41207 matches found
Dahua Generation 23 - Backdoor Access
Dahua Generation 23 - Backdoor Access !/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1...
Apple macOS 10.12 - task_t Local Privilege Escalation
Apple macOS 10.12 - taskt Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very...
Google Android - gpsOneXtra Data Files Denial of Service
Google Android - gpsOneXtra Data Files Denial of Service Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided...
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed...
WSO2 Carbon 4.4.5 - Denial of Service Cross-Site Request Forgery
WSO2 Carbon 4.4.5 - Denial of Service Cross-Site Request Forgery + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.txt + ISR: ApparitionSec Vendor: ============ www.wso2.com Product:...
SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity
SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016...
D-Link DIR-816L Wireless Router - Cross-Site Request Forgery
D-Link DIR-816L Wireless Router - Cross-Site Request Forgery ---------------------------------------------------------------------------------------------- Title: ==== D-link wireless router DIR-816L – Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Bhadresh Patel...
Koha 3.20.1 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities
Koha 3.20.1 - Multiple Cross-Site Scripting Cross-Site Request Forgery Vulnerabilities Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Securit...
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities Exploit Title: FiyoCMS Multiple Vulnerabilities Date: 29 March 2015 Exploit Author: Mahendra Vendor Homepage: www.fiyo.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Version: 2.0.1.8, other version might be vulnerable. Tested : Kali Linux...
pfSense 2.2 - Multiple Vulnerabilities
pfSense 2.2 - Multiple Vulnerabilities Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5,...
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download Arbitrary file download in ManageEngine Netflow Analyzer and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 30/11/20...
Microsoft Windows Kernel - win32k.sys Integer Overflow (MS13-101)
Microsoft Windows Kernel - win32k.sys Integer Overflow MS13-101 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Divide Error in Windows Kernel 1. Advisory Information Title: Divide Error in Windows Kernel Advisory ID: CORE-2013-0807 Advisory URL:...
Nero MediaHome 4.5.8.0 - Denial of Service
Nero MediaHome 4.5.8.0 - Denial of Service Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper...
HP Data Protector 6.20 - EXEC_CMD Buffer Overflow
HP Data Protector 6.20 - EXECCMD Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ HP Data Protector EXECCMD Buffer Overflow Vulnerability 1. Advisory Information Title: HP Data Protector EXECCMD Buffer...
PHP 5.3.5 - socket_connect() Local Buffer Overflow
PHP 5.3.5 - socketconnect Local Buffer Overflow...
IBM Tivoli Directory Server SASL - Bind Request Remote Code Execution
IBM Tivoli Directory Server SASL - Bind Request Remote Code Execution Source: http://www.protekresearchlab.com/index.php?option=comcontent&view=article&id=26&Itemid=26 Application: IBM Tivoli Directory Server SASL Bind Request Remote Code Execution Vulnerability Platforms: Windows Exploitation:...
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux Kenel 2.6.37-rc1 - serialcore TIOCGICOUNT Leak / Linux include include include include include include int mainint argc, char argv int fd, ret = 0, i; struct serialicounterstruct buffer; printf" Linux = 2.6.37-rc1 serialcore TIOCGICOUNT leak exploit\n"; ifargc 2 printf" You need to supply a...
Oracle - Document Capture Insecure READ Method
Oracle - Document Capture Insecure READ Method Source: http://packetstormsecurity.org/files/view/97872/DSECRG-11-007.txt Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL:...
Microsoft Excel - FEATHEADER Record (MS09-067)
Microsoft Excel - FEATHEADER Record MS09-067 MS Excel Malformed FEATHEADER Record Exploit CVE-2009-3129, MS09-067, OSVDB-59860 Vulnerble application MS office 2003/2007 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Sean Larsson - Original Discovery !/usr/bin/python import sys import zlib Allwi...
AV Arcade - Search Cross-Site Scripting HTML Injection
AV Arcade - Search Cross-Site Scripting HTML Injection Exploit Title: AV Arcade Search Field XSS/HTML Injection Date: 6/5/2010 Author: Vadim Toptunov, http://www.twitter.com/pentesting Software Link: http://www.avscripts.net/avarcade/ Version: 5.1.4 Free and Pro latest and prior Tested on: Any NI...
Virtual PC Hypervisor - Memory Protection
Virtual PC Hypervisor - Memory Protection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Virtual PC Hypervisor Memory Protection Vulnerability 1. Advisory Information Title: Virtual PC Hypervisor Memory Protection...
Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities
Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/38483/info Sparta Systems TrackWise EQMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An...
Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation (MS10-015)
Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation MS10-015 Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11199.zip KiTrap0D.zip E-DB Note: Make sure to run "vdmallowed.exe" pre-compiled inside the subfolder...
Opera 10.01 - Remote Array Overrun
Opera 10.01 - Remote Array Overrun From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/223 Opera 10.01 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.: 07.05.2009 - - Pub.: 20.11.2009 CVE: CVE-2009-0689...
HP Data Protector 4.00-SP1b43064 - Remote Memory LeakDenial of Service (Metasploit)
HP Data Protector 4.00-SP1b43064 - Remote Memory LeakDenial of Service Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
PerlSoft Gästebuch 1.7b - admincenter.cgi Remote Command Execution
PerlSoft Gästebuch 1.7b - admincenter.cgi Remote Command Execution source: https://www.securityfocus.com/bid/33525/info PerlSoft Gästebuch is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize...
PHP-Nuke Module Kose_Yazilari - artid SQL Injection
PHP-Nuke Module KoseYazilari - artid SQL Injection CoRPITX Turkey www.Hayalet-hack.com www.zone-turk.net/ PHP-Nuke KoseYazilari SQL Injection Vulnerability AUTHOR : xcorpitx HOME : www.Hayalet-hack.com / www.zone-turk.net WHEN YOU PUT THIS SQL CODE YOU can SEE ADMýN NAME,ADMIN HASH DorK 1 : ''na...
phpBB Plus 1.53 - phpbb_root_path Remote File Inclusion
phpBB Plus 1.53 - phpbbrootpath Remote File Inclusion AUTHOR = Mehrad Ansari Targhi E-Mail : [email protected] My Yahoo Messenger ID : mehrad1989 Script Download URL : http://www.phpbbplus.net/PhpBBPlus1.53.zip This Is A RFI Bug . This Bug Is In : PHPBBPLUS INSTALLED /language/langgerman/lang...
AuraCMS Forum Module - SQL Injection
AuraCMS Forum Module - SQL Injection AuraCMS Forum Module - Remote SQL Injection Vendor : http://auracms.org/ Download : http://iwan.or.id/redirect/download/36.html -- Forum Module Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Dork : inurl:"?pilih=foru...
PHPKit 1.6.1 - comment.php SQL Injection
PHPKit 1.6.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/21962/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
MobilePublisherPHP 1.5 RC2 - Remote File Inclusion
MobilePublisherPHP 1.5 RC2 - Remote File Inclusion MobilePublisherPHP 1.5 RC2 functions.phpRemote Include Vulnerability Discovered by: Timq http://www.securitydb.org Team-Rootshell Email: timqathackernetworkdotcom http://www.securitydb.org Team-Rootshell Vulnerable: require...
Joomla! Mambo Component Comprofiler 1.0 - class.php Remote File Inclusion
Joomla! Mambo Component Comprofiler 1.0 - class.php Remote File Inclusion source: https://www.securityfocus.com/bid/19725/info The Mambo and Joomla comcomprofiler component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can...
Mambo Module galleria 1.0b - Remote File Inclusion
Mambo Module galleria 1.0b - Remote File Inclusion Title : galleria = 1.0 Remote File InclusionVulnerability - URL : http://binarydigit.at/ - Author : sikunYuk - Mail : inealatgmail.com - exploit :...
Microsoft Windows - DTC Remote (MS05-051) (2)
Microsoft Windows - DTC Remote MS05-051 2 / Hard to exploit, isn't it? I have tested it on 10+ box, most of them allocated 0x9X0058 for me, however, I cannot write the pointer to 0x7ffdf020 since the length I can control should be divided exactly by 8 merde, so I choose 0x684191c4. This following...
Instant Photo Gallery 1.0 - content.php?cid SQL Injection
Instant Photo Gallery 1.0 - content.php?cid SQL Injection source: https://www.securityfocus.com/bid/15659/info Instant Photo Gallery is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in...
Oracle 9i - Multiple Vulnerabilities
Oracle 9i - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/10871/info Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. There have also...
PHPX 3.26 - Multiple Vulnerabilities
PHPX 3.26 - Multiple Vulnerabilities PHPX Multiple Vulnerabilities Vendor: PHPX Product: PHPX Version: ","","",""; foreach$checkArray as $c...
PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution
PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/7919/info It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands...
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service PoC Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service PoC Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://www.ftpgetter.com/ Software Link: https://www.ftpgetter.com/ftpgetterprosetup.exe...
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming Exploit Title: Unauthenticated Audio Streaming from Amcrest Camera Shodan Dork: html:"@WebVersion@" Date: 08/29/2019 Exploit Author: Jacob Baines Vendor Homepage: https://amcrest.com/ Software Link:...
Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow
Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop,...
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings aka a SetWiFiSetting request to cgi-bin/qcmapwebcgi Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage:...
Craft CMS 3.0.25 - Cross-Site Scripting
Craft CMS 3.0.25 - Cross-Site Scripting Exploit Title: Craft CMS 3.0.25 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-20 Exploit Author: Raif Berkay Dincel Contact: www.raifberkaydincel.com More Details 1 :...
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read PoC Exploit Title: ntpd 4.2.8p10 - Out-of-Bounds Read PoC Bug Discovery: Yihan Lian, a security researcher of Qihoo 360 GearTeam Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/blog/cve-2018-7182 Vendor Homepage:...
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload SQL Injection
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload SQL Injection Exploit Title: Simple PHP Shopping Cart 0.9 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://asaancart.wordpress.com/ Software Link:...
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software...
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: ...
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Persistent XSS Date: 2018-03-27 Exploit...
Master IP CAM 01 - Multiple Vulnerabilities
Master IP CAM 01 - Multiple Vulnerabilities Exploit Title: Master IP CAM 01 Multiple Vulnerabilities Date: 17-01-2018 Remote: Yes Exploit Authors: Daniele Linguaglossa, Raffaele Sabato Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CV...
SysGauge Server 3.6.18 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepage:...