PHP 5.3.5 - socket_connect() Local Buffer Overflow

PHP 5.3.5 - socketconnect Local Buffer Overflow...

Oracle Document Capture - empop3.dll Insecure Methods

Oracle Document Capture - empop3.dll Insecure Methods Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture...

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...

HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code

HP OpenView Network Node Manager OV NNM 7.53 - Invalid DB Error Code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ HP Openview NNM 7.53 Invalid DB Error Code vulnerability 1. Advisory Information Title: HP Openvi...

PerlSoft Gästebuch 1.7b - admincenter.cgi Remote Command Execution

PerlSoft Gästebuch 1.7b - admincenter.cgi Remote Command Execution source: https://www.securityfocus.com/bid/33525/info PerlSoft Gästebuch is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize...

DMXReady Faqs Manager 1.1 - Remote Contents Change

DMXReady Faqs Manager 1.1 - Remote Contents Change Title : DMXReady Faqs Manager http://target/path//applications/FaqsManager/incfaqsmanager.asp Edit - http://target/path//admin/FaqsManager/addcategory.asp : milw0rm.com 2009-01-14...

PHP-Nuke Module Kose_Yazilari - artid SQL Injection

PHP-Nuke Module KoseYazilari - artid SQL Injection CoRPITX Turkey www.Hayalet-hack.com www.zone-turk.net/ PHP-Nuke KoseYazilari SQL Injection Vulnerability AUTHOR : xcorpitx HOME : www.Hayalet-hack.com / www.zone-turk.net WHEN YOU PUT THIS SQL CODE YOU can SEE ADMýN NAME,ADMIN HASH DorK 1 : ''na...

Joomla! Component com_colorlab 1.0 - Remote File Inclusion

Joomla! Component comcolorlab 1.0 - Remote File Inclusion -------------------- Joomla comcolorlab Remote File Include -------------------- Found : xoron -------------------- Download: http://download.joomlaportal.ch/content/view/474/ -------------------- Wrong Code: include...

Mambo Module galleria 1.0b - Remote File Inclusion

Mambo Module galleria 1.0b - Remote File Inclusion Title : galleria = 1.0 Remote File InclusionVulnerability - URL : http://binarydigit.at/ - Author : sikunYuk - Mail : inealatgmail.com - exploit :...

Instant Photo Gallery 1.0 - content.php?cid SQL Injection

Instant Photo Gallery 1.0 - content.php?cid SQL Injection source: https://www.securityfocus.com/bid/15659/info Instant Photo Gallery is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in...

TortoiseSVN 1.12.1 - Remote Code Execution

TortoiseSVN 1.12.1 - Remote Code Execution Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...

Android 7 - 9 VideoPlayer - ihevcd_parse_pps Out-of-Bounds Write

Android 7 - 9 VideoPlayer - ihevcdparsepps Out-of-Bounds Write CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video with tiles enabled - pspps-i1tilesenabledflag you can...

PrestaShop 1.6.x1.7.x - Remote Code Execution

PrestaShop 1.6.x1.7.x - Remote Code Execution ?php / PrestaShop 1.6.x = 1.6.1.23 & 1.7.x = 1.7.4.4 - Back Office Remote Code Execution See https://github.com/farisv/PrestaShop-CVE-2018-19126 for explanation. Chaining multiple vulnerabilities to trigger deserialization via phar. Date: December 1st...

Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (ldpreload Method)

Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation ldpreload Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique --...

Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload SQL Injection

Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload SQL Injection Exploit Title: Simple PHP Shopping Cart 0.9 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://asaancart.wordpress.com/ Software Link:...

Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software...

ADB Broadband Gateways Routers - Local Root Jailbreak

ADB Broadband Gateways Routers - Local Root Jailbreak SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro...

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-21 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU...

Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code Execution (PoC)

Drupal 7.58 - Drupalgeddon3 Authenticated Remote Code Execution PoC This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in...

WSO2 Carbon WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

WSO2 Carbon WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable...

Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape

Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle...

Primefaces 5.x - Remote Code Execution (Metasploit)

Primefaces 5.x - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module...

Dahua Generation 23 - Backdoor Access

Dahua Generation 23 - Backdoor Access !/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1...

Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation

Realtek Audio Driver 6.0.1.7898 Windows 10 - Dolby Audio X2 Service Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075 Windows: Dolby Audio X2 Service Elevation of Privilege Platform: Windows 10 + Realtek Audio Driver version 6.0.1.7898 on a Lenovo P50...

HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting Remote File Inclusion

HPE OpenCall Media Platform OCMP 4.3.2 - Cross-Site Scripting Remote File Inclusion Source: https://blogs.securiteam.com/index.php/archives/3087 SSD Advisory – HPE OpenCall Media Platform OCMP Multiple Vulnerabilities Want to get paid for a vulnerability similar to this one? Contact us at:...

OpenSSL 1.1.0 - Remote Client Denial of Service

OpenSSL 1.1.0 - Remote Client Denial of Service // Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/ / SSL server demonstration program Copyright C 2006-2015, ARM Limited, All Rights Reserved...

Apple macOS 10.12 16A323 XNU Kernel iOS 10.1.1 - set_dp_control_port Lack of Locking Use-After-Free

Apple macOS 10.12 16A323 XNU Kernel iOS 10.1.1 - setdpcontrolport Lack of Locking Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostpri...

WSO2 Carbon 4.4.5 - Local File Inclusion

WSO2 Carbon 4.4.5 - Local File Inclusion + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt + ISR: ApparitionSec Vendor: =============== www.wso2.com Product: ====================...

D-Link DIR-816L Wireless Router - Cross-Site Request Forgery

D-Link DIR-816L Wireless Router - Cross-Site Request Forgery ---------------------------------------------------------------------------------------------- Title: ==== D-link wireless router DIR-816L – Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Bhadresh Patel...

Koha 3.20.1 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities

Koha 3.20.1 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Securit...

Apple Mac OSX - Local Denial of Service

Apple Mac OSX - Local Denial of Service / 2015, Maxime Villard, CVE-2015-1100 Local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. $ gcc -o Mac-OS-XFat-DoS Mac-OS-XFat-DoS.c $ ./Mac-OS-XFat-DoS BINARY-NAME Obtained from: http://m00nbsd.net/garbage/Mac-OS-XFat-DoS.c...

Sharetronix 3.3 - Multiple Vulnerabilities

Sharetronix 3.3 - Multiple Vulnerabilities Advisory ID: HTB23214 Product: Sharetronix Vendor: Blogtronix, LLC Vulnerable Versions: 3.3 and probably prior Tested Version: 3.3 Advisory Publication: May 7, 2014 without technical details Vendor Notification: May 7, 2014 Vendor Patch: May 27, 2014...

WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery

WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery Advisory ID: HTB23206 Product: XCloner Wordpress plugin Vendor: XCloner Vulnerable Versions: 3.1.0 and probably prior Tested Version: 3.1.0 Advisory Publication: March 12, 2014 without technical details Vendor Notification: March 12, 201...

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor...

Nero MediaHome 4.5.8.0 - Denial of Service

Nero MediaHome 4.5.8.0 - Denial of Service Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper...

Guru Auction 2.0 - Multiple SQL Injections

Guru Auction 2.0 - Multiple SQL Injections / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...

DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities

DCForum - authuserfile.txt File Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/56383/info DCForum is prone to multiple information-disclosure vulnerabilities. Exploiting these issues may allow an attacker to obtain sensitive information that may aid in...

Habari Blog - Multiple Vulnerabilities

Habari Blog - Multiple Vulnerabilities Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure...

Spaceacre - index.php SQL Injection HTML Cross-Site Scripting Injection

Spaceacre - index.php SQL Injection HTML Cross-Site Scripting Injection ------------------------------------------------------------------------------------------- Spaceacre index.php SQL/HTML/XSS Injection Vulnerability...

AV Arcade - Search Cross-Site Scripting HTML Injection

AV Arcade - Search Cross-Site Scripting HTML Injection Exploit Title: AV Arcade Search Field XSS/HTML Injection Date: 6/5/2010 Author: Vadim Toptunov, http://www.twitter.com/pentesting Software Link: http://www.avscripts.net/avarcade/ Version: 5.1.4 Free and Pro latest and prior Tested on: Any NI...

Virtual PC Hypervisor - Memory Protection

Virtual PC Hypervisor - Memory Protection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Virtual PC Hypervisor Memory Protection Vulnerability 1. Advisory Information Title: Virtual PC Hypervisor Memory Protection...

Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities

Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/38483/info Sparta Systems TrackWise EQMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An...

Adobe (Multiple Products) - XML External Entity XML Injection

Adobe Multiple Products - XML External Entity XML Injection , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities CVE:...

Opera 10.01 - Remote Array Overrun

Opera 10.01 - Remote Array Overrun From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/223 Opera 10.01 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.: 07.05.2009 - - Pub.: 20.11.2009 CVE: CVE-2009-0689...

DMXReady Contact Us Manager 1.1 - Remote Contents Change

DMXReady Contact Us Manager 1.1 - Remote Contents Change Title : DMXReady Contact Us Manager http://target/path//applications/ContactUsManager/inccontactusmanager.asp Edit - http://target/path//admin/ContactUsManager/addcategory.asp : milw0rm.com 2009-01-14...

Arab Portal 2.1 (Windows) - Remote File Disclosure

Arab Portal 2.1 Windows - Remote File Disclosure Arab Portal v2.1 Remote File Disclosure Win32 AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...

phpBB Plus 1.53 - phpbb_root_path Remote File Inclusion

phpBB Plus 1.53 - phpbbrootpath Remote File Inclusion AUTHOR = Mehrad Ansari Targhi E-Mail : [email protected] My Yahoo Messenger ID : mehrad1989 Script Download URL : http://www.phpbbplus.net/PhpBBPlus1.53.zip This Is A RFI Bug . This Bug Is In : PHPBBPLUS INSTALLED /language/langgerman/lang...

phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion

phpFFL 1.24 - PHPFFLFILEROOT Remote File Inclusion Title : phpFFL 1.24 Remote File Inclusion Vulnerability Title : phpFFL 1.24 Remote File Inclusion Vulnerability Author : Dj7xpl Contact : [email protected] Dawnload : http://sourceforge.net/project/showfiles.php?groupid=137531 Gr33tZ : Y! Undergroun...

AuraCMS Forum Module - SQL Injection

AuraCMS Forum Module - SQL Injection AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=foru...

Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage

Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage !/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet fram...