41207 matches found
PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting
PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptiv...
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1206 Missing bounds-checking in AVI stream parsing When parsing AVI files, CAVIFileParser uses the stream count from the AVI header to allocate backing storage for storing...
Peplink Balance Routers 7.0.0-build1904 - SQL Injection Cross-Site Scripting Information Disclosure
Peplink Balance Routers 7.0.0-build1904 - SQL Injection Cross-Site Scripting Information Disclosure X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions:...
QNAP TVS-663 QTS 4.2.4 build 20170313 - Command Injection
QNAP TVS-663 QTS 4.2.4 build 20170313 - Command Injection QNAP QTS multiple RCE vulnerabilities ===================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt Overview -------- QNAP QTS firmware...
WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities
WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities Multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure:...
SolarWinds Virtualization Manager - Local Privilege Escalation
SolarWinds Virtualization Manager - Local Privilege Escalation Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Versions: 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th,...
CodoForum 2.5.1 - Arbitrary File Download
CodoForum 2.5.1 - Arbitrary File Download Exploit Title: Codoforum 2.5.1 Arbitrary File Download Date: 23-11-2014 Software Link: https://codoforum.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9261 1...
D-Link DWR-113 Rev. Ax - Cross-Site Request Forgery Denial of Service
D-Link DWR-113 Rev. Ax - Cross-Site Request Forgery Denial of Service Exploit Title: Dlink DWR-113 Rev. Ax - CSRF causing Denial of Service Google dork : N/A Exploit Author: Blessen Thomas Date : 29/07/14 Vendor Homepage : http://www.dlink.com/ Software Link : N/A Firmware version: v2.02 2013-03-...
dompdf 0.6.0 - dompdf.php?read Arbitrary File Read
dompdf 0.6.0 - dompdf.php?read Arbitrary File Read Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is...
PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure
PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Horizon QCMS 4.0 - Multiple Vulnerabilities Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch:...
InstantCMS 1.10.3 - Blind SQL Injection
InstantCMS 1.10.3 - Blind SQL Injection Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: Novemb...
UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information
UPC Ireland Cisco EPC 2425 Router Horizon Box - WPA-PSK Handshake Information Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box Google Dork: Date: 11/12/2013 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf Version: Category:...
Dokeos 2.2 RC2 - index.php?language SQL Injection
Dokeos 2.2 RC2 - index.php?language SQL Injection Advisory ID: HTB23181 Product: Dokeos Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure:...
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities Exploit Title: u M@d? - Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities Date: Discovered and reported November 2012 Author: Jacob Holcomb/Gimppy042 - Security Analyst...
Invision Power Board 3.3.0 - Local File Inclusion
Invision Power Board 3.3.0 - Local File Inclusion waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web:...
Log1 CMS 2.0 - ajax_create_folder.php Remote Code Execution
Log1 CMS 2.0 - ajaxcreatefolder.php Remote Code Execution ?php / +-----------------------------------------------------------+ + Log1CMS 2.0ajaxcreatefolder.php Remote Code Execution + +-----------------------------------------------------------+ Web-App : Log1CMS 2.0 Vendor :...
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-11-010 Release Date. 19-Sep-2011 Last Update. - Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C = TC4.1.2, MXP = F9.1 Severity Rating...
Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02)
Microsoft Excel - Axis Properties Record Parsing Buffer Overflow PoC MS11-02 """ This is a PoC for MS11-021/CVE-2011-0978 Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow w3bd3vilatgmaildot.com twitter.com/w3bd3vil Modify bits at file location 0x39E7 0:000:x86 r eax=04dd6380...
siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities
siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities Sources: http://aluigi.org/adv/factorylink1-adv.txt http://aluigi.org/adv/factorylink2-adv.txt http://aluigi.org/adv/factorylink3-adv.txt http://aluigi.org/adv/factorylink4-adv.txt http://aluigi.org/adv/factorylink5-adv.txt...
Oracle Document Capture 10.1.3.5 - Insecure Method Buffer Overflow
Oracle Document Capture 10.1.3.5 - Insecure Method Buffer Overflow Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Docume...
Native Instruments Kontakt 4 Player - .NKI File Syntactic Analysis Buffer Overflow (PoC)
Native Instruments Kontakt 4 Player - .NKI File Syntactic Analysis Buffer Overflow PoC / Title: Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.3.4125...
Mozilla Firefox - Simplified Memory Corruption (PoC)
Mozilla Firefox - Simplified Memory Corruption PoC Hi there, For those who still do not know .. The proof of concept that I have extracted for CVE-2010-3765 is the following: function Gstr var cobj=document.createElementstr; document.body.appendChildcobj; cobj.scrollWidth; function crashme...
LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form
LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory...
HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow
HP OpenView Network Node Manager OV NNM 7.53 - OvJavaLocale Buffer Overflow HP OPENVIEW NNM OVJAVALOCALE BUFFER OVERFLOW VULNERABILITY 1. ADVISORY INFORMATION Title: HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability Advisory Id: CORE-2010-0608 Advisory URL:...
EPay Enterprise 4.13 - cid SQL Injection
EPay Enterprise 4.13 - cid SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
crownweb - page.cfm SQL Injection
crownweb - page.cfm SQL Injection crownweb page.cfm Sql Injection Vulnerability =================================================================== .:. Email : [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : crownweb .:. Language : Cfm .:. Script Download:...
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional...
Joomla! Component Ice Gallery 0.5b2 - catid Blind SQL Injection
Joomla! Component Ice Gallery 0.5b2 - catid Blind SQL Injection Joomla Component comicecatid Blind SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : Blind SQL injection Google Dork : inurl:comice "catid"...
Joomla! Mambo Component Datsogallery 1.3.1 - id SQL Injection
Joomla! Mambo Component Datsogallery 1.3.1 - id SQL Injection source: https://www.securityfocus.com/bid/28361/info The Datsogallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL...
XCMS 1.83 - Remote Command Execution
XCMS 1.83 - Remote Command Execution Name : XCMS So the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So let's take a look to the bugged code. So with a simple html form we can change the footer. Ex: /textarea input type=...
DRBGuestbook 1.1.13 - index.php Cross-Site Scripting
DRBGuestbook 1.1.13 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25911/info DRBGuestbook is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute...
Lotus Domino R6 Webmail - Remote Password Hash Dumper
Lotus Domino R6 Webmail - Remote Password Hash Dumper !/bin/bash $Id: raptordominohash,v 1.3 2007/02/13 17:27:28 raptor Exp $ raptordominohash - Lotus Domino R5/R6 HTTPPassword dump Copyright c 2007 Marco Ivaldi Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores...
F3Site 2.1 - Remote Code Execution
F3Site 2.1 - Remote Code Execution ? // //Kacper & str0ke Settings $exploitname = "F3Site = 2.1 Remote Code Execution Exploit"; $scriptname = "F3Site 2.1"; $scriptsite = "http://dhost.info/compmaster/"; $dork = '"Powered by F3Site"'; //to work exploit you need admin session, and cookies prefix //...
MDForum 2.0.1 - PNSVlang Remote Code Execution
MDForum 2.0.1 - PNSVlang Remote Code Execution DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper...
Les Visiteurs 2.0 - Multiple Remote File Inclusions
Les Visiteurs 2.0 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/20259/info Les Visiteurs is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise...
TikiWiki 1.9 Sirius - jhot.php Remote Command Execution
TikiWiki 1.9 Sirius - jhot.php Remote Command Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++...
OnePlug CMS - pressdetails.asp?Press_Release_ID SQL Injection
OnePlug CMS - pressdetails.asp?PressReleaseID SQL Injection source: https://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL...
Microsoft Windows - JPEG GDI+ BindReverseAdminFile Download
Microsoft Windows - JPEG GDI+ BindReverseAdminFile Download / Exploit Name: ============= JpegOfDeath.M.c v0.6.a All in one Bind/Reverse/Admin/FileDownload ============= Tweaked Exploit By M4Z3R For GSO All Credits & Greetings Go To: ========== FoToZ, Nick DeBaggis, MicroSoft, Anthony Rocha,...
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Exploit Title: SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831.html CVE: N/A !/usr/bin/perl SecuSTATION SC-831 HD...
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE...
SOPlanning 1.45 - users SQL Injection
SOPlanning 1.45 - users SQL Injection Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on...
Jira 8.3.4 - Information Disclosure (Username Enumeration)
Jira 8.3.4 - Information Disclosure Username Enumeration Exploit Title: Jira 8.3.4 - Information Disclosure Username Enumeration Date: 2019-09-11 Exploit Author: Mufeed VH Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Version: 8.3.4 Tested on:...
Liferay CE Portal 6.0.2 - Remote Command Execution
Liferay CE Portal 6.0.2 - Remote Command Execution Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link:...
FreeBSD-SA-19:02.fd - Privilege Escalation
FreeBSD-SA-19:02.fd - Privilege Escalation Exploit: FreeBSD-SA-19:02.fd - Privilege Escalation Date: 2019-12-30 Author: Karsten König of Secfault Security Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration CVE: CVE-2019-5596 libmap.conf primitive inspired by kcope's 2005...
WordPress Core 5.3.x - xmlrpc.php Denial of Service
WordPress Core 5.3.x - xmlrpc.php Denial of Service !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries: prefi...
msdn.com
Pentest notes for: msdn.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:58:32 2019 as: /usr/bin/nmap -sV -A -oA log/msdn.com msdn.com Nmap scan report for msdn.com 13.77.161.179 Host is up 0.17s latency. Other addresses for msdn.com not scanned: 104.215.148.63 40.76.4.15 40.112.72.205...
DotNetNuke 9.4.0 - Cross-Site Scripting
DotNetNuke 9.4.0 - Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits a notification page...
V-SOL GPONEPON OLT Platform 2.03 - Remote Privilege Escalation
V-SOL GPONEPON OLT Platform 2.03 - Remote Privilege Escalation Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested...
YouPHPTube 7.2 - userCreate.json.php SQL Injection
YouPHPTube 7.2 - userCreate.json.php SQL Injection Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3...