41207 matches found
0DayDB 2.3 - id Remote Authentication Bypass
0DayDB 2.3 - id Remote Authentication Bypass !/usr/bin/perl Autor : Pr0metheuS Script : 0DayDB v2.3 Version : v2.3 Dork : "Powered By 0DayDB v2.3" Gr33tz-Team.org use LWP::UserAgent; if@ARGV!=3 print "\n"; print "0DayDB v2.3 Remote Admin Bypass\n"; print "perl $0 \n"; print "downloads ID for...
Squirrelcart 2.2.0 - cart_content.php Remote File Inclusion
Squirrelcart 2.2.0 - cartcontent.php Remote File Inclusion Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...
ACal 2.2.6 - day.php Remote File Inclusion
ACal 2.2.6 - day.php Remote File Inclusion $$ $ Title: ACal 2.2.6 = Remote File Inclusion $ $$ $ URL: http://acalproj.sourceforge.net/ $ $$ $ Dork: intitle:"Login to Calendar" $ $$ $ Credits: PiNGuX $ $$ $ Greetz : 0o $ $$ Exploit:...
Invision Power Board 2.1.4 - Register Users Denial of Service
Invision Power Board 2.1.4 - Register Users Denial of Service !/usr/bin/perl use IO::Socket; | | | \ | | |/ IPB Register Multiple Users Denial of Service Doesn't Work on forums using "Code Confirmation" Created By SkOd SED security Team http://www.sed-team.be [email protected] ISRAEL print q...
Gemitel 3.50 - affich.php Remote File Inclusion Command Injection
Gemitel 3.50 - affich.php Remote File Inclusion Command Injection source: https://www.securityfocus.com/bid/10156/info A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the...
Wing FTP Server 6.2.3 - Privilege Escalation
Wing FTP Server 6.2.3 - Privilege Escalation Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link:...
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Exploit Title: I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://www.revotec.com/ Product Link: CVE: N/A !/usr/bin/perl Revotech I6032B-P POE 1920x1080P 2.0MP...
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...
Microsoft Windows 10 - Theme API ThemePack File Parsing
Microsoft Windows 10 - Theme API ThemePack File Parsing Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10...
null
A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...
Adaware Web Companion version 4.8.2078.3950 - WCAssistantService Unquoted Service Path
Adaware Web Companion version 4.8.2078.3950 - WCAssistantService Unquoted Service Path Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Date: 2019-11-06 Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/...
Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path
Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage:...
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
Alkacon OpenCMS 10.5.x - Cross-Site Scripting Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on...
VxWorks 6.8 - TCP Urgent Pointer 0 Integer Underflow
VxWorks 6.8 - TCP Urgent Pointer 0 Integer Underflow Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More...
MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow
MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Exploit Title: MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Author: hyp3rlinx Discovery Date: 2019-07-17 Vendor Homepage: www.computerlab.com Software Link:...
Huawei eSpace 1.1.11.103 - DLL Hijacking
Huawei eSpace 1.1.11.103 - DLL Hijacking / Huawei eSpace Desktop DLL Hijacking Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient...
Moodle 3.4.1 - Remote Code Execution
Moodle 3.4.1 - Remote Code Execution php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure...
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...
SureMDM 2018-11 Patch - Local Remote File Inclusion
SureMDM 2018-11 Patch - Local Remote File Inclusion Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link:...
iOSmacOS - task_swap_mach_voucher() Use-After-Free
iOSmacOS - taskswapmachvoucher Use-After-Free / voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417...
Pydio AjaXplorer 5.0.4 - (Unauthenticated) Arbitrary File Upload
Pydio AjaXplorer 5.0.4 - Unauthenticated Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 5.0.3 – 3.3.5 Date: 01/18/2019 Exploit Author: @jazz Vendor Homepage: https://pydio.com/ Software Link:...
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge application...
OX App Suite 7.8.4 - Multiple Vulnerabilities
OX App Suite 7.8.4 - Multiple Vulnerabilities Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by...
Microsoft Windows - POPMOV SS Privilege Escalation
Microsoft Windows - POPMOV SS Privilege Escalation Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain...
Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery
Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-21 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU...
LineageOS 14.1 Blueborne - Remote Code Execution
LineageOS 14.1 Blueborne - Remote Code Execution Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and...
Dell EMC Isilon OneFS - Multiple Vulnerabilities
Dell EMC Isilon OneFS - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe...
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...
DblTek - Multiple Vulnerabilities
DblTek - Multiple Vulnerabilities Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Ou...
iOS 11.1 tvOS 11.1 watchOS 4.1 - Denial of Service
iOS 11.1 tvOS 11.1 watchOS 4.1 - Denial of Service Exploit Title: TpwnT - iOS Denail of Service POC Date: 10-31-2017 Exploit Author: Russian Otter Ro Vendor Homepage: https://support.apple.com/en-us/HT208222 Version: 2.1 Tested on: iOS 10.3.2 - 11.1 CVE: CVE-2017-13849 """ -----------------------...
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary...
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...
3CX Phone System 15.5.3554.1 - Directory Traversal
3CX Phone System 15.5.3554.1 - Directory Traversal Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector:...
Trend Micro OfficeScan 11.0XG (12.0) - Information Disclosure
Trend Micro OfficeScan 11.0XG 12.0 - Information Disclosure + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt + ISR: ApparitionSec Vendor:...
Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service
Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle...
VMware WorkStation 12.5.5 - Virtual Machine Escape
VMware WorkStation 12.5.5 - Virtual Machine Escape VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0,...
Horde Groupware Webmail 345 - Multiple Remote Code Executions
Horde Groupware Webmail 345 - Multiple Remote Code Executions Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready,...
Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection
Zyxel EMG2926 V1.00AAQT.4b8 - OS Command Injection Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel...
Intermec PM43 Industrial Printer - Local Privilege Escalation
Intermec PM43 Industrial Printer - Local Privilege Escalation TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware...
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to...
Nagios 4.2.2 - Local Privilege Escalation
Nagios 4.2.2 - Local Privilege Escalation Affected Product: Nagios 4 Vulnerability Type: root privilege escalation Fixed in Version: N/A Vendor Website: https://www.nagios.com/ Software Link: : https://sourceforge.net/projects/nagios/files/latest/download?source=directory-featured Affected Versio...
AVTECH IP Camera NVR DVR Devices - Multiple Vulnerabilities
AVTECH IP Camera NVR DVR Devices - Multiple Vulnerabilities ''' Avtech devices multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Every Avtech device IP camera, NVR, DVR and firmware version. 4 contains the list of confirmed...
phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution
phpMyAdmin 4.6.2 - Authenticated Remote Code Execution !/usr/bin/env python """cve-2016-5734.py: PhpMyAdmin 4.3.0 - 4.6.2 authorized user RCE exploit Details: Working only at PHP 4.3.0-5.4.6 versions, because of regex break with null byte fixed in PHP 5.4.7. CVE: CVE-2016-5734 Author:...
DotNetNuke 07.04.00 - Administration Authentication Bypass
DotNetNuke 07.04.00 - Administration Authentication Bypass Exploit Title: DotNetNuke 07.04.00 Administration Authentication Bypass Date: 06-05-2016 Exploit Author: Marios Nicolaides Vendor Homepage: http://www.dnnsoftware.com/ Software Link: https://dotnetnuke.codeplex.com/releases/view/611324...
Status2k Server Monitoring Software - Multiple Vulnerabilities
Status2k Server Monitoring Software - Multiple Vulnerabilities Exploit Title: Status2k Multiple Vulnerabilities/0days Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://status2k.com/ Version: All Tested on: Linux/Windows CVE :...
Cisco Linksys E4200 - Multiple Vulnerabilities
Cisco Linksys E4200 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ============================================= XSS, LFI in Cisco, Linksys E4200 Firmware ============================================= URL:...
eGlibc - Signedness Code Execution
eGlibc - Signedness Code Execution Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 ...
Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities
Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...