41207 matches found
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
Yahei PHP Prober 0.4.7 - Cross-Site Scripting Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version: 0.4.7...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting Exploit Title: Joomla! Component JS Jobs 1.2.0 - Cross Site Scripting Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com/products/js-jobs.html...
Asterisk chan_pjsip 15.2.0 - INVITE Denial of Service
Asterisk chanpjsip 15.2.0 - INVITE Denial of Service ''' Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip installed with --with-pjproject-bundled -...
Android - Inter-Process munmap due to Race Condition in ashmem
Android - Inter-Process munmap due to Race Condition in ashmem The MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a...
Microsoft Edge Chakra - Buffer Overflow
Microsoft Edge Chakra - Buffer Overflow sxCall.argCount; //pnode-sxCall.argCount=0xFFFF argCount++; // include "this" //overflow!!!! argCount==0 BOOL fSideEffectArgs = FALSE; unsigned int tmpCount = CountArgumentspnode-sxCall.pnodeArgs, &fSideEffectArgs; AssertargCount == tmpCount; if argCount !=...
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-PASSWORD-RESET-CSRF.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subson...
Microsoft Windows 88.12012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010)
Microsoft Windows 88.12012 R2 x64 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb, ntlm from struct import pack import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended o...
Joomla! 3.6.4 - Admin Takeover
Joomla! 3.6.4 - Admin Takeover !/usr/bin/python3 CVE-2016-9838: Joomla! = 3.6.4 Admin TakeOver cf Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random ADMINID = 384 url = 'http://vmweb.lan/Joomla-3.6.4/'...
Rumba FTP Client 4.x - Remote Stack Buffer Overflow (SEH)
Rumba FTP Client 4.x - Remote Stack Buffer Overflow SEH Exploit Title: Rumba FTP 4.x Client Stackoverflow SEH Date: 29-10-2016 Exploit Author: Umit Aksu Vendor Homepage: http://community.microfocus.com/microfocus/mainframesolutions/rumba/w/knowledgebase/28731.rumba-ftp-4-x-security-update.aspx...
AXIS (Multiple Products) - devtools (Authenticated) Remote Command Execution
AXIS Multiple Products - devtools Authenticated Remote Command Execution / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information...
Meinberg NTP Time Server ELX800GPS M4x V5.30p - Remote Command Execution Escalate Privileges
Meinberg NTP Time Server ELX800GPS M4x V5.30p - Remote Command Execution Escalate Privileges !/usr/bin/python EDB Note: Source https://github.com/securifera/CVE-2016-3962-Exploit EDB Note: More info https://www.securifera.com/blog/2016/07/17/time-to-patch-rce-on-meinberg-ntp-time-server/ 271 -...
libgd 2.1.1 - Signedness Heap Overflow
libgd 2.1.1 - Signedness Heap Overflow Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may...
Multiple CCTV-DVR Vendors - Remote Code Execution
Multiple CCTV-DVR Vendors - Remote Code Execution !/usr/bin/python Blog post: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html ''' Vendors List Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems Cocktail...
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow (PoC)
NTPd ntp-4.2.6p5 - ctlputdata Buffer Overflow PoC / Ntpd Based on: ntpq client from ntp package Provided for legal security research and testing purposes ONLY PoC DoS Denial of Service PoC. Will crash NTPd. You will need to know the KEY ID and MD5 password, for example put this in you ntp.conf...
Qlikview 11.20 SR11 - Blind XML External Entity Injection
Qlikview 11.20 SR11 - Blind XML External Entity Injection Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type:...
Internet Download Manager - OLE Automation Array Remote Code Execution
Internet Download Manager - OLE Automation Array Remote Code Execution !/usr/bin/php Run Site Grabber 4 . Enter any word "Start page/address" 5 . Click Addvance 6 . check "Enter Login and password manually at the following web page" 7 . Enter your exploit link http://ipaddress:80/ 8 . Next -- Nex...
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor...
Linux Kernel 3.133.14 (Ubuntu) - splice() System Call Local Denial of Service
Linux Kernel 3.133.14 Ubuntu - splice System Call Local Denial of Service / ---------------------------------------------------------------------------------------------------- cve-2014-7822poc.c The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not...
WordPress Plugin Marketplace 2.4.0 - Arbitrary File Download
WordPress Plugin Marketplace 2.4.0 - Arbitrary File Download Exploit Title: WP Marketplace 2.4.0 Arbitrary File Download Date: 26-10-2014 Software Link: https://wordpress.org/plugins/wpmarketplace/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...
Windows-XP-2003-Afd.sys-Escalation
MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli HalDispatchTable+0x4+1 from ctypes import windll, CDLL, Structure, byref, sizeof, POINTER, cchar, cshort, cushort, cint, cuint, culong, cvoidp, clong, ccharp from ctypes.wintypes import HANDLE...
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ==========================================================================...
vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection
vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection vBulletin 4.0.x = 4.1.2 AUTOMATIC SQL Injection exploit Author: D35m0nd142, Google Dork: inurl:search.php?searchtype=1 Date: 02/09/2014 Vendor Homepage: http://www.vbulletin.com/ Tested on: vBulletin 4.1.2 Usage: perl exploit.pl Tutorial video:...
Linux Kernel 3.2.0-233.5.0-23 (Ubuntu 12.0412.04.112.04.2 x64) - perf_swevent_init Local Privilege Escalation (3)
Linux Kernel 3.2.0-233.5.0-23 Ubuntu 12.0412.04.112.04.2 x64 - perfsweventinit Local Privilege Escalation 3 / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu...
Chamilo Lms 1.9.6 - profile.php?password SQL Injection
Chamilo Lms 1.9.6 - profile.php?password SQL Injection Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013...
Apache + PHP 5.3.12 5.4.2 - Remote Code Execution + Scanner
Apache + PHP 5.3.12 5.4.2 - Remote Code Execution + Scanner !/usr/bin/env python ap-unlock-v1337.py - apache + php 5. rem0te c0de execution exploit NOTE: - quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range...
X2CRM 3.4.1 - Multiple Vulnerabilities
X2CRM 3.4.1 - Multiple Vulnerabilities Advisory ID: HTB23172 Product: X2CRM Vendor: X2Engine Inc. Vulnerable Versions: 3.4.1 and probably prior Tested Version: 3.4.1 Advisory Published: September 4, 2013 Vendor Notification: September 4, 2013 Vendor Patch: September 10, 2013 Public Disclosure:...
AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ AVTECH DVR multiple vulnerabilities 1. Advisory Information Title: AVTECH DVR multiple vulnerabilities Advisory ID: CORE-2013-0726 Advisory URL:...
XnView 2.03 - .pct Buffer Overflow
XnView 2.03 - .pct Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL:...
Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery
Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery Exploit Title: Verizon Fios Router CSRF Admin Shell Date: Discovered and reported January 2013 Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators Software: Verizon FIOS Router - Firmware 40.19.36...
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
vBulletin Yet Another Awards System 4.0.2 - SQL Injection Exploit Title: vBulletin Yet Another Awards System 4.0.2 Time Based SQL Injection 0day Google Dork: inurl:awards.php intext:"powered by vbulletin" Date: 29/08/12 Exploit Author: Backsl@sh/Dan Software Link:...
SAP NetWeaver Dispatcher - Multiple Vulnerabilities
SAP NetWeaver Dispatcher - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Dispatcher Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL:...
HP Data Protector 6.20 - Multiple Vulnerabilities
HP Data Protector 6.20 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protect...
Tandberg E EX C Series Endpoints - Default Root Account Credentials
Tandberg E EX C Series Endpoints - Default Root Account Credentials -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints Advisory ID: cisco-sa-20110202-tandberg Revision 1.0 For Public Release 2011...
KLINK - SQL Injection
KLINK - SQL Injection Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on...
ClanSphere 2010.0 Final - Multiple Vulnerabilities
ClanSphere 2010.0 Final - Multiple Vulnerabilities Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability...
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities Exploit Title: Joomla Component comccboard Multiple Vulnerabilities Date: 13 Nov 2010 Author: jdc Category: webapps/0day Version: 1.2-RC Download:...
Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)
Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment MS10-047 Microsoft Windows nt!NtCreateThread race condition with invalid code segment ---------------------------------------------------------------------------- CVE-2010-1888 Creating a new thread on windows involves...
vBulletin 3.8.6 - faq.php Information Disclosure
vBulletin 3.8.6 - faq.php Information Disclosure 010101010101010101010101010101010101010101010101010101010 0 0 1 Iranian Datacoders Security Team 2010 0 0 010101010101010101010101010101010101010101010101010101010 Original Advisory:...
Novell iManager - Multiple Vulnerabilities
Novell iManager - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Novell iManager Multiple Vulnerabilities 1. Advisory Information Title: Novell iManager Multiple Vulnerabilities Advisory Id:...
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting all of them Credit : ItSecTeam Remote : Yes Status : Bug mail : [email protected] Dork : "ATutor 1.6.4" Special Tnx : am!rkh@n, Amin ShokohiPejvak, C0M0D0, 0xd41684c654, r3dmove And...
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
Apache Tomcat 6.0.18 - utf8 Directory Traversal PoC Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18...
X-Cart - Multiple Remote File Inclusions
X-Cart - Multiple Remote File Inclusions xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection (1)
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection 1 ?php / http://www.undergroundagents.de coded by silent vapor [email protected] / printr' -------------------------------------------------------------------------------- Woltlab Burning Board Lite = 1.0.2 GetHashes over...
Flatnuke 2.5.8 - file() Privilege Escalation Code Execution
Flatnuke 2.5.8 - file Privilege Escalation Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexo...
WEBInsta MM 1.3e - absolute_path Remote File Inclusion
WEBInsta MM 1.3e - absolutepath Remote File Inclusion WEBInsta Mailing List Manager = 1.3e initdb.php Remote File Include Exploit function milw0rm if document.exploit.target.value=="" alert"Enter a Target"; return false; exploit.action= document.exploit.target.value;...
Mambo Component ExtCalendar 2.0 - Remote File Inclusion
Mambo Component ExtCalendar 2.0 - Remote File Inclusion -------------------------------------------------------------------------------- Title : ExtCalendar Mambo Module = v2 Remote File Include Vulnerabilities Discovered By OLiBekaS...
Hosting Controller 0.6.1 - User Registration (1)
Hosting Controller 0.6.1 - User Registration 1 Domain: Username: INPUT type="hidden" name="htype" value="27" id="htyp...
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774...