41207 matches found
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload SQL Injection
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload SQL Injection Exploit Title: Simple PHP Shopping Cart 0.9 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://asaancart.wordpress.com/ Software Link:...
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software...
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: ...
OpenCMS 10.5.3 - Cross-Site Scripting
OpenCMS 10.5.3 - Cross-Site Scripting Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Persistent XSS Date: 2018-03-27 Exploit...
SysGauge Server 3.6.18 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepage:...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)
PHPMyFAQ 2.9.8 - Cross-Site Scripting 3 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE :...
Microsoft Windows 10 RS2 (x64) - win32kfull!bFill Pool Overflow
Microsoft Windows 10 RS2 x64 - win32kfull!bFill Pool Overflow Sources: https://siberas.de/blog/2017/10/05/exploitationcasestudywildpooloverflowCVE-2016-3309reloaded.html https://github.com/siberas/CVE-2016-3309Reloaded Exploits for the recently-patched win32kfull!bFill vulnerability. Executing th...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...
Linux Kernel - BadIRET Local Privilege Escalation
Linux Kernel - BadIRET Local Privilege Escalation CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls Usa...
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...
OpenSSL 1.1.0 - Remote Client Denial of Service
OpenSSL 1.1.0 - Remote Client Denial of Service // Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/ / SSL server demonstration program Copyright C 2006-2015, ARM Limited, All Rights Reserved...
Joomla! 3.6.4 - Admin Takeover
Joomla! 3.6.4 - Admin Takeover !/usr/bin/python3 CVE-2016-9838: Joomla! = 3.6.4 Admin TakeOver cf Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random ADMINID = 384 url = 'http://vmweb.lan/Joomla-3.6.4/'...
PHPMailer 5.2.18 - Remote Code Execution (Bash)
PHPMailer 5.2.18 - Remote Code Execution Bash !/bin/bash CVE-2016-10033 exploit by opsxcq https://github.com/opsxcq/exploit-CVE-2016-10033 echo '+ CVE-2016-10033 exploit by opsxcq' if -z "$1" then echo '- Please inform an host as parameter' exit -1 fi host=$1 echo '+ Exploiting '$host curl -sq...
PHPMailer 5.2.18 - Remote Code Execution (PHP)
PHPMailer 5.2.18 - Remote Code Execution PHP 09607 "; // ------------------ // mail param injection via the vulnerability in PHPMailer requireonce'class.phpmailer.php'; $mail = new PHPMailer; // defaults to using php "mail" $mail-SetFrom$emailfrom, 'Client Name'...
Adobe ColdFusion 11 Update 10 - XML External Entity Injection
Adobe ColdFusion 11 Update 10 - XML External Entity Injection ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016...
SAP xMII 15.0 - Directory Traversal
SAP xMII 15.0 - Directory Traversal Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry...
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/...
PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library
PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...
Centreon 2.5.4 - Multiple Vulnerabilities
Centreon 2.5.4 - Multiple Vulnerabilities Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution CVEs: CVE-2015-1560, CVE-2015-1561 Vendor: Merethis - www.centreon.com Product: Centreon Version affected: 2.5.4 and prior Product description: Centreon is the choic...
WordPress 4.0 - Denial of Service
WordPress 4.0 - Denial of Service $argv2, 'pwd' = strrepeat"A",1000000, 'redirectto' = $argv1 . "/wp-admin/", 'reauth' = 1, 'testcookie' = '1', 'wp-submit' = "Log%20In"; $cookieFiles = "cookie.txt"; curlsetoptarray$ch, array CURLOPTHEADER = 1, CURLOPTUSERAGENT = "Mozilla/5.0 Windows; U; Windows N...
Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities
Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014...
Sharetronix 3.3 - Multiple Vulnerabilities
Sharetronix 3.3 - Multiple Vulnerabilities Advisory ID: HTB23214 Product: Sharetronix Vendor: Blogtronix, LLC Vulnerable Versions: 3.3 and probably prior Tested Version: 3.3 Advisory Publication: May 7, 2014 without technical details Vendor Notification: May 7, 2014 Vendor Patch: May 27, 2014...
D-Link DSR Router Series - Remote Command Execution
D-Link DSR Router Series - Remote Command Execution !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-2...
Apache + PHP 5.3.12 5.4.2 - Remote Code Execution + Scanner
Apache + PHP 5.3.12 5.4.2 - Remote Code Execution + Scanner !/usr/bin/env python ap-unlock-v1337.py - apache + php 5. rem0te c0de execution exploit NOTE: - quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range...
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
XnView 2.03 - .pct Buffer Overflow
XnView 2.03 - .pct Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL:...
Guru Auction 2.0 - Multiple SQL Injections
Guru Auction 2.0 - Multiple SQL Injections / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities
DCForum - authuserfile.txt File Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/56383/info DCForum is prone to multiple information-disclosure vulnerabilities. Exploiting these issues may allow an attacker to obtain sensitive information that may aid in...
SAP NetWeaver Dispatcher 7.0 ehp12 - Multiple Vulnerabilities
SAP NetWeaver Dispatcher 7.0 ehp12 - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08...
4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection
4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection !/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54...
WordPress 3.3.1 - Multiple Vulnerabilities
WordPress 3.3.1 - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Versi...
Habari Blog - Multiple Vulnerabilities
Habari Blog - Multiple Vulnerabilities Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure...
vBulletin 3.8.6 - faq.php Information Disclosure
vBulletin 3.8.6 - faq.php Information Disclosure 010101010101010101010101010101010101010101010101010101010 0 0 1 Iranian Datacoders Security Team 2010 0 0 010101010101010101010101010101010101010101010101010101010 Original Advisory:...
libpng 1.4.2 - Denial of Service
libpng 1.4.2 - Denial of Service / Exploit Title: libpng include include include include include define BASE 65521L / largest prime smaller than 65536 / / Update a running Adler-32 checksum with the bytes buf0..len-1 and return the updated checksum. The Adler-32 checksum should be initialized to ...
Novell iManager - Multiple Vulnerabilities
Novell iManager - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Novell iManager Multiple Vulnerabilities 1. Advisory Information Title: Novell iManager Multiple Vulnerabilities Advisory Id:...
Spaceacre - index.php SQL Injection HTML Cross-Site Scripting Injection
Spaceacre - index.php SQL Injection HTML Cross-Site Scripting Injection ------------------------------------------------------------------------------------------- Spaceacre index.php SQL/HTML/XSS Injection Vulnerability...
Adobe Photoshop CS4 Extended 11.0 - .ABR File Handling Remote Buffer Overflow (PoC)
Adobe Photoshop CS4 Extended 11.0 - .ABR File Handling Remote Buffer Overflow PoC !/usr/bin/perl Title: Adobe Photoshop CS4 Extended 11.0 ABR File Handling Remote Buffer Overflow PoC Summary: The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your...
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting all of them Credit : ItSecTeam Remote : Yes Status : Bug mail : [email protected] Dork : "ATutor 1.6.4" Special Tnx : am!rkh@n, Amin ShokohiPejvak, C0M0D0, 0xd41684c654, r3dmove And...
WorldPay Script Shop - productdetail SQL Injection
WorldPay Script Shop - productdetail SQL Injection ============================================ | WorldPay Script Shop productdetail SQL Injection Vulnerability ============================================ + Author: Err0R + Site : www.sa-hacker.com/vb + Email : [email protected]...
DMXReady Contact Us Manager 1.1 - Remote Contents Change
DMXReady Contact Us Manager 1.1 - Remote Contents Change Title : DMXReady Contact Us Manager http://target/path//applications/ContactUsManager/inccontactusmanager.asp Edit - http://target/path//admin/ContactUsManager/addcategory.asp : milw0rm.com 2009-01-14...
WebPhotoPro - Multiple SQL Injections
WebPhotoPro - Multiple SQL Injections source: https://www.securityfocus.com/bid/32829/info WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker t...
AJ HYIP ACME - comment.php SQL Injection
AJ HYIP ACME - comment.php SQL Injection proud to be muslim rEm0te sql injction VulnErability ajhyip manager script AuTh0r : security fears team Home : WwW.alsonaa.com members: HeB4RieH , germayax...
phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion
phpFFL 1.24 - PHPFFLFILEROOT Remote File Inclusion Title : phpFFL 1.24 Remote File Inclusion Vulnerability Title : phpFFL 1.24 Remote File Inclusion Vulnerability Author : Dj7xpl Contact : [email protected] Dawnload : http://sourceforge.net/project/showfiles.php?groupid=137531 Gr33tZ : Y! Undergroun...
STPHPLibrary - STPHPLIB_DIR Remote File Inclusion
STPHPLibrary - STPHPLIBDIR Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...
Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage
Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage !/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet fram...
Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion
Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion Joomla-SMF Forum Bridge For Mambo 4.5.3+ And Mambo 4.5.3+ Remote File Inclusion Vulnebrality Discovered by : ASIANEAGLE Remote:Yes Level:High --------------------------------------------------------- Application: SMF Forum 1.3.1.3 Bridge...
Snitz Forums 2000 - down.asp HTTP Response Splitting
Snitz Forums 2000 - down.asp HTTP Response Splitting source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected...
TotalAV 2020 4.14.31 - Privilege Escalation
TotalAV 2020 4.14.31 - Privilege Escalation Exploit Title: TotalAV 2020 4.14.31 - Privilege Escalation Date: 2020-01-09 Exploit Author: Kusol Watchara-Apanukorn Vendor Homepage: https://www.totalav.com/ Version: 4.14.31 Fixed on: 5.3.35 Tested on: Windows 10 x64 CVE : CVE-2019-18194 Vulnerability...