xorg-x11-server 1.20.1 - Local Privilege Escalation

xorg-x11-server 1.20.1 - Local Privilege Escalation Exploit Title: xorg-x11-server bolo console opened Building root shell wait 2 minutes crontab overwritten ... cut Xorg output ... Xorg killed II Server terminated successfully 0. Closing log file. Don't forget to cleanup /etc/crontab and /tmp di...

Anviz AIM CrossChex Standard 4.3 - CSV Injection

Anviz AIM CrossChex Standard 4.3 - CSV Injection Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on...

Ecessa WANWorx WVR-30 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa WANWorx WVR-30 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit title: Ecessa WANWorx WVR-30 input type="hidden" name="userusername...

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 170109) - Access Control Bypass

Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds 140721 170109 - Access Control Bypass Exploit Title: Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds: 140721 - 170109 Backdoor Date: 15-03-2018 Vendor Homepage: http://www.hikvision.com/en/ Exploit Author: Matamorphosis Category: Web Apps...

MikroTik RouterOS 6.38.4 (MIPSBE) - Chimay Red Stack Clash Remote Code Execution

MikroTik RouterOS 6.38.4 MIPSBE - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python3 Mikrotik Chimay Red Stack Clash Exploit by BigNerd95 Tested on RouterOS 6.38.4 mipsbe using a CRS109 Used tools: pwndbg, rasm2, mipsrop for IDA I used ropper only to automatically find gadgets ASL...

Suricata 4.0.4 - IDS Detection Bypass

Suricata 4.0.4 - IDS Detection Bypass ----------------------------------------------------- Vulnerability Type: Detection Bypass Affected Product: Suricata Vulnerable version: SYN Seq=0 Ack= 0 - Evil Server Client ACK Seq=1 Ack= 84 - Evil Server Client - PSH, ACK Seq=1 Ack= 84 - Evil Server IDS...

LibreOffice 6.0.1 - WEBSERVICE Remote Arbitrary File Disclosure

LibreOffice 6.0.1 - WEBSERVICE Remote Arbitrary File Disclosure Vulnerability description CVE-2018-6871 First part LibreOffice supports COM.MICROSOFT.WEBSERVICE function: https://support.office.com/en-us/article/webservice-function-0546a35a-ecc6-4739-aed7-c0b7ce1562c4 The function is required to...

Flash Operator Panel 2.31.03 - Command Execution

Flash Operator Panel 2.31.03 - Command Execution Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability...

Parity Browser 1.6.10 - Bypass Same Origin Policy

Parity Browser 1.6.10 - Bypass Same Origin Policy VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 Version: 0.3 Date: Jun 16th, 2017 Tag: parity same origin policy bypass webproxy token reuse Overview -------- Name: parity Vendor: paritytech References:...

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...

Linksys E Series - Multiple Vulnerabilities

Linksys E Series - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable /...

binutils 2.29.51.20170921 - read_1_byte Heap Buffer Overflow

binutils 2.29.51.20170921 - read1byte Heap Buffer Overflow Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read1byte-dwarf2-c/ Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: nm -A -a -l -S -s...

FiberHome ADSL AN1020-25 - Improper Access Restrictions

FiberHome ADSL AN1020-25 - Improper Access Restrictions Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHo...

Sophos Cyberoam - Cross-site scripting

Sophos Cyberoam - Cross-site scripting Exploit Title: Sophos Cyberoam – Cross-site scripting XSS vulnerability Date: 25/05/2017 Exploit Author: Bhadresh Patel Version: = Firmware Version 10.6.4 CVE : CVE-2016-9834 This is an article with video tutorial for Sophos Cyberoam – Cross-site scripting X...

Oracle PeopleSoft - Server-Side Request Forgery

Oracle PeopleSoft - Server-Side Request Forgery Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference...

GNU Screen 4.5.0 - Local Privilege Escalation

GNU Screen 4.5.0 - Local Privilege Escalation !/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot " echo "+...

Apport 2.x (Ubuntu Desktop 12.10 16.04) - Local Code Execution

Apport 2.x Ubuntu Desktop 12.10 16.04 - Local Code Execution Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem...

MiCasaVerde VeraLite - Remote Code Execution

MiCasaVerde VeraLite - Remote Code Execution Exploit Title: MiCasa VeraLite Remote Code Execution Date: 10-20-2016 Software Link: http://getvera.com/controllers/veralite/ Exploit Author: Jacob Baines Contact: https://twitter.com/JuniorBaines CVE: CVE-2013-4863 & CVE-2016-6255 Platform: Hardware 1...

HP Client 9.19.08.17.9 - Command Injection

HP Client 9.19.08.17.9 - Command Injection Exploit Title: HP Client - Automation Command Injection Date: 10/10/2016 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: Tested on version 7.9 but should work on 8.1, 9.0, 9.1...

GitLab - impersonate Feature Privilege Escalation

GitLab - impersonate Feature Privilege Escalation Exploit Title: GitLab privilege escalation via "impersonate" feature Date: 02-05-2016 Software Link: https://about.gitlab.com/ Version: 8.2.0 - 8.2.4, 8.3.0 - 8.3.8, 8.4.0 - 8.4.9, 8.5.0 - 8.5.11, 8.6.0 - 8.6.7, 8.7.0 Exploit Author: Kaimi Website...

SAP SAPCAR - Multiple Vulnerabilities

SAP SAPCAR - Multiple Vulnerabilities 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP...

Microsoft Windows 7 - WebDAV Local Privilege Escalation (MS16-016) (2)

Microsoft Windows 7 - WebDAV Local Privilege Escalation MS16-016 2 Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this...

Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers

Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers Vendor: Inductive Automation Product web page: http://www.inductiveautomation.com Affected version: 7.8.1 b2016012216 and 7.8.0 b2015101414 Platform: Java...

ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities

ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities Exploit Title: ZTE ZXHN H108N R1A + ZXV10 W300 routers - multiple vulnerabilities Discovered by: Karn Ganeshen CERT VU 391604 Vendor Homepage: www.zte.com.cn Versions Reported ZTE ZXHN H108N R1A - Software version ZTE.bhs.ZXHNH108NR...

SAP NetWeaver Enqueue Server - Denial of Service

SAP NetWeaver Enqueue Server - Denial of Service Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability...

XCloner Standalone 3.5 - Cross-Site Request Forgery

XCloner Standalone 3.5 - Cross-Site Request Forgery Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosur...

Ilch CMS 2.0 - Persistent Cross-Site Scripting

Ilch CMS 2.0 - Persistent Cross-Site Scripting Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure:...

Joomla! Component JV Comment 3.0.2 - id SQL Injection

Joomla! Component JV Comment 3.0.2 - id SQL Injection Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavi.com Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2,...

Xpient - Cash Drawer Operation

Xpient - Cash Drawer Operation Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...

Vivotek IP Cameras - Multiple Vulnerabilities

Vivotek IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Vivotek IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0301 Advisory URL:...

McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method

McAfee Virtual Technician MVT 6.5.0.2101 - Insecure ActiveX Method Advisory ID: HTB23128 Product: McAfee Virtual Technician MVT 6.5.0.2101 Vendor: McAfee Vulnerable Versions: 6.5.0.2101 and probably prior Tested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9 Vendor Notification:...

banana dance b.2.6 - Multiple Vulnerabilities

banana dance b.2.6 - Multiple Vulnerabilities Advisory ID: HTB23118 Product: Banana Dance Vendor: bananadance.org Vulnerable Versions: B.2.6 and probably prior Tested Version: B.2.6 Vendor Notification: October 3, 2012 Public Disclosure: December 19, 2012 Vulnerability Type: PHP File Inclusion...

XnView 1.99.1 - .JLS File Decompression Heap Overflow

XnView 1.99.1 - .JLS File Decompression Heap Overflow SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a...

AV Arcade Free Edition - add_rating.php?id Blind SQL Injection

AV Arcade Free Edition - addrating.php?id Blind SQL Injection Exploit Title: AV Arcade Free Edition Blind SQL Injection Date: 31/08/2012 Author: DaOne @LibyanCA Software Link: http://www.avscripts.net/avarcade/freearcadescript/ Google Dork: intext:Powered by AV Arcade Free Edition" Exploit-DB Not...

eGlibc - Signedness Code Execution

eGlibc - Signedness Code Execution Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 ...

TORCS 1.3.2 - .xml File Buffer Overflow SafeSEH Evasion

TORCS 1.3.2 - .xml File Buffer Overflow SafeSEH Evasion / Exploit Title: TORCS Research Team Division Author: Andres Gomez and David Mora a.k.a Mighty-D ... Pwn and beans! Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.2 Vendor notified: 03/02/2012 Tested on: Windows XP Service...

Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit)

Final Draft 8 - Multiple Stack Buffer Overflows Metasploit Name : Final Draft 8 Multiple Stack Buffer Overflows Vendor Website : http://www.finaldraft.com/index.php Date Released : 29/11/2011 Affected Software : Final Draft in in in in in in in By crafting a file that contains more than 10,032...

SWAT Samba Web Administration Tool - Cross-Site Request Forgery

SWAT Samba Web Administration Tool - Cross-Site Request Forgery Thanks & Regards, Narendra. Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the...

BugTracker.NET 3.4.4 - Multiple Vulnerabilities

BugTracker.NET 3.4.4 - Multiple Vulnerabilities Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in BugTracker.Net 1. Advisory Information Title: Multiple vulnerabilities in BugTracker.Net Advisory Id: CORE-2010-1109 Advisory URL:...

Native Instruments Massive 1.1.4 - KSD File Handling Use-After-Free

Native Instruments Massive 1.1.4 - KSD File Handling Use-After-Free !/usr/bin/perl Title: Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 1.1.4 R1901 Summary:...

ProWeb Design - SQL Injection

ProWeb Design - SQL Injection .----..--.--.| |--..-----..----.| |.-----..-----. | || | || || -|| || || || | ||| ||||||| ||||| | || || ProWeb Design SQL Injection Vulnerability Vendor: http://www.prowebassociates.com/ Discovered by : cyberlog Site : Sekuritionline.net Channel : SekuritiOnline Now...

WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting

WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting XSS Vulnerability in NextGEN Gallery Wordpress Plugin 1. Advisory Information Title: XSS Vulnerability in NextGEN Gallery Wordpress Plugin Advisory Id: CORE-2010-0323 Advisory URL:...

Smart Vision Script News - newsdetail.php SQL Injection (1)

Smart Vision Script News - newsdetail.php SQL Injection 1 Exploit Title: Smart Vsion Script News newsdetail SQL Injection Vulnerability Software Link: www.esmart-vision.com ============================================ | Smart Vision Script News newsdetail SQL Injection Vulnerability...

Ele Medios CMS - SQL Injection

Ele Medios CMS - SQL Injection ALGERIAN HACKER - NORTH-AFRICA SECURITY TEAM - ! Ele Medios CMS SQL Injection Vulnerability ! Author : Dr.0rYX and Cr3w-DZ ! MAIL : [email protected] & [email protected] / Software Information + Vendor : http://www.elemedios.net/ + script : Ele Medios CMS + Download :...

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection...

DMXReady PayPal Store Manager 1.1 - Contents Change

DMXReady PayPal Store Manager 1.1 - Contents Change Title : DMXReady PayPal Store Manager http://target/path//applications/PayPalStoreManager/incpaypalstoremanager.asp Edit - http://target/path//admin/PayPalStoreManager/CategoryManager/list.asp : milw0rm.com 2009-01-14...

PHP 5.2.8 gd library - imageRotate() Information Leak

PHP 5.2.8 gd library - imageRotate Information Leak PHP - gd library - imageRotatefunction Information Leak Vulnerability Discovered by: Hamid Ebadi, Further research and exploit: Mohammad R. Roohian CSIRT Team Members Amirkabir University APA Laboratory Introduction PHP is a popular web...

CodeBB 1.0 Beta 2 - phpbb_root_path Remote File Inclusion

CodeBB 1.0 Beta 2 - phpbbrootpath Remote File Inclusion codebb 1.1b3 phpbbrootpath Remote File Include Vulnerability D.Script: http://rd.cycnus.de/download/codebb-1.1b3.tar.bz2 Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net V.Code includeonce$phpbbrootpath...

Linux Kernel 2.6.13 2.6.17.4 - sys_prctl() Local Privilege Escalation (1)

Linux Kernel 2.6.13 2.6.17.4 - sysprctl Local Privilege Escalation 1 // / Local r00t Exploit for: / / Linux Kernel PRCTL Core Dump Handling / / BID 18874 / CVE-2006-2451 / / Kernel 2.6.x = 2.6.13 && main PoC code / / - RoMaNSoFt local root code / / 10.Jul.2006 / // include include include include...

Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion

Mambo Component comforum 1.2.4RC3 - Remote File Inclusion Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/6873/phpbbcomponent1.2.4RC3.zip bug found in file : download.php define'INPHPBB...