41207 matches found
OpenCart 2.1.0.2 2.2.0.0 - json_decode Function Remote Code Execution
OpenCart 2.1.0.2 2.2.0.0 - jsondecode Function Remote Code Execution OpenCart jsondecode function Remote PHP Code Execution Author: Naser Farhadi Twitter: @naserfarhadi Date: 9 April 2016 Version: 2.1.0.2 to 2.2.0.0 Latest version Vendor Homepage: http://www.opencart.com/ Vulnerability:...
Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - iowarrior Driver Crash (PoC)
Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - iowarrior Driver Crash PoC OS-S Security Advisory 2016-15 Linux iowarrior Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local...
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference (MS15-134)
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference MS15-134 1. Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL:...
WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion
WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion Advisory ID: HTB23275 Product: Gwolle Guestbook WordPress Plugin Vendor: Marcel Pol Vulnerable Versions: 1.5.3 and probably prior Tested Version: 1.5.3 Advisory Publication: October 14, 2015 without technical details Vendor...
AirLink101 SkyIPCam1620W - OS Command Injection
AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...
Symantec Data Center Security - Multiple Vulnerabilities
Symantec Data Center Security - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec...
Ammyy Admin 3.5 - Remote Code Execution (Metasploit)
Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...
Linux Kernel 3.2.0-23 (Ubuntu 12.04 x64) - ptracesysret Local Privilege Escalation
Linux Kernel 3.2.0-23 Ubuntu 12.04 x64 - ptracesysret Local Privilege Escalation / CVE-2014-4699 ptrace/sysret PoC by Vitaly Nikolenko [email protected] gcc -O2 pocv0.c This code is kernel specific. On Ubuntu 12.04.0 LTS 3.2.0-23-generic, the following will trigger the GP in sysret and overwrite...
dompdf 0.6.0 - dompdf.php?read Arbitrary File Read
dompdf 0.6.0 - dompdf.php?read Arbitrary File Read Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is...
Apple Mac OSX 10.9 - Hard Link Memory Corruption
Apple Mac OSX 10.9 - Hard Link Memory Corruption / MacOSX/XNU HFS Multiple Vulnerabilities Maksymilian Arciemowicz http://cxsecurity.com/ http://cifrex.org/ =================== On November 8th, I've reported vulnerability in hard links for HFS+ CVE-2013-6799...
vTiger CRM 5.4.0 - index.php?onlyforuser SQL Injection
vTiger CRM 5.4.0 - index.php?onlyforuser SQL Injection Advisory ID: HTB23168 Product: vtiger CRM Vendor: vtiger Vulnerable Versions: 5.4.0 and probably prior Tested Version: 5.4.0 Vendor Notification: August 7, 2013 Vendor Patch: September 17, 2013 Public Disclosure: September 18, 2013...
XnView 2.03 - .pct Buffer Overflow
XnView 2.03 - .pct Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL:...
OpenX 2.8.10 - Multiple Vulnerabilities
OpenX 2.8.10 - Multiple Vulnerabilities Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion...
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com Buffer overflow in Ubiquiti airCam RTSP service 1. Advisory Information Title: Buffer overflow in Ubiquiti airCam RTSP service Advisory ID: CORE-2013-0430 Advisory URL:...
Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery
Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery Exploit Title: Verizon Fios Router CSRF Admin Shell Date: Discovered and reported January 2013 Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators Software: Verizon FIOS Router - Firmware 40.19.36...
Bitweaver 2.8.1 - Multiple Vulnerabilities
Bitweaver 2.8.1 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver http://www.bitweaver.org/ Product: Bitweaver Version affected: 2.8.1 and earlier versions Product description:...
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
Linux Kernel 2.6.36 IGMP - Remote Denial of Service / linux-undeadattack.c Linux IGMP Remote Denial Of Service Introduced in linux-2.6.36 CVE-2012-0207 credits to Ben Hutchings: http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html written By Kingcope Year 2012...
Log1 CMS 2.0 - ajax_create_folder.php Remote Code Execution
Log1 CMS 2.0 - ajaxcreatefolder.php Remote Code Execution ?php / +-----------------------------------------------------------+ + Log1CMS 2.0ajaxcreatefolder.php Remote Code Execution + +-----------------------------------------------------------+ Web-App : Log1CMS 2.0 Vendor :...
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-11-010 Release Date. 19-Sep-2011 Last Update. - Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C = TC4.1.2, MXP = F9.1 Severity Rating...
SOOP Portal Raven 1.0b - SQL Injection
SOOP Portal Raven 1.0b - SQL Injection Exploit Title: SOOP Portal Raven 1.0b sql injection Google Dork: Powered by SOOP Portal Raven 1.0b Date: date Author: Evil-Thinker Version: Raven 1.0b Tested on: Windows Soft Technologie : ASP.net Exploit Details :...
EzPub Simple Classic ASP CMS - SQL Injection
EzPub Simple Classic ASP CMS - SQL Injection Title: EzPub - Simple Classic ASP CMS Vulnerable to SQL Injection Vendor: http://www.soft4web.ro Found by: p0pc0rn 08/03/2011 Dork: intext:"Powered by EZPub" SQL - Microsoft JET Database Engine error ------------------------------------------...
HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow
HP OpenView Network Node Manager OV NNM 7.53 - OvJavaLocale Buffer Overflow HP OPENVIEW NNM OVJAVALOCALE BUFFER OVERFLOW VULNERABILITY 1. ADVISORY INFORMATION Title: HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability Advisory Id: CORE-2010-0608 Advisory URL:...
Joomla! Component Ozio Gallery - SQL Injection
Joomla! Component Ozio Gallery - SQL Injection Exploit Title: Joomla Component comoziogallery SQL Injection Vulnerability Date: 2010/07/25 Author: ViRuS Qalaa Email: [email protected] My Sites : www.pal-mafia.com & www.vbspiders.com Tested on: Windows Team hacker:ViRuS Qalaa & HaCkEr aRaR X-MaN HaCk3r...
EPay Enterprise 4.13 - cid SQL Injection
EPay Enterprise 4.13 - cid SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
Cisco WLC 4402 - Basic Auth Remote Denial of Service (Metasploit)
Cisco WLC 4402 - Basic Auth Remote Denial of Service Metasploit require 'msf/core' class Metasploit3 'Cisco WLC 4200 Basic Auth Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the Cisco WLC 4200 HTTP server. By sending a GET request with long...
Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection
Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio...
PHP-Fusion Mod Book Panel - bookid SQL Injection
PHP-Fusion Mod Book Panel - bookid SQL Injection /+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\ + + + |----------------------------------------------------------------| + + | PHP-Fusion Mod - Book Panel Remote SQL Injectio...
PHPX 3.5.16 - news_id SQL Injection
PHPX 3.5.16 - newsid SQL Injection action = $GET'action'; 12. $this-newsid = $GET'newsid'; 13. 14. global $userinfo; 15. global $core; 16. 17. $this-core = $core; 18. 19. $this-userinfo = $userinfo; 20. 21. 22. 23. 24. if !$this-userinfo DIE"HACK ATTEMPT"; 25. if $this-userinfonews != 1 DIE"NO...
LoudBlog 0.8.0a - ajax.php SQL Injection
LoudBlog 0.8.0a - ajax.php SQL Injection !/usr/bin/perl This Exploit requires a valid user name and password of an account regardless of the permissions Author: Xianur0 Affected: All Versions Bug: SQL Injection Doorks: allintext: "powered by LoudBlog" use HTTP::Request::Common qwPOST; use...
ShopMaker CMS 1.0 - id SQL Injection
ShopMaker CMS 1.0 - id SQL Injection || | | ShopMaker v1.0 product.php id Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | script : http://shop.maker.ir | | Dor...
PozScripts Classified Ads Script - cid SQL Injection
PozScripts Classified Ads Script - cid SQL Injection || | | Classified Ads cid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...
NASM 2.0 - ppscan() Off-by-One Buffer Overflow
NASM 2.0 - ppscan Off-by-One Buffer Overflow source: https://www.securityfocus.com/bid/29656/info NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow...
Ubuntu 6.06 - DHCPd Remote Denial of Service
Ubuntu 6.06 - DHCPd Remote Denial of Service Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit Author: RoMaNSoFt Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/4601.tgz 1022007-DoS-CVE-2007-5365.tgz milw0rm.com 2007-11-02...
Kodak Image Viewer - TIFTIFF Code Execution (MS07-055)
Kodak Image Viewer - TIFTIFF Code Execution MS07-055 / MS07-055 Kodak Image Viewer TIF/TIFF Code Execution Proof Of Concept by Hong Gil-Dong, Jeon Woo-chi Hwang-Hee?1542, Prime Minister in Korea Once upon a time, One servant of Hwang-Hee was arguing with another servant. they asked Hwang-Hee to...
MySQL 4.x5.0 (Windows) - User-Defined Function Command Execution
MySQL 4.x5.0 Windows - User-Defined Function Command Execution -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat U...
MDForum 2.0.1 - PNSVlang Remote Code Execution
MDForum 2.0.1 - PNSVlang Remote Code Execution DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper...
TikiWiki 1.9 Sirius - jhot.php Remote Command Execution
TikiWiki 1.9 Sirius - jhot.php Remote Command Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++...
Linux Kernel 2.6.13 2.6.17.4 - sys_prctl() Local Privilege Escalation (3)
Linux Kernel 2.6.13 2.6.17.4 - sysprctl Local Privilege Escalation 3 / $Id: raptorprctl.c,v 1.1 2006/07/13 14:21:43 raptor Exp $ raptorprctl.c - Linux 2.6.x suiddumpable vulnerability Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and...
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service / source: https://www.securityfocus.com/bid/15365/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from a failure to properly unregister kernel resources when network devices are...
JamMail 1.8 - Jammail.pl Arbitrary Command Execution
JamMail 1.8 - Jammail.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to...
osTicket 1.21.3 - Multiple Input Validation Remote Code Injection Vulnerabilities
osTicket 1.21.3 - Multiple Input Validation Remote Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...
PunBB 1.2.4 - id SQL Injection
PunBB 1.2.4 - id SQL Injection !/usr/bin/python | || | | | | | | | || || \ | |/ || '|/ |/ -| ' \ / -/ |||| /| || / ||||,||| ,|||||||,| || |||||| Proof of concept code from the Hardened-PHP Project -= PunBB 1.2.4 =- changeemail SQL injection exploit user-supplied data within the database is...
Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
Microsoft Windows SQL Server - Remote Denial of Service MS03-031 //////////////////////////////////////////////////////////////// // // Microsoft SQL Server DoS Remote Exploit MS03-031 // By refdom of xfocus // //////////////////////////////////////////////////////////////// include include inclu...
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection 1 source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote...
CCBILL CGI - ccbillx.c whereami.cgi Remote Code Execution
CCBILL CGI - ccbillx.c whereami.cgi Remote Code Execution / ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGH...
SSH (x2) - Remote Command Execution
SSH x2 - Remote Command Execution https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/349.tgz x2.tgz milw0rm.com 2002-05-01...
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Exploit Title: SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831.html CVE: N/A !/usr/bin/perl SecuSTATION SC-831 HD...
FreeBSD-SA-19:02.fd - Privilege Escalation
FreeBSD-SA-19:02.fd - Privilege Escalation Exploit: FreeBSD-SA-19:02.fd - Privilege Escalation Date: 2019-12-30 Author: Karsten König of Secfault Security Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration CVE: CVE-2019-5596 libmap.conf primitive inspired by kcope's 2005...
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Exploit Title: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Date: 2019-12-17 Exploit Author: MTK Vendor Homepage: https://sweethawk.co/zendesk/survey-app Software Link:...
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows:...