Mambo Open Source 4.54.6 - mod_mainmenu.php Remote File Inclusion

Mambo Open Source 4.54.6 - modmainmenu.php Remote File Inclusion source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary...

SCPOnly 2.32.4 - SSH Environment Shell Escaping

SCPOnly 2.32.4 - SSH Environment Shell Escaping source: https://www.securityfocus.com/bid/5526/info scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems. The default installation of scponly does not place sufficient access...

Wing FTP Server 6.2.3 - Privilege Escalation

Wing FTP Server 6.2.3 - Privilege Escalation Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link:...

Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting

Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting Exploit Title: Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting Release Date: 2019-12-11 Exploit Authors: Dan Bohan, Scott Goodwin, OCD Tech Vendor Homepage: https://www.avaya.com/en/ Softwa...

I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure

I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Exploit Title: I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://www.revotec.com/ Product Link: CVE: N/A !/usr/bin/perl Revotech I6032B-P POE 1920x1080P 2.0MP...

null

A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded...

VMware WorkStation 12.5.3 - Virtual Machine Escape

VMware WorkStation 12.5.3 - Virtual Machine Escape VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rat...

Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure

Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure / Briefs - CVE-2016-4486 has discovered and reported by Kangjie Lu. - This is local exploit against the CVE-2016-4486. Tested version - Distro : Ubuntu 16.04 - Kernel version : 4.4.0-21-generic - Arch : x8664 Prerequisites - None Goal - Leak...

H2 Database 1.4.196 - Remote Code Execution

H2 Database 1.4.196 - Remote Code Execution Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197...

OX App Suite 7.8.4 - Multiple Vulnerabilities

OX App Suite 7.8.4 - Multiple Vulnerabilities Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by...

IceWarp Mail Server 11.1.1 - Directory Traversal

IceWarp Mail Server 11.1.1 - Directory Traversal Vendor: IceWarp http://www.icewarp.com Product: IceWarp Mail Server Version affected: 11.1.1 and below Product description: IceWarp WebMail provides web-based access to email, calendars, contacts, files and shared data from any computer with a...

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution 46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x20200000 / target...

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities

Trend Micro Email Encryption Gateway 5.5 Build 1111.00 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple...

Dell EMC Isilon OneFS - Multiple Vulnerabilities

Dell EMC Isilon OneFS - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe...

CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities

CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities Document Title: =============== CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1836 Release Date: ============= 2018-01-19...

iOS 11.1 tvOS 11.1 watchOS 4.1 - Denial of Service

iOS 11.1 tvOS 11.1 watchOS 4.1 - Denial of Service Exploit Title: TpwnT - iOS Denail of Service POC Date: 10-31-2017 Exploit Author: Russian Otter Ro Vendor Homepage: https://support.apple.com/en-us/HT208222 Version: 2.1 Tested on: iOS 10.3.2 - 11.1 CVE: CVE-2017-13849 """ -----------------------...

OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation

OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary...

Microsoft Windows - COM Aggregate MarshalerIRemUnknown2 Type Confusion Privilege Escalation

Microsoft Windows - COM Aggregate MarshalerIRemUnknown2 Type Confusion Privilege Escalation / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1107 Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 Class:...

Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection

Zyxel EMG2926 V1.00AAQT.4b8 - OS Command Injection Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel...

ntfs-3g (Debian 9) - Local Privilege Escalation

ntfs-3g Debian 9 - Local Privilege Escalation !/bin/bash echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" echo "@ CVE-2017-0359, PoC by Kristian Erik Hermansen @" echo "@ ntfs-3g local privilege escalation to root @" echo "@ Credits to Google Project Zero @" echo "@ Affects: Debian 9/8/...

Gallery 2 2.0.2 - Multiple Vulnerabilities

Gallery 2 2.0.2 - Multiple Vulnerabilities Gallery 2 Multiple Vulnerabilities Vendor: Bharat Mediratta Product: Gallery 2 Version: = 2.0.2 Website: http://gallery.menalto.com/ BID: 16940 CVE: CVE-2006-1127 CVE-2006-1128 OSVDB: 23596 23597 SECUNIA: 19104 PACKETSTORM: 44358 Description: Gallery2, t...

8 TOTOLINK Router Models - Backdoor Access Remote Code Execution

8 TOTOLINK Router Models - Backdoor Access Remote Code Execution Advisory Information Title: Backdoor and RCE found in 8 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x02.txt Blog URL:...

GNU bash 4.3.11 - Environment Variable dhclient

GNU bash 4.3.11 - Environment Variable dhclient !/usr/bin/python Exploit Title: dhclient shellshocker Google Dork: n/a Date: 10/1/14 Exploit Author: @0x00string Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz Version: 4.3.11 Tested on: Ubuntu 14.04.1 CVE :...

ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection

ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using ...

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 ev...

Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities

Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...

HP LaserJet - Directory Traversal in PJL Interface

HP LaserJet - Directory Traversal in PJL Interface n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory...

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/41030/info IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Jax Calendar 1.34 - Remote Admin Access

Jax Calendar 1.34 - Remote Admin Access Exploit Title: Jax Calendar 1.34 Remote Admin Access Exploit Date: December 30th, 2009 Author: Sora Software Link: http://www.jtr.de/scripting/php Version: 1.34 Tested on: Windows Vista and Linux Backtrack 3 ---------------------------- Jax Calendar 1.34...

KDE KDELibs 4.3.3 - Remote Array Overrun

KDE KDELibs 4.3.3 - Remote Array Overrun -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE KDELibs 4.3.3 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.: 07.05.2009 - - Pub.: 20.11.2009 CVE: CVE-2009-0689 Risk: High...

Active PHP BookMarks 1.1.02 - SQL Injection

Active PHP BookMarks 1.1.02 - SQL Injection || | | Bookmarks V 1.1.02 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...

phpBB Fishing Cat Portal Addon - functions_portal.php Remote File Inclusion

phpBB Fishing Cat Portal Addon - functionsportal.php Remote File Inclusion source: https://www.securityfocus.com/bid/28708/info Fishing Cat Portal Addon for phpBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue ca...

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure

Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure source: https://www.securityfocus.com/bid/27706/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to access...

XMPlay 3.3.0.4 - .ASX Filename Local Buffer Overflow

XMPlay 3.3.0.4 - .ASX Filename Local Buffer Overflow / =================================================================== 0-day XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-bas...

BrudaGB 1.1 - adminindex.php Remote File Inclusion

BrudaGB 1.1 - adminindex.php Remote File Inclusion ============================================================================================== BrudaGB ================================================================================================ Exploit : --------------------------------...

S9Y Serendipity 0.x - exit.php HTTP Response Splitting

S9Y Serendipity 0.x - exit.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...

FileSeek CGI Script - Remote Command Execution

FileSeek CGI Script - Remote Command Execution source: https://www.securityfocus.com/bid/6783/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web...

Windows - Shell COM Server Registrar Local Privilege Escalation

Windows - Shell COM Server Registrar Local Privilege Escalation // Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // -...

Lenovo Power Management Driver 1.67.17.48 - pmdrvs.sys Denial of Service (PoC)

Lenovo Power Management Driver 1.67.17.48 - pmdrvs.sys Denial of Service PoC Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service PoC Date: 2019-12-11 Exploit Author: Nassim Asrir CVE: CVE-2019-6192 Tested On: Windows 1064bit | ThinkPad T470p Vendor :...

Technicolor TD5130.2 - Remote Command Execution

Technicolor TD5130.2 - Remote Command Execution Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POS...

Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path

Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage:...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

iOSmacOS - task_swap_mach_voucher() Use-After-Free

iOSmacOS - taskswapmachvoucher Use-After-Free / voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417...

Microsoft Windows - POPMOV SS Privilege Escalation

Microsoft Windows - POPMOV SS Privilege Escalation Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain...

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...

Zoom Linux Client 2.0.106600.0904 - Command Injection

Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...

DblTek - Multiple Vulnerabilities

DblTek - Multiple Vulnerabilities Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Ou...

Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service

Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle...