41207 matches found
Flatnuke 2.5.8 - file() Privilege Escalation Code Execution
Flatnuke 2.5.8 - file Privilege Escalation Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexo...
WEBInsta MM 1.3e - absolute_path Remote File Inclusion
WEBInsta MM 1.3e - absolutepath Remote File Inclusion WEBInsta Mailing List Manager = 1.3e initdb.php Remote File Include Exploit function milw0rm if document.exploit.target.value=="" alert"Enter a Target"; return false; exploit.action= document.exploit.target.value;...
Mambo Component ExtCalendar 2.0 - Remote File Inclusion
Mambo Component ExtCalendar 2.0 - Remote File Inclusion -------------------------------------------------------------------------------- Title : ExtCalendar Mambo Module = v2 Remote File Include Vulnerabilities Discovered By OLiBekaS...
Hosting Controller 0.6.1 - User Registration (1)
Hosting Controller 0.6.1 - User Registration 1 Domain: Username: INPUT type="hidden" name="htype" value="27" id="htyp...
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774...
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows:...
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...
Centreon 19.04 - Remote Code Execution
Centreon 19.04 - Remote Code Execution !/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link: https://download.centreon.com Versio...
KACE System Management Appliance (SMA) 9.0.270 - Multiple Vulnerabilities
KACE System Management Appliance SMA 9.0.270 - Multiple Vulnerabilities Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Date: 12/04/2018 Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected...
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types Type Confusion A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In...
Cisco WebEx Meetings 33.6.6 33.9.1 - Privilege Escalation
Cisco WebEx Meetings 33.6.6 33.9.1 - Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisor...
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Google Dork: Date: 2/18/2019 Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version:...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation dbus Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47165.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses dbus service technique ---...
Linux - userfaultfd Bypasses tmpfs File Permissions
Linux - userfaultfd Bypasses tmpfs File Permissions Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it...
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for th...
LG Smart IP Camera 1508190 - Backup File Download
LG Smart IP Camera 1508190 - Backup File Download Exploit Title: LG Smart IP Camera 1508190 - Backup File Download Date: 2018-09-11 Exploit Author: Ege Balci Vendor Homepage: https://www.lg.com Software version: 1310250 " exit0...
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Exploit Title: Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Date: 2018-07-§3 Exploit Author: Ahmethan-Gultekin - t4rkd3vilz Vendor Homepage: https://www.grundig.com/ Software Link:...
Oracle WebCenter FatWire Content Server 7 - Improper Access Control
Oracle WebCenter FatWire Content Server 7 - Improper Access Control Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 =...
Microsoft Credential Security Support Provider - Remote Code Execution
Microsoft Credential Security Support Provider - Remote Code Execution credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal...
Cisco ASA - Crash (PoC)
Cisco ASA - Crash PoC Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect...
Parity Browser 1.6.10 - Bypass Same Origin Policy
Parity Browser 1.6.10 - Bypass Same Origin Policy VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 Version: 0.3 Date: Jun 16th, 2017 Tag: parity same origin policy bypass webproxy token reuse Overview -------- Name: parity Vendor: paritytech References:...
SonicWall NSA 66005600460036002600250M - Multiple Vulnerabilities
SonicWall NSA 66005600460036002600250M - Multiple Vulnerabilities Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-0...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)
PHPMyFAQ 2.9.8 - Cross-Site Scripting 1 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...
libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities
libgig 4.0.0 LinuxSampler - Multiple Vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= https://www.linuxsampler.org/libgig/ libgig is a C++ library for loading, modifying existing and creating new Gigasampler .gig files and DLS Downloadable Sounds Level...
Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH)
Halliburton LogView Pro 10.0.1 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : Halliburton LogView Pro 10.0.1 - Local Buffer Overflow SEH Date : 2017-05-14 Exploit Author : Muhann4d CVE : CVE-2017-8926 Vendor Homepage : http://www.halliburton.com Software Link :...
Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO Summary: Serviio is a free media server. It...
Shutter 0.93.1 - Code Execution
Shutter 0.93.1 - Code Execution Exploit Title: Shutter user-assisted remote code execution Date: 2016-12-26 Software Link: http://shutter-project.org/ Version: 0.93.1 Tested on: Ubuntu, Debian Exploit Author: Prajith P Website: http://prajith.in/ Author Mail: [email protected] CVE: CVE-2016-10081 1...
Apache Tomcat 876 (RedHat Based Distros) - Local Privilege Escalation
Apache Tomcat 876 RedHat Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-5425 - Release date: 10.10.2016 - Revision: 1 - Severity: High...
WordPress 4.5.3 - Directory Traversal Denial of Service
WordPress 4.5.3 - Directory Traversal Denial of Service Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to...
Linux Kernel - espfix64 Nested NMIs Interrupting Privilege Escalation
Linux Kernel - espfix64 Nested NMIs Interrupting Privilege Escalation / +++++ CVE-2015-3290 +++++ High impact NMI bug on x8664 systems 3.13 and newer, embargoed. Also fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a The...
Xceedium Xsuite - Multiple Vulnerabilities
Xceedium Xsuite - Multiple Vulnerabilities See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...
AirLive (Multiple Products) - OS Command Injection
AirLive Multiple Products - OS Command Injection 1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last...
CUPS 2.0.3 - Multiple Vulnerabilities
CUPS 2.0.3 - Multiple Vulnerabilities Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs...
Bonita BPM 6.5.1 - Multiple Vulnerabilities
Bonita BPM 6.5.1 - Multiple Vulnerabilities Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015...
GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection
GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...
Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
Ericsson Drutt MSDP Instance Monitor - Directory Traversal +------------------------------------------------------------------------------------------------------+ + Ericsson Drutt MSDP Instance Monitor - Directory Traversal Vulnerability and Arbitrary File Access +...
BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation
BullGuard Multiple Products - Arbitrary Write Privilege Escalation / Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver...
Microsoft-Excel-0x5D-record
This is an exploit for MS10-038/CVE-2010-0822 Everything is hardcoded! winxp sp3 webDEViL import binascii wD="d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff0900060000" wD+="000000000000000000030000000100000000000000001000000200000004000000feff"...
phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service
phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service ============= DESCRIPTION: ============= A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...
PBBoard CMS 3.0.1 - SQL Injection
PBBoard CMS 3.0.1 - SQL Injection Vulnerability title: SQL Injection in PBBoard CMS CVE: CVE-2014-9215 CMS: PBBoard Vendor: Power bulletin board - http://www.pbboard.info/ Product: http://sourceforge.net/projects/pbboard/files/PBBoardv3.0.1/PBBoardv3.0.1.zip/download Affected version: Version 3.0...
Advantech EKI-6340 - Command Injection
Advantech EKI-6340 - Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL:...
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable...
Bosch Security Systems DVR 630650670 Series - Multiple Vulnerabilities
Bosch Security Systems DVR 630650670 Series - Multiple Vulnerabilities :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2014-10-01 Bosch Security Systems DVR 630/650/670 Series...
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage:...
Apache Rave 0.11 0.20 - User Information Disclosure
Apache Rave 0.11 0.20 - User Information Disclosure CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the Us...
SAP NetWeaver Message Server - Multiple Vulnerabilities
SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...
DataLife Engine 9.7 - preview.php PHP Code Injection
DataLife Engine 9.7 - preview.php PHP Code Injection ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affect...
phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection Metasploit Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link:...
Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation
Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation // source: http://www.vsecurity.com/resources/advisory/20101019-1/ / Linux Kernel Copyright 2010 Virtual Security Research, LLC The handling functions for sending and receiving RDS messages use unchecked copyuserinatomic functions...
Oracle Solaris - su Crash
Oracle Solaris - su Crash From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su'...