor coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go...

HTMLToNuke - Cross-Site Scripting

HTMLToNuke - Cross-Site Scripting source: https://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable...

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery ============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922...

Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities

Cisco UCS Director Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Sharetronix CMS 3.6.2 - Cross-Site Request Forgery Cross-Site Scripting

Sharetronix CMS 3.6.2 - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dor...

Microsoft Internet Explorer - CTreeNode::GetCascadedLang Use-After-Free (MS15-079)

Microsoft Internet Explorer - CTreeNode::GetCascadedLang Use-After-Free MS15-079 meta http-equiv="X-UA-Compatible" content="IE=10...

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (1)

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution 1 // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set...

Linux Kernel - group_info refcounter Overflow Memory Corruption

Linux Kernel - groupinfo refcounter Overflow Memory Corruption / DoS poc for CVE-2014-2851 Linux groupinfo refcounter overflow memory corruption https://lkml.org/lkml/2014/4/10/736 @Tohmaxx - http://thomaspollet.blogspot.be If the app doesn't crash your system, try a different count argv1 Executi...

Adobe ColdFusion 9 - Administrative Authentication Bypass

Adobe ColdFusion 9 - Administrative Authentication Bypass -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-2 | | http://packetstormsecurity.com/ |...

Apple Mac OSX - Java applet Remote Deserialization Remote (2)

Apple Mac OSX - Java applet Remote Deserialization Remote 2 Critical Mac OS X Java Vulnerabilities Introduction Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun. CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary...

PHP Photo Album 0.8b - preview Local File Inclusion

PHP Photo Album 0.8b - preview Local File Inclusion START 0x01 Informations: Script : Php Photo Album 0.8 BETA Download : http://sourceforge.net/project/downloading.php?groupid=151573&usemirror=kent&filename=PHPPA.9BETA.zip&37834145 Vulnerability : Local File Inclusion Author : Osirys Contact :...

FREEsimplePHPGuestbook - Guestbook.php Remote Code Execution

FREEsimplePHPGuestbook - Guestbook.php Remote Code Execution | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | Name required: Write - Mahmood In - Web site without http://: Write - http://tryag.cc In - Message: Write - After All This Go...

MVC-Web CMS 1.01.2 - newsid SQL Injection

MVC-Web CMS 1.01.2 - newsid SQL Injection Bl@ckbe@rD 'Tunisian TerrorisT' ------------------------- $$$$$$$$$$$$$$$$$$$$$$$---------------------------------------- + Script Name : MVC-Web CMS 1.0 and 1.2 Remote SQL Injection Exploit |+| Team : InjEct0r5 + Author : Bl@ckbe@rD 'Tunisian TerrorisT' ...

Categories hierarchy phpBB Mod 2.1.2 - phpbb_root_path Remote File Inclusion

Categories hierarchy phpBB Mod 2.1.2 - phpbbrootpath Remote File Inclusion C xoron Name: Categories hierarchy v2.1.2 phpbbrootpath Remote File Include Exploit Script name: Ptifo mod-CH212installed Author: xoron Exploit coded by xoron Download:...

Cyberfolio 2.0 RC1 - av Remote File Inclusion

Cyberfolio 2.0 RC1 - av Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion...

EZContents 2.0.3 - showlinks.php?GLOBALS[admin_home] Remote File Inclusion

EZContents 2.0.3 - showlinks.php?GLOBALSadminhome Remote File Inclusion source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...

PHP121 Instant Messenger 1.4 - Remote Code Execution

PHP121 Instant Messenger 1.4 - Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc = Off\r\n\r\n"; echo "a dork: inurl:php121login.php | inurl:php121im.php | intitle:"PHP121 - PLEASE"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo...

e107 Website System 0.555 - db.php Information Disclosure

e107 Website System 0.555 - db.php Information Disclosure source: https://www.securityfocus.com/bid/8273/info e107 Website System 'db.php' has been reported prone to an information disclosure vulnerability. A remote attacker may exploit this vulnerability to invoke the dumpsql routine without pri...

MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate...

HelpDeskZ 1.0.2 - Arbitrary File Upload

HelpDeskZ 1.0.2 - Arbitrary File Upload ''' Updated Exploit Provided by Drew Griess Exploit Title HelpDeskZ = v1.0.2 - Unauthenticated Shell Upload Google Dork intextHelp Desk Software by HelpDeskZ Date 2016-08-26 Exploit Author Lars Morgenroth - @krankoPwnz Vendor Homepage httpwww.helpdeskz.com...

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously create...