41207 matches found
Gogs - usersrepos ?q SQL Injection
Gogs - usersrepos ?q SQL Injection Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very simili...
Yealink VoIP Phone SIP-T38G - Local File Inclusion
Yealink VoIP Phone SIP-T38G - Local File Inclusion Title: Yealink VoIP Phone SIP-T38G Local File Inclusion Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5756, CVE-2013-5757 Description: We...
Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow
Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow Exploitation: samba nttrans reply integer overflow / \ / \ | || | | | \ / / . || | | | / | handlenttrans +- callnttransactcreate // transact! - readnttrnsealistvulnerable function security bug analyze smbd/nttrans.c ---- snip ---- snip ----...
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. Advisory Information Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL:...
Apple Mac OSX Server - DirectoryService Buffer Overflow
Apple Mac OSX Server - DirectoryService Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...
TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities
TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...
Linux Kernel 2.6.32 3.x (CentOS 56) - PERF_EVENTS Local Privilege Escalation (1)
Linux Kernel 2.6.32 3.x CentOS 56 - PERFEVENTS Local Privilege Escalation 1 / linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if yo...
SmarterMail 7.37.4 - Multiple Vulnerabilities
SmarterMail 7.37.4 - Multiple Vulnerabilities Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection,...
phpMyBitTorrent 2.0.4 - SQL Injection
phpMyBitTorrent 2.0.4 - SQL Injection Exploit Title: phpMyBitTorrent 2.0.4 SQL injection Google Dork: inurl:"user.php?op=register" Date: 14/FEB/2011 Author: [email protected] Software Link: http://sourceforge.net/projects/phpmybittorrent/ Version: 2.0.4 Tested on: nix...
VMware Tools - Update OS Command Injection
VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...
Adobe Acrobat Reader and Flash Player - newclass Invalid Pointer
Adobe Acrobat Reader and Flash Player - newclass Invalid Pointer ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | ' + self.eol else: self.content += self.eol + data + self.eol self.content += 'endobj' + self.eol def objSWFStreamself, objnum, data, stream:...
Spring Framework - Arbitrary code Execution
Spring Framework - Arbitrary code Execution CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions ma...
Adobe (Multiple Products) - XML External Entity XML Injection
Adobe Multiple Products - XML External Entity XML Injection , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities CVE:...
Linksys WRT54G Firmware 1.00.9 - Security Bypass (1)
Linksys WRT54G Firmware 1.00.9 - Security Bypass 1 regurgitated by: meathive url: kinqpinz.info ; Tue, 05 Feb 2008 07:51:41 -0700 CVE-2008-1247 WRT54G firmware version: v1.00.9 Default LAN IP: 192.168.1.1 Default auth: user:blank - pass:admin Authorization: Basic OmFkbWlu php print...
ttCMS 4 - ez_sql.php?lib_path Remote File Inclusion
ttCMS 4 - ezsql.php?libpath Remote File Inclusion DEVIL TEAM - HACKING POLISH TEAM Author: Kacper a.k.a Rahim Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam -------------------------------------------- Pozdro dla wszystkich z kanalu IRC oraz...
Mambo Open Source 4.54.6 - mod_mainmenu.php Remote File Inclusion
Mambo Open Source 4.54.6 - modmainmenu.php Remote File Inclusion source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary...
Wing FTP Server 6.2.5 - Privilege Escalation
Wing FTP Server 6.2.5 - Privilege Escalation Exploit Title: Wing FTP Server 6.2.5 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-03 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link:...
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting Exploit Title: Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting Release Date: 2019-12-11 Exploit Authors: Dan Bohan, Scott Goodwin, OCD Tech Vendor Homepage: https://www.avaya.com/en/ Softwa...
Cisco Data Center Network Manager 11.2.1 - getVmHostData SQL Injection
Cisco Data Center Network Manager 11.2.1 - getVmHostData SQL Injection !/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date:...
Centreon 19.10.5 - Pollers Remote Command Execution
Centreon 19.10.5 - Pollers Remote Command Execution Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested...
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 - Authentication Bypass Exploit Title: ThinVNC 1.0b1 - Authentication Bypass Date: 2019-10-17 Exploit Author: Nikhith Tumamlapalli Contributor WarMarX Vendor Homepage: https://sourceforge.net/projects/thinvnc/ Software Link:...
Sahi pro 8.x - Cross-Site Scripting
Sahi pro 8.x - Cross-Site Scripting Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed...
Spring Security OAuth - Open Redirector
Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
PHPads 2.0 - click.php3?bannerID SQL Injection
PHPads 2.0 - click.php3?bannerID SQL Injection + Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo :...
Instagram Auto Follow - Authentication Bypass
Instagram Auto Follow - Authentication Bypass Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...
Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection
Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summar...
PrestaShop 1.6.x1.7.x - Remote Code Execution
PrestaShop 1.6.x1.7.x - Remote Code Execution ?php / PrestaShop 1.6.x = 1.6.1.23 & 1.7.x = 1.7.4.4 - Back Office Remote Code Execution See https://github.com/farisv/PrestaShop-CVE-2018-19126 for explanation. Chaining multiple vulnerabilities to trigger deserialization via phar. Date: December 1st...
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server...
H2 Database 1.4.196 - Remote Code Execution
H2 Database 1.4.196 - Remote Code Execution Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197...
SoftNAS Cloud 4.0.3 - OS Command Injection
SoftNAS Cloud 4.0.3 - OS Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL:...
ADB Broadband Gateways Routers - Local Root Jailbreak
ADB Broadband Gateways Routers - Local Root Jailbreak SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro...
Geutebruck 5.02024 G-CamEFD-2250 - simple_loglistjs.cgi Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-CamEFD-2250 - simpleloglistjs.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck simpleloglistjs.cgi Remote Command Execution...
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure ''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities Document Title: =============== CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1836 Release Date: ============= 2018-01-19...
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' =...
IBM AIX 5.36.17.17.2 - lquerylv Local Privilege Escalation
IBM AIX 5.36.17.17.2 - lquerylv Local Privilege Escalation !/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known...
Technicolor TC7200 ModemRouter STD6.02.11 - Multiple Vulnerabilities
Technicolor TC7200 ModemRouter STD6.02.11 - Multiple Vulnerabilities ''' Technicolor TC7200 modem/router multiple vulnerabilities -------------------------------------------------------- Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page:...
SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal
SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...
GNU bash 4.3.11 - Environment Variable dhclient
GNU bash 4.3.11 - Environment Variable dhclient !/usr/bin/python Exploit Title: dhclient shellshocker Google Dork: n/a Date: 10/1/14 Exploit Author: @0x00string Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz Version: 4.3.11 Tested on: Ubuntu 14.04.1 CVE :...
ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection
ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using ...
Apple Mac OSX 10.9 - Hard Link Memory Corruption
Apple Mac OSX 10.9 - Hard Link Memory Corruption / MacOSX/XNU HFS Multiple Vulnerabilities Maksymilian Arciemowicz http://cxsecurity.com/ http://cifrex.org/ =================== On November 8th, I've reported vulnerability in hard links for HFS+ CVE-2013-6799...
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 ev...
TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618...
Nginx 1.3.9 1.4.0 - Denial of Service (PoC)
Nginx 1.3.9 1.4.0 - Denial of Service PoC Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...
Jax Calendar 1.34 - Remote Admin Access
Jax Calendar 1.34 - Remote Admin Access Exploit Title: Jax Calendar 1.34 Remote Admin Access Exploit Date: December 30th, 2009 Author: Sora Software Link: http://www.jtr.de/scripting/php Version: 1.34 Tested on: Windows Vista and Linux Backtrack 3 ---------------------------- Jax Calendar 1.34...
Samba 3.0.10 3.3.5 - Format String Security Bypass
Samba 3.0.10 3.3.5 - Format String Security Bypass The following proof of concept is available: smb: \ put aa%3Fbb...
IBM AIX 5.66.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.66.1 - LIBINITDBG Arbitrary File Overwrite via Libc Debug !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division...
0DayDB 2.3 - id Remote Authentication Bypass
0DayDB 2.3 - id Remote Authentication Bypass !/usr/bin/perl Autor : Pr0metheuS Script : 0DayDB v2.3 Version : v2.3 Dork : "Powered By 0DayDB v2.3" Gr33tz-Team.org use LWP::UserAgent; if@ARGV!=3 print "\n"; print "0DayDB v2.3 Remote Admin Bypass\n"; print "perl $0 \n"; print "downloads ID for...