41207 matches found
LG Smart IP Camera 1508190 - Backup File Download
LG Smart IP Camera 1508190 - Backup File Download Exploit Title: LG Smart IP Camera 1508190 - Backup File Download Date: 2018-09-11 Exploit Author: Ege Balci Vendor Homepage: https://www.lg.com Software version: 1310250 " exit0...
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Exploit Title: Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Date: 2018-07-§3 Exploit Author: Ahmethan-Gultekin - t4rkd3vilz Vendor Homepage: https://www.grundig.com/ Software Link:...
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: ...
Microsoft Credential Security Support Provider - Remote Code Execution
Microsoft Credential Security Support Provider - Remote Code Execution credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal...
Cisco ASA - Crash (PoC)
Cisco ASA - Crash PoC Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect...
Avaya IP Office (IPO) 10.1 - ActiveX Buffer Overflow
Avaya IP Office IPO 10.1 - ActiveX Buffer Overflow + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt + ISR: ApparitionSec Vendor: =============...
Microsoft Windows 10 RS2 (x64) - win32kfull!bFill Pool Overflow
Microsoft Windows 10 RS2 x64 - win32kfull!bFill Pool Overflow Sources: https://siberas.de/blog/2017/10/05/exploitationcasestudywildpooloverflowCVE-2016-3309reloaded.html https://github.com/siberas/CVE-2016-3309Reloaded Exploits for the recently-patched win32kfull!bFill vulnerability. Executing th...
Sudo 1.8.20 - get_process_ttyname() Local Privilege Escalation
Sudo 1.8.20 - getprocessttyname Local Privilege Escalation / E-DB Note: http://www.openwall.com/lists/oss-security/2017/05/30/16 E-DB Note: http://seclists.org/oss-sec/2017/q2/470 LinuxsudoCVE-2017-1000367.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/...
Intermec PM43 Industrial Printer - Local Privilege Escalation
Intermec PM43 Industrial Printer - Local Privilege Escalation TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware...
Car Workshop System - SQL Injection
Car Workshop System - SQL Injection Exploit Title: Car Workshop System - SQL Injection Google Dork: N/A Date: 13.03.2017 Vendor Homepage: http://prosoft-apps.com/ Software: https://codecanyon.net/item/car-workshop-system/19562074 Demo: http://workshop.prosoft-apps.com/ Version: N/A Tested on: Win...
WordPress Plugin Mail Masta 1.0 - SQL Injection
WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...
Joomla! 3.6.4 - Admin Takeover
Joomla! 3.6.4 - Admin Takeover !/usr/bin/python3 CVE-2016-9838: Joomla! = 3.6.4 Admin TakeOver cf Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random ADMINID = 384 url = 'http://vmweb.lan/Joomla-3.6.4/'...
NTP 4.2.8p3 - Denial of Service
NTP 4.2.8p3 - Denial of Service !/usr/bin/env python Exploit Title: ntpd 4.2.8p3 remote DoS Date: 2015-10-21 Bug Discovery: John D "Doug" Birdwell Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: http://support.ntp.org/bin/view/Main/NtpBug2922 Vendor Homepage: http://www.ntp.org/...
Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow
Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow !/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04"...
libgd 2.1.1 - Signedness Heap Overflow
libgd 2.1.1 - Signedness Heap Overflow Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may...
Ganeti - Multiple Vulnerabilities
Ganeti - Multiple Vulnerabilities =begin Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html Date published:...
Joomla! 3.2.x 3.4.4 - SQL Injection
Joomla! 3.2.x 3.4.4 - SQL Injection --==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight...
CUPS 2.0.3 - Multiple Vulnerabilities
CUPS 2.0.3 - Multiple Vulnerabilities Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs...
Linux Kernel 3.13.0 3.19 (Ubuntu 12.0414.0414.1015.04) - overlayfs Local Privilege Escalation (Access etcshadow)
Linux Kernel 3.13.0 3.19 Ubuntu 12.0414.0414.1015.04 - overlayfs Local Privilege Escalation Access etcshadow The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels wi...
GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection
GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...
Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
Ericsson Drutt MSDP Instance Monitor - Directory Traversal +------------------------------------------------------------------------------------------------------+ + Ericsson Drutt MSDP Instance Monitor - Directory Traversal Vulnerability and Arbitrary File Access +...
Android WiFi-Direct - Denial of Service
Android WiFi-Direct - Denial of Service Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Android WiFi-Direct Denial of Service 1. Advisory Information Title: Android WiFi-Direct Denial of Service Advisory ID: CORE-2015-0002 Advisory URL:...
Microsoft-Excel-0x5D-record
This is an exploit for MS10-038/CVE-2010-0822 Everything is hardcoded! winxp sp3 webDEViL import binascii wD="d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff0900060000" wD+="000000000000000000030000000100000000000000001000000200000004000000feff"...
PBBoard CMS 3.0.1 - SQL Injection
PBBoard CMS 3.0.1 - SQL Injection Vulnerability title: SQL Injection in PBBoard CMS CVE: CVE-2014-9215 CMS: PBBoard Vendor: Power bulletin board - http://www.pbboard.info/ Product: http://sourceforge.net/projects/pbboard/files/PBBoardv3.0.1/PBBoardv3.0.1.zip/download Affected version: Version 3.0...
Eventum 2.3.4 - hostname Remote Code Execution
Eventum 2.3.4 - hostname Remote Code Execution Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor...
PHP-Fusion 7.02.05 - Multiple Vulnerabilities
PHP-Fusion 7.02.05 - Multiple Vulnerabilities waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web:...
SAP NetWeaver Message Server - Multiple Vulnerabilities
SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...
phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection Metasploit Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link:...
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure // source: https://www.securityfocus.com/bid/57900/info The PowerVR SGX driver in Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Informati...
HP Data Protector 6.20 - EXEC_CMD Buffer Overflow
HP Data Protector 6.20 - EXECCMD Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ HP Data Protector EXECCMD Buffer Overflow Vulnerability 1. Advisory Information Title: HP Data Protector EXECCMD Buffer...
HP Data Protector 6.20 - Multiple Vulnerabilities
HP Data Protector 6.20 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protect...
Microsoft Windows - CreateWindow Function Callback (MS10-048)
Microsoft Windows - CreateWindow Function Callback MS10-048 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Window...
Eyeland Studio Inc. - SQL Injection
Eyeland Studio Inc. - SQL Injection Title: Eyeland Studio Inc. SQL Injection Vulnerability Version: 2.0 Author: Mr.P3rfekT Software Site:http://www.eyeland.com/ Tested on Lunix CVE : N/A Home :www.realmadridsy.com & www.v4-team.com/cc Founded By Mr.P3rfekT Dork :"Eyeland Studio Inc. All Rights...
KwsPHP Module jeuxflash 1.0 - id SQL Injection
KwsPHP Module jeuxflash 1.0 - id SQL Injection KwsPHP Module jeuxflash Remote SQL Injection Vulnerability AUTHOR : H-T Team HouSSamix ToXiC350 HOME : http://no-hack.fr & http://no-hack.net Site: http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=downloads&filedl=30&before=8&pdl=1 Dork :...
PHP-Nuke - iframe.php Remote File Inclusion
PHP-Nuke - iframe.php Remote File Inclusion iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] ,...
Premod SubDog 2 - includesfunctions_kb.php?phpbb_root_path Remote File Inclusion
Premod SubDog 2 - includesfunctionskb.php?phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing maliciou...
ScozNews 1.2.1 - mainpath Remote File Inclusion
ScozNews 1.2.1 - mainpath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Exploit Title: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Date: 2020-02-28 Exploit Author: Andrey Stoykov Version: Cyberoam General Authentication Client 2.1.2.7 Tested on: Windows Vista SP2 x86 Steps to Reproduce: 1 R...
Dairy Farm Shop Management System 1.0 - username SQL Injection
Dairy Farm Shop Management System 1.0 - username SQL Injection Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Google Dork: N/A Date: 2020-01-03 Exploit Author: Chris Inzinga Vendor Homepage: https://phpgurukul.com/ Software Link:...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
WEMS BEMS 21.3.1 - Undocumented Backdoor Account Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
eMerge E3 1.00-06 - Unauthenticated Directory Traversal Exploit Title: eMerge E3 1.00-06 - Unauthenticated Directory Traversal Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...
Optergy 2.3.0a - Username Disclosure
Optergy 2.3.0a - Username Disclosure Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee...
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541...
Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell !/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage:...
Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the post Table -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
KACE System Management Appliance (SMA) 9.0.270 - Multiple Vulnerabilities
KACE System Management Appliance SMA 9.0.270 - Multiple Vulnerabilities Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Date: 12/04/2018 Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected...
Microsoft Windows (x86) - Task Scheduler .job Import Arbitrary Discretionary Access Control List Write Local Privilege Escalation
Microsoft Windows x86 - Task Scheduler .job Import Arbitrary Discretionary Access Control List Write Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two folders for tasks. c:\windows\tasks c:\windows\system32\tasks...
Moodle Jmol Filter 6.1 - Directory Traversal Cross-Site Scripting
Moodle Jmol Filter 6.1 - Directory Traversal Cross-Site Scripting Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Date: 20 May 2019 Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities...
Micro Focus Filr 3.4.0.217 - Path Traversal Local Privilege Escalation
Micro Focus Filr 3.4.0.217 - Path Traversal Local Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...