41207 matches found
WebPhotoPro - Multiple SQL Injections
WebPhotoPro - Multiple SQL Injections source: https://www.securityfocus.com/bid/32829/info WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker t...
STPHPLibrary - STPHPLIB_DIR Remote File Inclusion
STPHPLibrary - STPHPLIBDIR Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...
Hosting Controller 0.6.1 - User Registration (1)
Hosting Controller 0.6.1 - User Registration 1 Domain: Username: INPUT type="hidden" name="htype" value="27" id="htyp...
Oracle 9i - Multiple Vulnerabilities
Oracle 9i - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/10871/info Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. There have also...
PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution
PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/7919/info It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands...
vBulletin 5.x - Remote Command Execution (Metasploit)
vBulletin 5.x - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE...
CleverDog Smart Camera DOG-2W DOG-2W-V4 - Multiple Vulnerabilities
CleverDog Smart Camera DOG-2W DOG-2W-V4 - Multiple Vulnerabilities 1. Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple...
Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection
Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...
Bolt CMS 3.6.4 - Cross-Site Scripting
Bolt CMS 3.6.4 - Cross-Site Scripting Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type :...
Cisco WebEx Meetings 33.6.6 33.9.1 - Privilege Escalation
Cisco WebEx Meetings 33.6.6 33.9.1 - Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisor...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation dbus Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47165.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses dbus service technique ---...
Craft CMS 3.0.25 - Cross-Site Scripting
Craft CMS 3.0.25 - Cross-Site Scripting Exploit Title: Craft CMS 3.0.25 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-20 Exploit Author: Raif Berkay Dincel Contact: www.raifberkaydincel.com More Details 1 :...
Linux - userfaultfd Bypasses tmpfs File Permissions
Linux - userfaultfd Bypasses tmpfs File Permissions Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it...
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against...
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)
PRTG Network Monitor 18.1.39.1648 - Stack Overflow Denial of Service Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version:...
HP iMC Plat 7.2 - Remote Code Execution (2)
HP iMC Plat 7.2 - Remote Code Execution 2 !/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE Date: 11-29-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)
PHPMyFAQ 2.9.8 - Cross-Site Scripting 3 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE :...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...
Microsoft Edge Chakra - Buffer Overflow
Microsoft Edge Chakra - Buffer Overflow sxCall.argCount; //pnode-sxCall.argCount=0xFFFF argCount++; // include "this" //overflow!!!! argCount==0 BOOL fSideEffectArgs = FALSE; unsigned int tmpCount = CountArgumentspnode-sxCall.pnodeArgs, &fSideEffectArgs; AssertargCount == tmpCount; if argCount !=...
Miele Professional PG 8528 - Directory Traversal
Miele Professional PG 8528 - Directory Traversal Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score:...
Ansible 2.1.42.2.1 - Command Execution
Ansible 2.1.42.2.1 - Command Execution Computest security advisory CT-2017-0109 Summary: Command execution on Ansible controller from host Affected software: Ansible CVE: CVE-2016-9587 Reference URL: https://www.computest.nl/advisories/ CT-2017-0109Ansible.txt Affected versions: 2.1.4, 2.2.1...
Apache Tomcat 876 (RedHat Based Distros) - Local Privilege Escalation
Apache Tomcat 876 RedHat Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-5425 - Release date: 10.10.2016 - Revision: 1 - Severity: High...
Micro Focus Filr 2 2.0.0.4211.2 1.2.0.846 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.4211.2 1.2.0.846 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Micro Focus former Novell Filr Appliance vulnerable version: Filr 2...
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset Local Privilege Escalation
Linux Kernel 4.4.0-21 Ubuntu 16.04 x64 - netfilter targetoffset Local Privilege Escalation / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root...
SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity
SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016...
mcart.xls Bitrix Module 6.5.2 - SQL Injection
mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...
Linux Kernel - espfix64 Nested NMIs Interrupting Privilege Escalation
Linux Kernel - espfix64 Nested NMIs Interrupting Privilege Escalation / +++++ CVE-2015-3290 +++++ High impact NMI bug on x8664 systems 3.13 and newer, embargoed. Also fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a The...
Centreon 2.5.4 - Multiple Vulnerabilities
Centreon 2.5.4 - Multiple Vulnerabilities Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution CVEs: CVE-2015-1560, CVE-2015-1561 Vendor: Merethis - www.centreon.com Product: Centreon Version affected: 2.5.4 and prior Product description: Centreon is the choic...
Bonita BPM 6.5.1 - Multiple Vulnerabilities
Bonita BPM 6.5.1 - Multiple Vulnerabilities Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015...
Linux Kernel 3.133.14 (Ubuntu) - splice() System Call Local Denial of Service
Linux Kernel 3.133.14 Ubuntu - splice System Call Local Denial of Service / ---------------------------------------------------------------------------------------------------- cve-2014-7822poc.c The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not...
Gogs - usersrepos ?q SQL Injection
Gogs - usersrepos ?q SQL Injection Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very simili...
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable...
Bosch Security Systems DVR 630650670 Series - Multiple Vulnerabilities
Bosch Security Systems DVR 630650670 Series - Multiple Vulnerabilities :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2014-10-01 Bosch Security Systems DVR 630/650/670 Series...
Linux Kernel 3.2.0-233.5.0-23 (Ubuntu 12.0412.04.112.04.2 x64) - perf_swevent_init Local Privilege Escalation (3)
Linux Kernel 3.2.0-233.5.0-23 Ubuntu 12.0412.04.112.04.2 x64 - perfsweventinit Local Privilege Escalation 3 / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu...
Apache + PHP 5.3.12 5.4.2 - Remote Code Execution + Scanner
Apache + PHP 5.3.12 5.4.2 - Remote Code Execution + Scanner !/usr/bin/env python ap-unlock-v1337.py - apache + php 5. rem0te c0de execution exploit NOTE: - quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range...
X2CRM 3.4.1 - Multiple Vulnerabilities
X2CRM 3.4.1 - Multiple Vulnerabilities Advisory ID: HTB23172 Product: X2CRM Vendor: X2Engine Inc. Vulnerable Versions: 3.4.1 and probably prior Tested Version: 3.4.1 Advisory Published: September 4, 2013 Vendor Notification: September 4, 2013 Vendor Patch: September 10, 2013 Public Disclosure:...
Linux Kernel 2.6.32 3.x (CentOS 56) - PERF_EVENTS Local Privilege Escalation (1)
Linux Kernel 2.6.32 3.x CentOS 56 - PERFEVENTS Local Privilege Escalation 1 / linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if yo...
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
vBulletin Yet Another Awards System 4.0.2 - SQL Injection Exploit Title: vBulletin Yet Another Awards System 4.0.2 Time Based SQL Injection 0day Google Dork: inurl:awards.php intext:"powered by vbulletin" Date: 29/08/12 Exploit Author: Backsl@sh/Dan Software Link:...
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability...
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux Kenel 2.6.37-rc1 - serialcore TIOCGICOUNT Leak / Linux include include include include include include int mainint argc, char argv int fd, ret = 0, i; struct serialicounterstruct buffer; printf" Linux = 2.6.37-rc1 serialcore TIOCGICOUNT leak exploit\n"; ifargc 2 printf" You need to supply a...
KLINK - SQL Injection
KLINK - SQL Injection Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on...
JaMP Player 4.2.2.0 - Denial of Service
JaMP Player 4.2.2.0 - Denial of Service Exploit Title: JaMP Player v4.2.2.0 .m3u DoS Date: 12 / 8 / 2010 Author: Oh Yaw Theng Software Link: http://www.topdownloads.net/software/jamp-player2219088.html?hl=&ia=0 Version: v4.2.2.0 Tested on: Windows XP SP 2 CVE : N / A !/usr/bin/python filename =...
Novell iManager - Multiple Vulnerabilities
Novell iManager - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Novell iManager Multiple Vulnerabilities 1. Advisory Information Title: Novell iManager Multiple Vulnerabilities Advisory Id:...
ParsBlogger - links.asp SQL Injection
ParsBlogger - links.asp SQL Injection || | | ParsBlogger links.asp id Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | script :...
AJ HYIP ACME - comment.php SQL Injection
AJ HYIP ACME - comment.php SQL Injection proud to be muslim rEm0te sql injction VulnErability ajhyip manager script AuTh0r : security fears team Home : WwW.alsonaa.com members: HeB4RieH , germayax...
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
Apache Tomcat 6.0.18 - utf8 Directory Traversal PoC Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18...
X-Cart - Multiple Remote File Inclusions
X-Cart - Multiple Remote File Inclusions xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...
WEBInsta MM 1.3e - absolute_path Remote File Inclusion
WEBInsta MM 1.3e - absolutepath Remote File Inclusion WEBInsta Mailing List Manager = 1.3e initdb.php Remote File Include Exploit function milw0rm if document.exploit.target.value=="" alert"Enter a Target"; return false; exploit.action= document.exploit.target.value;...