41207 matches found
Early Impact ProductCart 2.62.7 - viewPrd.asp?idcategory SQL Injection
Early Impact ProductCart 2.62.7 - viewPrd.asp?idcategory SQL Injection source: https://www.securityfocus.com/bid/13881/info ProductCart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it...
PHP-Nuke 7.x - Multiple Remote File Inclusions
PHP-Nuke 7.x - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issue...
Yappa-ng 1.x2.x - Remote File Inclusion
Yappa-ng 1.x2.x - Remote File Inclusion source: https://www.securityfocus.com/bid/13371/info yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts. The vendor has not published any specific details about this...
Multiple AntiVirus - .zip Detection Bypass
Multiple AntiVirus - .zip Detection Bypass / zipbrk.c - Proof-of-Concept for CAN-2004-0932 - CAN-2004-0937 Copyright C 2004 oc.192 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation...
Microsoft Windows (x86) - Metafile .emf Heap Overflow (MS04-032)
Microsoft Windows x86 - Metafile .emf Heap Overflow MS04-032 / HOD-ms04032-emf-expl2.c: MS04-032 Microsoft Windows XP Metafile .emf Heap Overflow Exploit version 0.2 PUBLIC coded by .:: houseofdabus ::. at inbox dot ru ------------------------------------------------------------------- About...
DotBr 0.1 - System.php3 Remote Command Execution
DotBr 0.1 - System.php3 Remote Command Execution source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitra...
Microsoft Windows NT 4.02000 - NetBIOS Name Conflict
Microsoft Windows NT 4.02000 - NetBIOS Name Conflict source: https://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not...
HP System Event Utility - Local Privilege Escalation
HP System Event Utility - Local Privilege Escalation Exploit Title: HP System Event Utility - Local Privilege Escalation Author: hyp3rlinx Date: 2020-02-11 Vendor: www.hp.com Link: https://hp-system-event-utility.en.lo4d.com/download CVE: CVE-2019-18915 + Credits: John Page aka hyp3rlinx + Websit...
Torrent iPod Video Converter 1.51 - Stack Overflow
Torrent iPod Video Converter 1.51 - Stack Overflow Exploit Title: Torrent iPod Video Converter 1.51 - Stack Overflow Exploit Author: boku Date: 2020-02-10 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link:...
OpenSMTPD 6.6.2 - Remote Code Execution
OpenSMTPD 6.6.2 - Remote Code Execution Exploit Title: OpenSMTPD 6.6.2 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1...
Apache Olingo OData 4.0 - XML External Entity Injection
Apache Olingo OData 4.0 - XML External Entity Injection COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High...
Omron PLC 1.0.0 - Denial of Service (PoC)
Omron PLC 1.0.0 - Denial of Service PoC Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Google Dork: n/a Date: 2019-12-06 Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 :...
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery Exploit Title: Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery Date: 2019-11-06 Exploit Author: Joas Antonio Vendor Homepage: intelbras.com.br Software Link:...
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL:...
Siemens Desigo PX 6.00 - Denial of Service (PoC)
Siemens Desigo PX 6.00 - Denial of Service PoC Title: Siemens Desigo PX 6.00 - Denial of Service PoC Author: LiquidWorm Date: 2019-11-14 Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version:6.00...
Computrols CBAS-Web 19.0.0 - username Reflected Cross-Site Scripting
Computrols CBAS-Web 19.0.0 - username Reflected Cross-Site Scripting Exploit Title: Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Prima Access Control 2.3.35 - Arbitrary File Upload
Prima Access Control 2.3.35 - Arbitrary File Upload Exploit Title: Prima Access Control 2.3.35 - Arbitrary File Upload Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Solaris 11.4 - xscreensaver Privilege Escalation
Solaris 11.4 - xscreensaver Privilege Escalation @Mediaservice.net Security Advisory 2019-02 last updated on 2019-10-16 Title: Local privilege escalation on Solaris 11.x via xscreensaver Application: Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4 Jamie Zawinski's xscreensaver 5....
Microsoft SharePoint 2013 SP1 - DestinationFolder Persistant Cross-Site Scripting
Microsoft SharePoint 2013 SP1 - DestinationFolder Persistant Cross-Site Scripting Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Discovery Date: 2019-09-25 Vendor Homepage: https://www.microsoft.com Software Link:...
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting 2 Exploit Title: WordPress Plugin Photo Gallery by 10Web img src=a onerror='alert2;' 4. Click Save. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor...
Thunderbird ESR 60.7.XXX - icalmemorystrdupanddequote Heap-Based Buffer Overflow
Thunderbird ESR 60.7.XXX - icalmemorystrdupanddequote Heap-Based Buffer Overflow X41 D-Sec GmbH Security Advisory: X41-2019-001 Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed...
Oracle Business Intelligence 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - Directory Traversal
Oracle Business Intelligence 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - Directory Traversal Exploit Title: Directory traversal in Oracle Business Intelligence Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...
WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass Unauthorized Order Status Spoofing
WordPress Plugin WooCommerce - GloBee cryptocurrency Payment Gateway 1.1.1 - Payment Bypass Unauthorized Order Status Spoofing ?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018...
LiquidVPN 1.36 1.37 - Privilege Escalation
LiquidVPN 1.36 1.37 - Privilege Escalation / ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE IDs: CVE-2018-18856, CVE-2018-18857, CVE-2018-1885...
Responsive FileManager 9.13.4 - Directory Traversal
Responsive FileManager 9.13.4 - Directory Traversal The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following reque...
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR DEP Bypass)
Foxit Reader 9.0.1.1049 - Buffer Overflow ASLR DEP Bypass %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Exploit Title: Foxit Reader 9.0.1.1049 - Buffer Overflow ASLRDEP Date: 2018-08-04 Exploit Author: Manoj Ahuje Tested on: Windows 7 Pro x32 Software Link:...
ADB Broadband Gateways Routers - Authorization Bypass
ADB Broadband Gateways Routers - Authorization Bypass SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version:...
SoftExpert Excellence Suite 2.0 - cddocument SQL Injection
SoftExpert Excellence Suite 2.0 - cddocument SQL Injection Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAI...
WordPress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection
WordPress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link:...
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy...
Norton Core Secure WiFi Router - BLE Command Injection (PoC)
Norton Core Secure WiFi Router - BLE Command Injection PoC PoC command injection in BLE service of Norton Core Secure WiFi Router CVE-2018-5234 For more information read paper. To demonstrate the exploitation, we will use: - OS GNU/Linux; - Bluetooth dongle adapter; - BlueZ utility for testing...
Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery
Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" laste...
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Monstra CMS 3.0.4 - Arbitrary Folder Deletion Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra...
Kodi 17.6 - Persistent Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831...
WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free function jsfuzzer var b = document.createElement"body"; a.appendb; ta.autofocus = true; var iframe = document.createElement"iframe"; b.appendChildiframe; li.appendChilddd; iframe.contentDocument.caretRangeFromPoint; function...
FileRun 2017.09.18 - SQL Injection
FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Automated Logic WebCTRL 6.5 - Local Privilege Escalation Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior ALC WebCTRL,...
Mozilla Firefox 53 - gfxTextRun Out-of-Bounds Read
Mozilla Firefox 53 - gfxTextRun Out-of-Bounds Read .class1 float: left; white-space: pre-line; .class2 border-bottom-style: solid; font-face: Arial; font-size: 7ex; function go menuitem.appendChilddocument.body.firstChild; canvas.toBlobcallback; function callback var s = menu.style;...
Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)
Microsoft Windows - SMB Remote Code Execution Scanner MS17-010 Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework auxiliary/scanner/smb/smbms17010 require 'msf/core' class MetasploitModule 'MS17-010 SMB RCE...
D-Link DWR-116 DWR-116A1 - Arbitrary File Download
D-Link DWR-116 DWR-116A1 - Arbitrary File Download Title: D-Link DWR-116 Arbitrary File Download Vendor: D-Link www.dlink.com Affected models: DWR-116 / DWR-116A1 Tested on: V1.01EU, V1.00CPb10, V1.05AU CVE: CVE-2017-6190 Date: 04.07.2016 Author: Patryk Bogdan @patrykbogdan Description: D-Link...
Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution
Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By...
Nintendo Switch - WebKit Code Execution (PoC)
Nintendo Switch - WebKit Code Execution PoC CVE-2016-4657 Switch PoC body font-size: 2em; a text-decoration: none; color: 000; a:hover color: f00; font-weight: bold; CVE-2016-4657 Nintendo Switch PoC go! reload waiting... click go. // display JS errors as alerts. Helps debugging. window.onerror =...
F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure
F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure -- coding: utf-8 -- !/usr/bin/python Exploit Title: Ticketbleed Google Dork: n/a Date: Exploit: 02/13/17, Advisory Published: 02/09/17 Exploit Author: @0x00string Vendor Homepage: https://f5.com/ Software Link:...
WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities
WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities Multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure:...
SAP HANA 1.00.095 - hdbindexserver Memory Corruption
SAP HANA 1.00.095 - hdbindexserver Memory Corruption ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public...
Horde Groupware 5.2.10 - Cross-Site Request Forgery
Horde Groupware 5.2.10 - Cross-Site Request Forgery Advisory ID: HTB23272 Product: Horde Groupware Vendor: http://www.horde.org Vulnerable Versions: 5.2.10 and probably prior Tested Version: 5.2.10 Advisory Publication: September 30, 2015 without technical details Vendor Notification: September 3...
Oxwall 1.7.4 - Cross-Site Request Forgery
Oxwall 1.7.4 - Cross-Site Request Forgery Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September ...
ICU library 52 54 - Multiple Vulnerabilities
ICU library 52 54 - Multiple Vulnerabilities Heap overflow and integer overflow in ICU library v52 to v54 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last update...
Phoenix Contact ILC 150 ETH PLC - Remote Control Script
Phoenix Contact ILC 150 ETH PLC - Remote Control Script ! /usr/bin/env python ''' Exploit Title: Phoenix Contact ILC 150 ETH PLC Remote Control script Date: 2015-05-19 Exploit Author: Photubias - tijldotdeneutathowestdotbe Vendor Homepage:...
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page :...