41207 matches found
PHPKit 1.6.1 - comment.php SQL Injection
PHPKit 1.6.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/21962/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
MobilePublisherPHP 1.5 RC2 - Remote File Inclusion
MobilePublisherPHP 1.5 RC2 - Remote File Inclusion MobilePublisherPHP 1.5 RC2 functions.phpRemote Include Vulnerability Discovered by: Timq http://www.securitydb.org Team-Rootshell Email: timqathackernetworkdotcom http://www.securitydb.org Team-Rootshell Vulnerable: require...
Joomla! Mambo Component Comprofiler 1.0 - class.php Remote File Inclusion
Joomla! Mambo Component Comprofiler 1.0 - class.php Remote File Inclusion source: https://www.securityfocus.com/bid/19725/info The Mambo and Joomla comcomprofiler component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can...
Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion
Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion Joomla-SMF Forum Bridge For Mambo 4.5.3+ And Mambo 4.5.3+ Remote File Inclusion Vulnebrality Discovered by : ASIANEAGLE Remote:Yes Level:High --------------------------------------------------------- Application: SMF Forum 1.3.1.3 Bridge...
Microsoft Windows - DTC Remote (MS05-051) (2)
Microsoft Windows - DTC Remote MS05-051 2 / Hard to exploit, isn't it? I have tested it on 10+ box, most of them allocated 0x9X0058 for me, however, I cannot write the pointer to 0x7ffdf020 since the length I can control should be divided exactly by 8 merde, so I choose 0x684191c4. This following...
Linux Kernel 2.6.x - IPv6 Local Denial of Service
Linux Kernel 2.6.x - IPv6 Local Denial of Service / source: https://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / / Linux kernel IPv6 UDP port selection infinit...
Apache 2.0.52 - GET Denial of Service
Apache 2.0.52 - GET Denial of Service !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info -...
Snitz Forums 2000 - down.asp HTTP Response Splitting
Snitz Forums 2000 - down.asp HTTP Response Splitting source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected...
Iperius Backup 6.1.0 - Privilege Escalation
Iperius Backup 6.1.0 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read PoC Exploit Title: ntpd 4.2.8p10 - Out-of-Bounds Read PoC Bug Discovery: Yihan Lian, a security researcher of Qihoo 360 GearTeam Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/blog/cve-2018-7182 Vendor Homepage:...
ASRock Drivers - Privilege Escalation
ASRock Drivers - Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ ASRock Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL:...
SoftNAS Cloud 4.0.3 - OS Command Injection
SoftNAS Cloud 4.0.3 - OS Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL:...
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Siemens SIMATIC S7-300 CPU - Remote Denial of Service Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions...
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code (Metasploit)
Drupal 7.58 - Drupalgeddon3 Authenticated Remote Code Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote cod...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting Exploit Title: Joomla! Component JS Jobs 1.2.0 - Cross Site Scripting Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com/products/js-jobs.html...
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Persistent XSS Date: 2018-03-27 Exploit...
Asterisk chan_pjsip 15.2.0 - INVITE Denial of Service
Asterisk chanpjsip 15.2.0 - INVITE Denial of Service ''' Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip installed with --with-pjproject-bundled -...
Oracle PeopleSoft 8.5x - Remote Code Execution
Oracle PeopleSoft 8.5x - Remote Code Execution Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE :...
Linux Kernel - BadIRET Local Privilege Escalation
Linux Kernel - BadIRET Local Privilege Escalation CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls Usa...
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...
PHPMailer 5.2.18 - Remote Code Execution (PHP)
PHPMailer 5.2.18 - Remote Code Execution PHP 09607 "; // ------------------ // mail param injection via the vulnerability in PHPMailer requireonce'class.phpmailer.php'; $mail = new PHPMailer; // defaults to using php "mail" $mail-SetFrom$emailfrom, 'Client Name'...
Adobe ColdFusion 11 Update 10 - XML External Entity Injection
Adobe ColdFusion 11 Update 10 - XML External Entity Injection ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016...
Multiple CCTV-DVR Vendors - Remote Code Execution
Multiple CCTV-DVR Vendors - Remote Code Execution !/usr/bin/python Blog post: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html ''' Vendors List Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems Cocktail...
Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)
Microsoft Windows - Kerberos Security Feature Bypass MS16-014 Exploit Title: Windows Kerberos Security Feature Bypass Date: 12-02-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-0049 Category: Local Exploit 1 Prerequisites: - Standard Windows 7 Fully...
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow (PoC)
NTPd ntp-4.2.6p5 - ctlputdata Buffer Overflow PoC / Ntpd Based on: ntpq client from ntp package Provided for legal security research and testing purposes ONLY PoC DoS Denial of Service PoC. Will crash NTPd. You will need to know the KEY ID and MD5 password, for example put this in you ntp.conf...
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18,...
Internet Download Manager - OLE Automation Array Remote Code Execution
Internet Download Manager - OLE Automation Array Remote Code Execution !/usr/bin/php Run Site Grabber 4 . Enter any word "Start page/address" 5 . Click Addvance 6 . check "Enter Login and password manually at the following web page" 7 . Enter your exploit link http://ipaddress:80/ 8 . Next -- Nex...
Fork CMS 3.8.5 - SQL Injection
Fork CMS 3.8.5 - SQL Injection CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89...
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download Arbitrary file download in ManageEngine Netflow Analyzer and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 30/11/20...
WordPress 4.0 - Denial of Service
WordPress 4.0 - Denial of Service $argv2, 'pwd' = strrepeat"A",1000000, 'redirectto' = $argv1 . "/wp-admin/", 'reauth' = 1, 'testcookie' = '1', 'wp-submit' = "Log%20In"; $cookieFiles = "cookie.txt"; curlsetoptarray$ch, array CURLOPTHEADER = 1, CURLOPTUSERAGENT = "Mozilla/5.0 Windows; U; Windows N...
Microsoft Windows Kernel - win32k.sys Integer Overflow (MS13-101)
Microsoft Windows Kernel - win32k.sys Integer Overflow MS13-101 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Divide Error in Windows Kernel 1. Advisory Information Title: Divide Error in Windows Kernel Advisory ID: CORE-2013-0807 Advisory URL:...
D-Link DSR Router Series - Remote Command Execution
D-Link DSR Router Series - Remote Command Execution !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-2...
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
SAP NetWeaver Dispatcher - Multiple Vulnerabilities
SAP NetWeaver Dispatcher - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Dispatcher Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL:...
WordPress 3.3.1 - Multiple Vulnerabilities
WordPress 3.3.1 - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Versi...
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM...
IBM Tivoli Directory Server SASL - Bind Request Remote Code Execution
IBM Tivoli Directory Server SASL - Bind Request Remote Code Execution Source: http://www.protekresearchlab.com/index.php?option=comcontent&view=article&id=26&Itemid=26 Application: IBM Tivoli Directory Server SASL Bind Request Remote Code Execution Vulnerability Platforms: Windows Exploitation:...
Tandberg E EX C Series Endpoints - Default Root Account Credentials
Tandberg E EX C Series Endpoints - Default Root Account Credentials -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints Advisory ID: cisco-sa-20110202-tandberg Revision 1.0 For Public Release 2011...
ClanSphere 2010.0 Final - Multiple Vulnerabilities
ClanSphere 2010.0 Final - Multiple Vulnerabilities Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability...
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities Exploit Title: Joomla Component comccboard Multiple Vulnerabilities Date: 13 Nov 2010 Author: jdc Category: webapps/0day Version: 1.2-RC Download:...
Linux Kernel 2.6.36-rc1 (Ubuntu 10.04 2.6.32) - CAN BCM Local Privilege Escalation
Linux Kernel 2.6.36-rc1 Ubuntu 10.04 2.6.32 - CAN BCM Local Privilege Escalation / i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN...
Microsoft Excel - FEATHEADER Record (MS09-067)
Microsoft Excel - FEATHEADER Record MS09-067 MS Excel Malformed FEATHEADER Record Exploit CVE-2009-3129, MS09-067, OSVDB-59860 Vulnerble application MS office 2003/2007 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Sean Larsson - Original Discovery !/usr/bin/python import sys import zlib Allwi...
vBulletin 3.8.6 - faq.php Information Disclosure
vBulletin 3.8.6 - faq.php Information Disclosure 010101010101010101010101010101010101010101010101010101010 0 0 1 Iranian Datacoders Security Team 2010 0 0 010101010101010101010101010101010101010101010101010101010 Original Advisory:...
libpng 1.4.2 - Denial of Service
libpng 1.4.2 - Denial of Service / Exploit Title: libpng include include include include include define BASE 65521L / largest prime smaller than 65536 / / Update a running Adler-32 checksum with the bytes buf0..len-1 and return the updated checksum. The Adler-32 checksum should be initialized to ...
Adobe Photoshop CS4 Extended 11.0 - .ABR File Handling Remote Buffer Overflow (PoC)
Adobe Photoshop CS4 Extended 11.0 - .ABR File Handling Remote Buffer Overflow PoC !/usr/bin/perl Title: Adobe Photoshop CS4 Extended 11.0 ABR File Handling Remote Buffer Overflow PoC Summary: The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your...
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting all of them Credit : ItSecTeam Remote : Yes Status : Bug mail : [email protected] Dork : "ATutor 1.6.4" Special Tnx : am!rkh@n, Amin ShokohiPejvak, C0M0D0, 0xd41684c654, r3dmove And...
Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation (MS10-015)
Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation MS10-015 Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11199.zip KiTrap0D.zip E-DB Note: Make sure to run "vdmallowed.exe" pre-compiled inside the subfolder...
WorldPay Script Shop - productdetail SQL Injection
WorldPay Script Shop - productdetail SQL Injection ============================================ | WorldPay Script Shop productdetail SQL Injection Vulnerability ============================================ + Author: Err0R + Site : www.sa-hacker.com/vb + Email : [email protected]...
WordPress Plugin WP-Forum 2.3 - SQL Injection Blind SQL Injection
WordPress Plugin WP-Forum 2.3 - SQL Injection Blind SQL Injection ============================================= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 -...