41207 matches found
Vivotek IP Cameras - RTSP Authentication Bypass
Vivotek IP Cameras - RTSP Authentication Bypass Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. Advisory Information Title: Vivotek IP Cameras RTSP Authentication Bypass Advisory ID: CORE-2013-0704 Advisory URL:...
vTiger CRM 5.4.0 - index.php?onlyforuser SQL Injection
vTiger CRM 5.4.0 - index.php?onlyforuser SQL Injection Advisory ID: HTB23168 Product: vtiger CRM Vendor: vtiger Vulnerable Versions: 5.4.0 and probably prior Tested Version: 5.4.0 Vendor Notification: August 7, 2013 Vendor Patch: September 17, 2013 Public Disclosure: September 18, 2013...
Sophos Web Protection Appliance - Multiple Vulnerabilities
Sophos Web Protection Appliance - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-08...
PHP-Fusion 7.02.05 - Multiple Vulnerabilities
PHP-Fusion 7.02.05 - Multiple Vulnerabilities waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web:...
Cisco DPC2100 - Denial of Service
Cisco DPC2100 - Denial of Service Exploit Title: Cisco DPC2100 Denial of Service Date: 09/01/2010 Author: Daniel Smith Software Link: http://www.cisco.com/ Version: HW:2.1/SW:v2.0.2r1256-060303 Tested on: OSX 10.6/Win7 CVE: CVE-2011-1613 =======================================================...
Tiki Wiki CMS Groupware 8.2 - snarf_ajax.php Remote PHP Code Injection
Tiki Wiki CMS Groupware 8.2 - snarfajax.php Remote PHP Code Injection ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1®exres=phpinfo®ex=//e%00/ Tiki internal filters remove all null bytes from user input, but for...
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure // source: https://www.securityfocus.com/bid/57900/info The PowerVR SGX driver in Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Informati...
PHP 5.3.6 - Local Buffer Overflow (ROP)
PHP 5.3.6 - Local Buffer Overflow ROP ?php / Jonathan Salwan - @jonathansalwan http://shell-storm.org 2011-06-04 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow...
Adobe Audition 3.0 build 7283 - Session File Handling Buffer Overflow (PoC)
Adobe Audition 3.0 build 7283 - Session File Handling Buffer Overflow PoC !/usr/bin/perl Adobe Audition 3.0 build 7283 Session File Handling Buffer Overflow PoC Vendor: Adobe Systems Inc. Product web page: http://www.adobe.com/products/audition/ Affected version: 3.0 build 7238 Summary: Recording...
PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference
PHP 5.3.5 libzip 0.9.3 - zipnamelocate Null Pointer Dereference Source: http://securityreason.com/securityalert/8146 libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.:...
Novell iPrint Client - ActiveX Control debug Remote Buffer Overflow (Metasploit)
Novell iPrint Client - ActiveX Control debug Remote Buffer Overflow Metasploit novelliprintexecuterequestdbg.rb Novell iPrint Client ActiveX Control 'debug' Buffer Overflow exploit for the Metasploit Framework Exploit successfully tested on the following platforms: - Novell iPrint Client 5.32 on...
Elkagroup - SQL Injection
Elkagroup - SQL Injection Dork : "powered by: elkagroup" + |SadHaCkEr|\ + ||||\ + ||||""|", + ||||""|"||| + " @''@""""""|@@@ +========================================================================================================================================|| About : elkagroup SQL Injection...
Blender 2.342.35a2.42.49b - .blend Command Injection
Blender 2.342.35a2.42.49b - .blend Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrar...
BPStudent 1.0 - Blind SQL Injection
BPStudent 1.0 - Blind SQL Injection x========================================================================================================================================x | AntiSecuritydotorg |...
PHPX 3.5.16 - news_id SQL Injection
PHPX 3.5.16 - newsid SQL Injection action = $GET'action'; 12. $this-newsid = $GET'newsid'; 13. 14. global $userinfo; 15. global $core; 16. 17. $this-core = $core; 18. 19. $this-userinfo = $userinfo; 20. 21. 22. 23. 24. if !$this-userinfo DIE"HACK ATTEMPT"; 25. if $this-userinfonews != 1 DIE"NO...
TugZip 3.00 Archiver - .zip Local Buffer Overflow
TugZip 3.00 Archiver - .zip Local Buffer Overflow /0day TUGzip 3.00 archiver .ZIP File Local Buffer Overflow "If you change things ,forever,there's no going back,you see for them you're just a freak, like me ..Mhaaaahaaaaaaaaaaaaaaaaaaaa"JK Well hello there ,greetz from Romania,here is a exploit...
PHPhotoalbum 0.5 - Multiple SQL Injections
PHPhotoalbum 0.5 - Multiple SQL Injections Name : PHPhotoalbum v0.5 Multiple Remote SQL Injection Vulnerabilities Author : cOndemned Dork : intext:PHPhotoalbum v0.5 Greetz : ZaBeaTy, str0ke, TBH, Hawk, doctor, Sandtalker, Avantura ; Proof of Concept :...
Smoothflash - cid SQL Injection
Smoothflash - cid SQL Injection Powered by Smoothflash SQL injection Powered by Newartonline AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : "Powered by Smoothflash" DORK 2 : allinurl:...
KwsPHP Module jeuxflash 1.0 - id SQL Injection
KwsPHP Module jeuxflash 1.0 - id SQL Injection KwsPHP Module jeuxflash Remote SQL Injection Vulnerability AUTHOR : H-T Team HouSSamix ToXiC350 HOME : http://no-hack.fr & http://no-hack.net Site: http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=downloads&filedl=30&before=8&pdl=1 Dork :...
MySQL 4.x5.0 (Windows) - User-Defined Function Command Execution
MySQL 4.x5.0 Windows - User-Defined Function Command Execution -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat U...
simple file manager 0.24a - Multiple Vulnerabilities
simple file manager 0.24a - Multiple Vulnerabilities /\ | flame vrs Simple File Manager | | http://onedotoh.sourceforge.net/ | | Various Vulnerbilities Including: | / /+++++++++++++++++++++++++++++++++++++++++++\ | Using the scripts supplied by the webapp: | | Reading of Arbitrary files | |...
ScozNews 1.2.1 - mainpath Remote File Inclusion
ScozNews 1.2.1 - mainpath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...
Microsoft Windows - CSRSS Privilege Escalation (MS05-018)
Microsoft Windows - CSRSS Privilege Escalation MS05-018 include include include pragma comment lib,"Advapi32.lib" typedef struct CONSOLESTATEINFO / 0x00 / DWORD cbSize; / 0x04 / COORD ScreenBufferSize; / 0x08 / COORD WindowSize; / 0x0c / POINT WindowPosition; / 0x14 / COORD FontSize; / 0x18 / DWO...
W-Agora 4.1.6 - a redir_url.php?key SQL Injection
W-Agora 4.1.6 - a redirurl.php?key SQL Injection source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to...
Apache mod_ssl 2.8.7 OpenSSL - OpenFuck.c Remote Buffer Overflow
Apache modssl 2.8.7 OpenSSL - OpenFuck.c Remote Buffer Overflow / source: https://www.securityfocus.com/bid/5363/info A buffer-overflow vulnerability has been reported in some versions of OpenSSL. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protoco...
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Exploit Title: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Date: 2020-02-28 Exploit Author: Andrey Stoykov Version: Cyberoam General Authentication Client 2.1.2.7 Tested on: Windows Vista SP2 x86 Steps to Reproduce: 1 R...
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
SunOS 5.10 Generic147148-26 - Local Privilege Escalation Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CV...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
WEMS BEMS 21.3.1 - Undocumented Backdoor Account Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - start SQL Injection
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - start SQL Injection Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link:...
CheckPoint Endpoint Security ClientZoneAlarm 15.4.062.17802 - Privilege Escalation
CheckPoint Endpoint Security ClientZoneAlarm 15.4.062.17802 - Privilege Escalation Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Date: 2019-01-30 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.checkpoint.com/ Version: Check Poin...
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software...
ManageEngine opManager 12.3.150 - Authenticated Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution !/usr/bin/env python3 Exploit Title: ManageEngine opManager Authenticated Code Execution Google Dork: N/A Date: 08/13/2019 Exploit Author: @kindredsec Vendor Homepage: https://www.manageengine.com/ Software Link:...
Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell !/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage:...
Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow (Unicode)
Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow Unicode !/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected...
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - SQL Injection SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and...
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the...
Jorani Leave Management 0.6.5 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - Cross-Site Scripting Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html...
Cobub Razor 0.8.0 - SQL injection
Cobub Razor 0.8.0 - SQL injection Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-80...
CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution
CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens,...
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis -...
CloudMe Sync 1.11.0 - Buffer Overflow
CloudMe Sync 1.11.0 - Buffer Overflow + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt + ISR: Apparition Security + SSD Beyond Security Submission:...
ImgHosting 1.5 - Cross-Site Scripting
ImgHosting 1.5 - Cross-Site Scripting Exploit Title: ImgHosting Image Storage System 1.5 - Cross-Site-Scripting Date: 12-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: foxsash.com Version: 1.5 CVE-ID: CVE-2018-5479 ImgHosting – Image Storag...
Readymade Video Sharing Script 3.2 - HTML Injection
Readymade Video Sharing Script 3.2 - HTML Injection Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo:...
Ametys CMS 4.0.2 - Password Reset
Ametys CMS 4.0.2 - Password Reset Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for...
Webkit (Safari) - Universal Cross-site Scripting
Webkit Safari - Universal Cross-site Scripting function Pewvar doc=open'parent-tab://apple.com';doc.document.body.innerHTML='';Click me! Exploit by Frans Rosén html data:text/html,function yx=open'parent-tab://google.com','top',x.document.body.innerHTML='';setTimeouty,100 -- function...
PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting
PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptiv...
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1206 Missing bounds-checking in AVI stream parsing When parsing AVI files, CAVIFileParser uses the stream count from the AVI header to allocate backing storage for storing...