41207 matches found
Trend Micro Maximum Security 2019 - Privilege Escalation
Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15...
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
SunOS 5.10 Generic147148-26 - Local Privilege Escalation Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CV...
msdn.com
Pentest notes for: msdn.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:58:32 2019 as: /usr/bin/nmap -sV -A -oA log/msdn.com msdn.com Nmap scan report for msdn.com 13.77.161.179 Host is up 0.17s latency. Other addresses for msdn.com not scanned: 104.215.148.63 40.76.4.15 40.112.72.205...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - start SQL Injection
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - start SQL Injection Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link:...
CheckPoint Endpoint Security ClientZoneAlarm 15.4.062.17802 - Privilege Escalation
CheckPoint Endpoint Security ClientZoneAlarm 15.4.062.17802 - Privilege Escalation Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Date: 2019-01-30 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.checkpoint.com/ Version: Check Poin...
V-SOL GPONEPON OLT Platform 2.03 - Remote Privilege Escalation
V-SOL GPONEPON OLT Platform 2.03 - Remote Privilege Escalation Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested...
ManageEngine opManager 12.3.150 - Authenticated Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution !/usr/bin/env python3 Exploit Title: ManageEngine opManager Authenticated Code Execution Google Dork: N/A Date: 08/13/2019 Exploit Author: @kindredsec Vendor Homepage: https://www.manageengine.com/ Software Link:...
VxWorks 6.8 - TCP Urgent Pointer 0 Integer Underflow
VxWorks 6.8 - TCP Urgent Pointer 0 Integer Underflow Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More...
Apache mod_ssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow (2)
Apache modssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow 2 / OF version r00t VERY PRIV8 spabam Version: v3.0.4 Requirements: libssl-dev apt-get install libssl-dev Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena...
Huawei eSpace 1.1.11.103 - DLL Hijacking
Huawei eSpace 1.1.11.103 - DLL Hijacking / Huawei eSpace Desktop DLL Hijacking Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient...
Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow (Unicode)
Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow Unicode !/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected...
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an ite...
Microsoft Windows VCF - Remote Code Execution
Microsoft Windows VCF - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program...
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable...
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = '''...
Dell Touchpad - ApMsgFwd.exe Denial of Service
Dell Touchpad - ApMsgFwd.exe Denial of Service / Title: Dell Touchpad - ApMsgFwd.exe Denial Of Service Author: Souhail Hammou Vendor Homepage: https://www.alps.com/ Tested on : Alps Pointing-device Driver 10.1.101.207 CVE: CVE-2018-10828 / include include include / Details: ========== ApMsgFwd.ex...
CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution
CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens,...
Dup Scout Enterprise 10.0.18 - Login Remote Buffer Overflow
Dup Scout Enterprise 10.0.18 - Login Remote Buffer Overflow Tested on Windows 10 x86 The application requires to have the web server enabled. Exploit for older version: https://www.exploit-db.com/exploits/40832/ !/usr/bin/python import socket,os,time,struct,argparse parser = argparse.ArgumentPars...
Trend Micro OfficeScan 11.0XG (12.0) - Code Execution Memory Corruption
Trend Micro OfficeScan 11.0XG 12.0 - Code Execution Memory Corruption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt +...
libmad 0.15.1b - mp3 Memory Corruption
libmad 0.15.1b - mp3 Memory Corruption libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description:...
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1206 Missing bounds-checking in AVI stream parsing When parsing AVI files, CAVIFileParser uses the stream count from the AVI header to allocate backing storage for storing...
LightDM (Ubuntu 16.0416.10) - Guest Account Local Privilege Escalation
LightDM Ubuntu 16.0416.10 - Guest Account Local Privilege Escalation Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source...
Linux Kernel 3.11 4.8 0 - SO_SNDBUFFORCE SO_RCVBUFFORCE Local Privilege Escalation
Linux Kernel 3.11 4.8 0 - SOSNDBUFFORCE SORCVBUFFORCE Local Privilege Escalation // CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-97...
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE, Reflected Cross Site Scripting product: Aruba AirWave vulnerab...
PHPMailer 5.2.20 - Remote Code Execution
PHPMailer 5.2.20 - Remote Code Execution !/usr/bin/python intro = """ PHPMailer RCE PoC Exploits PHPMailer " postfields = 'action':...
NETGEAR WNR2000v5 - Remote Code Execution
NETGEAR WNR2000v5 - Remote Code Execution Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality and has been deprecated. Please see the modules accepted into the Metasploit framework...
Nagios 4.2.2 - Arbitrary Code Execution
Nagios 4.2.2 - Arbitrary Code Execution !/usr/bin/env python Source: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html intro = """\03394m Nagios Core 4.2.0 Curl Command Injection / Code Execution PoC Exploit CVE-2016-9565 nagioscmdinjection.py ver...
glibc - getaddrinfo Stack Buffer Overflow (PoC)
glibc - getaddrinfo Stack Buffer Overflow PoC Sources: https://googleonlinesecurity.blogspot.sg/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547 Technical information: glibc reserves 2048 bytes in the stack through alloca for the DNS answer at...
Linux Kernel 3.13.0 3.19 (Ubuntu 12.0414.0414.1015.04) - overlayfs Local Privilege Escalation
Linux Kernel 3.13.0 3.19 Ubuntu 12.0414.0414.1015.04 - overlayfs Local Privilege Escalation / Exploit Title: ofs.c - overlayfs local root in ubuntu Date: 2015-06-15 Exploit Author: rebel Version: Ubuntu 12.04, 14.04, 14.10, 15.04 Kernels before 2015-06-15 Tested on: Ubuntu 12.04, 14.04, 14.10,...
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendo...
Inmatrix-Ltd.-Zoom-Player-8.5-.jpeg
Exploit Title: Inmatrix Ltd. Zoom Player Crafted JPEG File Memory Corruption and Arbitrary Code Execution Exploit. Version: Zoom Player v8.5 Date: 09-1-2013 Author: Debasish Mandal. Blog : http://www.debasish.in/ d =...
Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure
Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with...
Linux Kernel 3.3.5 - driversmediamedia-device.c Local Information Disclosure
Linux Kernel 3.3.5 - driversmediamedia-device.c Local Information Disclosure / source: https://www.securityfocus.com/bid/68048/info The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to cause a memory leak to obtain sensitive...
Open Web Analytics 1.5.4 - owa_email_address SQL Injection
Open Web Analytics 1.5.4 - owaemailaddress SQL Injection """ Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL:...
AuraCMS 2.3 - Multiple Vulnerabilities
AuraCMS 2.3 - Multiple Vulnerabilities Advisory ID: HTB23196 Product: AuraCMS Vendor: AuraCMS Vulnerable Versions: 2.3 and probably prior Tested Version: 2.3 Advisory Publication: January 8, 2014 without technical details Vendor Notification: January 8, 2014 Vendor Patch: January 30, 2014 Public...
Linux Kernel 3.4 3.13.2 (Ubuntu 13.10) - CONFIG_X86_X32 Arbitrary Write (2)
Linux Kernel 3.4 3.13.2 Ubuntu 13.10 - CONFIGX86X32 Arbitrary Write 2 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pa...
Chamilo Lms 1.9.6 - profile.php?password SQL Injection
Chamilo Lms 1.9.6 - profile.php?password SQL Injection Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013...
Sophos Web Protection Appliance - Multiple Vulnerabilities
Sophos Web Protection Appliance - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-08...
INSTEON Hub 2242-222 - Lack of Web and API Authentication
INSTEON Hub 2242-222 - Lack of Web and API Authentication Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model...
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities --------------------------------------------------------------------------------- vtiger CRM debug"Entering customer portal function getlistvalues"; 2 The vulnerable code is located in the getprojectcomponents SOAP method defined in...
Oracle Application Framework - Diagnostic Mode Bypass
Oracle Application Framework - Diagnostic Mode Bypass Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected:...
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities Exploit Title: u M@d? - Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities Date: Discovered and reported November 2012 Author: Jacob Holcomb/Gimppy042 - Security Analyst...
Supernews 2.6.1 - noticias.php?cat SQL Injection
Supernews 2.6.1 - noticias.php?cat SQL Injection Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31. $que...
Tiki Wiki CMS Groupware 8.2 - snarf_ajax.php Remote PHP Code Injection
Tiki Wiki CMS Groupware 8.2 - snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for...
Oracle Document Capture 10.1.3.5 - Insecure Method Buffer Overflow
Oracle Document Capture 10.1.3.5 - Insecure Method Buffer Overflow Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Docume...
Linux Kernel 2.6.37-rc2 - ACPI custom_method Local Privilege Escalation
Linux Kernel 2.6.37-rc2 - ACPI custommethod Local Privilege Escalation / american-sign-language.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347 This custommethod file allows to inject custom ACPI methods into the ACPI interpreter...
Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation
Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation // source: http://www.vsecurity.com/resources/advisory/20101019-1/ / Linux Kernel Copyright 2010 Virtual Security Research, LLC The handling functions for sending and receiving RDS messages use unchecked copyuserinatomic functions...
Simple Machines Forum (SMF) 1.0.131.1.5 - Destroyer 0.1 Password Reset Security Bypass
Simple Machines Forum SMF 1.0.131.1.5 - Destroyer 0.1 Password Reset Security Bypass !/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood b...
Joomla! Component Ice Gallery 0.5b2 - catid Blind SQL Injection
Joomla! Component Ice Gallery 0.5b2 - catid Blind SQL Injection Joomla Component comicecatid Blind SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : Blind SQL injection Google Dork : inurl:comice "catid"...
TugZip 3.00 Archiver - .zip Local Buffer Overflow
TugZip 3.00 Archiver - .zip Local Buffer Overflow /0day TUGzip 3.00 archiver .ZIP File Local Buffer Overflow "If you change things ,forever,there's no going back,you see for them you're just a freak, like me ..Mhaaaahaaaaaaaaaaaaaaaaaaaa"JK Well hello there ,greetz from Romania,here is a exploit...