eGroupWare 1.8.006 - Multiple Vulnerabilities

eGroupWare 1.8.006 - Multiple Vulnerabilities Advisory ID: HTB23212 Product: EGroupware Vendor: http://www.egroupware.org/ Vulnerable Versions: 1.8.006 community edition and probably prior Tested Version: 1.8.006 community edition Advisory Publication: April 23, 2014 without technical details...

SAP Router - Timing Attack Password Disclosure

SAP Router - Timing Attack Password Disclosure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

Orbit Open Ad Server 1.1.0 - SQL Injection

Orbit Open Ad Server 1.1.0 - SQL Injection Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor...

UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information

UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category:...

Linux Kernel 3.8.9 (x86-64) - perf_swevent_init Local Privilege Escalation (2)

Linux Kernel 3.8.9 x86-64 - perfsweventinit Local Privilege Escalation 2 / CVE-2013-2094 exploit x8664 Linux include include include include include include include include include define BASE 0x380000000 define BASEJUMP 0x1780000000 define SIZE 0x10000000 define KSIZE 0x2000000 define TMPx...

phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities

phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web:...

Oracle WebCenter Sites Satellite Server - HTTP Header Injection

Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...

glossword 1.8.12 - Multiple Vulnerabilities

glossword 1.8.12 - Multiple Vulnerabilities =================================================== Vulnerable Software: Glossword 1.8.12 Tested version: Glossword 1.8.12 Download: http://sourceforge.net/projects/glossword/files/glossword/1.8.12/ Vulns: XSS && Database Backup Disclosure && CSRF &&...

DataLife Engine 9.7 - preview.php PHP Code Injection

DataLife Engine 9.7 - preview.php PHP Code Injection ------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://dleviet.com/ - Affect...

Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities

Samsung Kies 2.3.2.1205420 - Multiple Vulnerabilities Advisory ID: HTB23099 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.3.2.1205420 and probably prior Tested Version: 2.3.2.1205420 Vendor Notification: June 25, 2012 Public Disclosure: October 15, 2012 Vulnerability...

Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload

Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform...

IrfanView JLS Formats PlugIn - Heap Overflow

IrfanView JLS Formats PlugIn - Heap Overflow Summary ======= IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin jpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, ...

Invision Power Board 3.3.0 - Local File Inclusion

Invision Power Board 3.3.0 - Local File Inclusion waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web:...

Oreans Themida 2.1.8.0 - .TMD File Handling Buffer Overflow

Oreans Themida 2.1.8.0 - .TMD File Handling Buffer Overflow / Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability Vendor: Oreans Technologies Product web page: http://www.oreans.com Affected version: 2.1.8.0 32/64bit Summary: Advanced Windows software protection system,...

VMware - Update Manager Directory Traversal

VMware - Update Manager Directory Traversal Exploit Title:VMware Update Manager Directory Traversal Date:18/11/2011 Author: Alexey Sintsov Software Link: http://www.vmware.com/ Version:2.0.2 Tested on: Windows 2003 / vCenter Update Manager 4.1 U1 CVE : CVE-2011-4404 DSECRG-11-042 VMware Update...

Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02)

Microsoft Excel - Axis Properties Record Parsing Buffer Overflow PoC MS11-02 """ This is a PoC for MS11-021/CVE-2011-0978 Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow w3bd3vilatgmaildot.com twitter.com/w3bd3vil Modify bits at file location 0x39E7 0:000:x86 r eax=04dd6380...

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment MS10-047 Microsoft Windows nt!NtCreateThread race condition with invalid code segment ---------------------------------------------------------------------------- CVE-2010-1888 Creating a new thread on windows involves...

EMC Celerra NAS Appliance - Unauthorized Access to Root NFS Export

EMC Celerra NAS Appliance - Unauthorized Access to Root NFS Export Trustwave's SpiderLabs Security Advisory TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra Network Attached Storage NAS appliance https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt Published:...

Joomla! Component com_doqment - cid SQL Injection

Joomla! Component comdoqment - cid SQL Injection Joomla Component comdoqment cid SQL Injection Vulnerability Author : Gamoscu Site : www.1923turk.biz Site : www.1923turk.com Greetz : Baybora - Manas58 - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO Blog : http://gamoscu.wordpress.com/ DORK:...

Lizard Cart - Arbitrary File Upload

Lizard Cart - Arbitrary File Upload ======================================================================================== | Title : Lizard Cart Upload Shell Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

SitioOnline - SQL Injection

SitioOnline - SQL Injection - cvs -vrew ! SitioOnline SQL Injection Vulnerability ! Author : 4lG3r14n0-t3r0 ! MAIL : [email protected] / Software Information + Vendor : http://www.SitioOnline.cl + script : SitioOnline + Download : + Vulnerability : php SQL injection + Dork...

Blender 2.342.35a2.42.49b - .blend Command Injection

Blender 2.342.35a2.42.49b - .blend Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrar...

Linux Kernel 2.6.19 (x86x64) - udp_sendmsg Local Privilege Escalation (2)

Linux Kernel 2.6.19 x86x64 - udpsendmsg Local Privilege Escalation 2 / second verse, same as the first CVE-2009-2698 udpsendmsg, x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ; use...

Multiple Browsers - Denial of Service

Multiple Browsers - Denial of Service One bug to rule them all IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror, Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens.... and more. Don't wet your pants - it's DoS only Release mode: Tried hard to coordinate - gave up Reference : GSEC-TZO-26-2009 - On...

4Images 1.7.7 - Filter Bypass HTML Injection Cross-Site Scripting

4Images 1.7.7 - Filter Bypass HTML Injection Cross-Site Scripting || || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=-...

ClanWeb 1.4.2 - Remote Change Password Add Admin

ClanWeb 1.4.2 - Remote Change Password Add Admin =-=-remote change password and add admin xpl-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script:ClanWeb 1.4.2 ------------------------------------------------- Author: ahmadbady my site :Coming Soon...

Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes

Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional...

PHP 4.4.75.2.3 - MySQLMySQLi Safe_Mode Bypass

PHP 4.4.75.2.3 - MySQLMySQLi SafeMode Bypass Affected Products: Philip Olausson Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be used to bypass PHP's safemode security restriction. Description: PHP is a...

Active Link Engine - default.asp?catid SQL Injection

Active Link Engine - default.asp?catid SQL Injection Title : Active Link Engine Remote SQL Injection Vulnerability Author : CyberGhost My Web Site : http://aspspider.org/cgsecurity Demo Page : http://www.activewebsoftwares.com/demoactivelinkengine Script Page :...

STWC-Counter 3.4.0 - downloadcounter.php Remote File Inclusion

STWC-Counter 3.4.0 - downloadcounter.php Remote File Inclusion ?php //File Inclusion Exploit for STWC-Counter = 3.4.0.0 //Found and Exploit Coded by burncycle - burncycleatrobert-berandotde //| //Vendor: http://www.stwc-counter.de/ //Dork: www.stwc-counter.de //| //Bug in "downloadcounter.php":...

WebText 0.4.5.2 - Remote Code Execution

WebText 0.4.5.2 - Remote Code Execution DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

pSlash 0.7 - lvc_include_dir Remote File Inclusion

pSlash 0.7 - lvcincludedir Remote File Inclusion pSlash v0.7 lvcincludedir Remote Include Vulnerability Author: XORON Class: Remote cont@ct: x0r0nathotmaildotcom Code: require$lvcincludedir.'db/dbmysql.inc.php'; Exploit:...

Mambo Component Pearl 1.6 - Multiple Remote File Inclusions

Mambo Component Pearl 1.6 - Multiple Remote File Inclusions --------------------------------------------------------------------------- Pearl For Mambo = 1.6 GlobalSettingstemplatesDirectory Remote File Include Vulnerabilities...

Spid 1.3 - lang_path File Inclusion

Spid 1.3 - langpath File Inclusion source: https://www.securityfocus.com/bid/14208/info SPiD is a gallery management application written in PHP. SPiD is prone to a remote file include vulnerability, due to lack of validation of user input. An attacker may leverage this issue to execute arbitrary...

PPA 0.5.6 - ppa_root_path File Inclusion

PPA 0.5.6 - pparootpath File Inclusion source: https://www.securityfocus.com/bid/14209/info PPA is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...

AOL Instant Messenger AIM - Away Message Remote (2)

AOL Instant Messenger AIM - Away Message Remote 2 / CAN-2004-0636 / / AIM Away Message Buffer Overflow Exploit Exploit by John Bissell A.K.A. HighT1mes Exploit: ======== drizzit.c Vulnerable Software: ==================== - AIM 5.5.3588 - AIM 5.5.3590 Beta - AIM 5.5.3591 - AIM 5.5.3595 and a coup...

AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution

AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed...

cPanel 5.0 - Guestbook.cgi Remote Command Execution (3)

cPanel 5.0 - Guestbook.cgi Remote Command Execution 3 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...

cPanel 5.0 - Guestbook.cgi Remote Command Execution (2)

cPanel 5.0 - Guestbook.cgi Remote Command Execution 2 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...

DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)

DC Scripts DCShop Beta 1.0 02 - File Disclosure 2 source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential ord...

Liferay CE Portal 6.0.2 - Remote Command Execution

Liferay CE Portal 6.0.2 - Remote Command Execution Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link:...

Webtareas 2.0 - id SQL Injection

Webtareas 2.0 - id SQL Injection Exploit Title: Webtareas 2.0 - 'id' SQL Injection Date: 2020-01-23 Exploit Author: Greg.Priest Vendor Homepage: http://webtareas.sourceforge.net/general/home.php Software Link: http://webtareas.sourceforge.net/general/home.php Version: Webtareas v2.0 Tested on:...

exploitpack.com

Pentest notes for: exploitpack.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:27:33 2019 as: /usr/bin/nmap -sV -A -oA log/exploitpack.com exploitpack.com Nmap scan report for exploitpack.com 132.148.22.104 Host is up 0.18s latency. rDNS record for 132.148.22.104:...

Adrenalin Core HCM 5.4.0 - ReportID Reflected Cross-Site Scripting

Adrenalin Core HCM 5.4.0 - ReportID Reflected Cross-Site Scripting Exploit Title: Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Vendor Homepage: https://www.myadrenalin.com/ Software Link:...

AnchorCMS 0.12.3a - Information Disclosure

AnchorCMS 0.12.3a - Information Disclosure Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Content Dim ar1&h3000000 Dim ar21000 Dim gremlin addressOfGremlin = &h28281000 Class MyClass Private mValue Public Property Let Valuev mValue = v End Property Public Default Property Get P P = mValue ' Wher...

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Netwo...

Schneider Electric U.Motion Builder 1.3.4 - track_import_export.php object_id Unauthenticated Command Injection

Schneider Electric U.Motion Builder 1.3.4 - trackimportexport.php objectid Unauthenticated Command Injection RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: ...

Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution

Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery Add Admin BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support f...