41207 matches found
Camtron CMNC-200 IP Camera - Denial of Service
Camtron CMNC-200 IP Camera - Denial of Service Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests...
Adobe Acrobat and Reader - Array Indexing Remote Code Execution
Adobe Acrobat and Reader - Array Indexing Remote Code Execution nSense Vulnerability Research Security Advisory NSENSE-2010-001 --------------------------------------------------------------- Affected Vendor: Adobe Affected Product: Adobe Reader 9.3.4 for Macintosh Platform: OS X Impact: User...
Linux Kernel 2.6.36-rc6 (RedHat Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure
Linux Kernel 2.6.36-rc6 RedHat Ubuntu 10.04 - pktcdvd Kernel Memory Disclosure / cve-2010-3437.c Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the global pktdevs...
Eyeland Studio Inc. - SQL Injection
Eyeland Studio Inc. - SQL Injection Title: Eyeland Studio Inc. SQL Injection Vulnerability Version: 2.0 Author: Mr.P3rfekT Software Site:http://www.eyeland.com/ Tested on Lunix CVE : N/A Home :www.realmadridsy.com & www.v4-team.com/cc Founded By Mr.P3rfekT Dork :"Eyeland Studio Inc. All Rights...
Silentum Guestbook 2.0.2 - silentum_Guestbook.php SQL Injection
Silentum Guestbook 2.0.2 - silentumGuestbook.php SQL Injection Silentum Guestbook v2.0.2 silentumguestbook.php Sql Injection Vuln. Yazar: Bgh7 Turk Bilisim Gucleri Group / Ihlilal Hatti ByBgh7amsn.com Http://Bgh7.Blogspot.Com Bug: Sql Injection İndir/Download:...
FreeBSD 7.07.1 - vfs.usermount Local Privilege Escalation
FreeBSD 7.07.1 - vfs.usermount Local Privilege Escalation / cve-2008-3531.c -- Patroklos Argyroudis, argp at domain census-labs.com Privilege escalation exploit for the FreeBSD-SA-08:08.nmount CVE-2008-3531 vulnerability: http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc...
Acoustica Mixcraft 4.2 Build 98 - mx4 Local Buffer Overflow
Acoustica Mixcraft 4.2 Build 98 - mx4 Local Buffer Overflow !/usr/bin/perl Acoustica Mixcraft mx4 file Local Buffer Overflow Exploit Author: Koshi Date: 08-28-08 0day Application: Acoustica Mixcraft Versions: Possibly Older / 4.1 Build 96 / 4.2 Build 98 Site:...
NASM 2.0 - ppscan() Off-by-One Buffer Overflow
NASM 2.0 - ppscan Off-by-One Buffer Overflow source: https://www.securityfocus.com/bid/29656/info NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow...
Premod SubDog 2 - includesfunctions_kb.php?phpbb_root_path Remote File Inclusion
Premod SubDog 2 - includesfunctionskb.php?phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing maliciou...
Pie Cart Pro - Home_Path Remote File Inclusion
Pie Cart Pro - HomePath Remote File Inclusion ==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz...
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KBconstants.php Remote File Inclusion source: https://www.securityfocus.com/bid/17763/info Knowledge Base Mod for phpbb is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...
MetaCart E-Shop - ProductsByCategory.asp Cross-Site Scripting
MetaCart E-Shop - ProductsByCategory.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/13639/info MetaCart e-Shop is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...
cPanel 5.0 - Guestbook.cgi Remote Command Execution (3)
cPanel 5.0 - Guestbook.cgi Remote Command Execution 3 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - Persistent Cross-Site Scripting Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage:...
ASTPP 4.0.1 VoIP Billing - Database Backup Download
ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor...
Dairy Farm Shop Management System 1.0 - username SQL Injection
Dairy Farm Shop Management System 1.0 - username SQL Injection Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Google Dork: N/A Date: 2020-01-03 Exploit Author: Chris Inzinga Vendor Homepage: https://phpgurukul.com/ Software Link:...
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Exploit Title: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Date: 2019-12-17 Exploit Author: MTK Vendor Homepage: https://sweethawk.co/zendesk/survey-app Software Link:...
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
eMerge E3 1.00-06 - Unauthenticated Directory Traversal Exploit Title: eMerge E3 1.00-06 - Unauthenticated Directory Traversal Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
macOS XNU - Missing Locking in checkdirscallback Enables Race with fchdircommon On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new...
Canon PRINT 2.5.5 - Information Disclosure
Canon PRINT 2.5.5 - Information Disclosure Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage:...
Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the post Table -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
Thunderbird ESR 60.7.XXX - Type Confusion
Thunderbird ESR 60.7.XXX - Type Confusion -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-Sec GmbH Security Advisory: X41-2019-004 Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Version...
Moodle Jmol Filter 6.1 - Directory Traversal Cross-Site Scripting
Moodle Jmol Filter 6.1 - Directory Traversal Cross-Site Scripting Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Date: 20 May 2019 Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities...
Schneider Electric U.Motion Builder 1.3.4 - track_import_export.php object_id Unauthenticated Command Injection
Schneider Electric U.Motion Builder 1.3.4 - trackimportexport.php objectid Unauthenticated Command Injection RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: ...
Microsoft Windows VCF - Remote Code Execution
Microsoft Windows VCF - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program...
Kubernetes - (Authenticated) Arbitrary Requests
Kubernetes - Authenticated Arbitrary Requests !/usr/bin/env python3 import argparse from ssl import wrapsocket from socket import createconnection from secrets import base64, tokenbytes def requeststage1namespace, pod, method, target, token: stage1 = "" with open'stage1', 'r' as stage1fd: stage1 ...
R 3.4.4 - Buffer Overflow (SEH)
R 3.4.4 - Buffer Overflow SEH -------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact:...
WordPress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection
WordPress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link:...
Foxit Reader 9.0.1.1049 - Remote Code Execution
Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
Spring Data REST 2.6.9 (Ingalls SR9) 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST 2.6.9 Ingalls SR9 3.0.1 Kay SR1 - PATCH Request Remote Code Execution // Exploit Title: RCE in PATCH requests in Spring Data REST // Date: 2018-03-10 // Exploit Author: Antonio Francesco Sardella // Vendor Homepage: https://pivotal.io/ // Software Link:...
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/...
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities 1. Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities...
Splunk Enterprise - Information Disclosure
Splunk Enterprise - Information Disclosure + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt + ISR: ApparitionSec Vendor: =============== www.splunk.com Product: ==================...
QNAP QTS 4.2.4 - Domain Privilege Escalation
QNAP QTS 4.2.4 - Domain Privilege Escalation QNAP QTS Domain Privilege Escalation Vulnerability Name Sensitive Data Exposure in QNAP QTS Systems Affected QNAP QTS NAS all model and all versions 4.2.4 Severity High 7.9/10 Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L Vendor...
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 SP2 - Multiple Vulnerabilities Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 12/01/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...
Nagios 4.2.2 - Arbitrary Code Execution
Nagios 4.2.2 - Arbitrary Code Execution !/usr/bin/env python Source: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html intro = """\03394m Nagios Core 4.2.0 Curl Command Injection / Code Execution PoC Exploit CVE-2016-9565 nagioscmdinjection.py ver...
Oracle Netbeans IDE 8.1 - Directory Traversal
Oracle Netbeans IDE 8.1 - Directory Traversal + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: =============== www.oracle.com Product:...
glibc - getaddrinfo Remote Stack Buffer Overflow
glibc - getaddrinfo Remote Stack Buffer Overflow / add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html -...
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation 1 / Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / / $ gcc cve20160728.c -o cve20160728 -lkeyutils -Wa...
Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow
Grassroots DICOM GDCM 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow / Grassroots DICOM GDCM is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming...
ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities
ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities Exploit Title: ZTE ZXHN H108N R1A + ZXV10 W300 routers - multiple vulnerabilities Discovered by: Karn Ganeshen CERT VU 391604 Vendor Homepage: www.zte.com.cn Versions Reported ZTE ZXHN H108N R1A - Software version ZTE.bhs.ZXHNH108NR...
TECO AP-PCLINK 1.094 - .tpc File Handling Buffer Overflow (PoC)
TECO AP-PCLINK 1.094 - .tpc File Handling Buffer Overflow PoC TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Download: http://globalsa.teco.com.tw/supportdownload.aspx?KindID=9 Affected...
Linux Kernel 3.13.0 3.19 (Ubuntu 12.0414.0414.1015.04) - overlayfs Local Privilege Escalation (Access etcshadow)
Linux Kernel 3.13.0 3.19 Ubuntu 12.0414.0414.1015.04 - overlayfs Local Privilege Escalation Access etcshadow The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels wi...
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution Arbitrary file upload / remote code execution in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security...
glibc - NUL Byte gconv_translit_find Off-by-One
glibc - NUL Byte gconvtranslitfind Off-by-One // // Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit //...
TORQUE Resource Manager 2.5.x 2.5.13 - Stack Buffer Overflow Stub
TORQUE Resource Manager 2.5.x 2.5.13 - Stack Buffer Overflow Stub !/usr/bin/env python Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub Date: 27 May 2014 Exploit Author: bwall - @botnethunter Vulnerability discovered by: MWR Labs CVE: CVE-2014-0749 Vendor...
Linux Kernel 3.14-rc1 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
Linux Kernel 3.14-rc1 3.15-rc4 x64 - Raw Mode PTY Echo Race Condition Privilege Escalation / CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving symbols + Resolved commitcreds: 0xffffffff81056694 + Resolved preparekernelcred...
Skybox Security 6.3.x 6.4.x - Multiple Information Disclosures
Skybox Security 6.3.x 6.4.x - Multiple Information Disclosures Exploit Title: SKYBOX Security – Multiple Information Disclosure Date: 22-Jan-2014 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.skyboxsecurity.com Version: Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.1...
WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities
WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities Advisory ID: HTB23199 Product: VideoWhisper Live Streaming Integration Vendor: VideoWhisper Vulnerable Versions: 4.27.3 and probably prior Tested Version: 4.27.3 Advisory Publication: February 6, 2014 without technical details Vendor...