41207 matches found
Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Source: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/ptchown was used to change ownership of slave pts...
glibc - getaddrinfo Stack Buffer Overflow (PoC)
glibc - getaddrinfo Stack Buffer Overflow PoC Sources: https://googleonlinesecurity.blogspot.sg/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547 Technical information: glibc reserves 2048 bytes in the stack through alloca for the DNS answer at...
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference (MS15-134)
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference MS15-134 1. Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL:...
Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery
Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery Exploit Title: CSRF, Network Threat Appliance IDS / IPS Google Dork: intitle: CSRF Network Threat Appliance IDS / IPS Date: 2015-07-24 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.hexiscyber.com Softwa...
Linux Kernel 3.13.0 3.19 (Ubuntu 12.0414.0414.1015.04) - overlayfs Local Privilege Escalation
Linux Kernel 3.13.0 3.19 Ubuntu 12.0414.0414.1015.04 - overlayfs Local Privilege Escalation / Exploit Title: ofs.c - overlayfs local root in ubuntu Date: 2015-06-15 Exploit Author: rebel Version: Ubuntu 12.04, 14.04, 14.10, 15.04 Kernels before 2015-06-15 Tested on: Ubuntu 12.04, 14.04, 14.10,...
ICU library 52 54 - Multiple Vulnerabilities
ICU library 52 54 - Multiple Vulnerabilities Heap overflow and integer overflow in ICU library v52 to v54 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last update...
vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting
vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview...
WordPress Plugin All In One WP Security 3.8.2 - SQL Injection
WordPress Plugin All In One WP Security 3.8.2 - SQL Injection Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without...
Linux Kernel 3.2.0-23 (Ubuntu 12.04 x64) - ptracesysret Local Privilege Escalation
Linux Kernel 3.2.0-23 Ubuntu 12.04 x64 - ptracesysret Local Privilege Escalation / CVE-2014-4699 ptrace/sysret PoC by Vitaly Nikolenko [email protected] gcc -O2 pocv0.c This code is kernel specific. On Ubuntu 12.04.0 LTS 3.2.0-23-generic, the following will trigger the GP in sysret and overwrite...
SAP Router - Timing Attack Password Disclosure
SAP Router - Timing Attack Password Disclosure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...
INSTEON Hub 2242-222 - Lack of Web and API Authentication
INSTEON Hub 2242-222 - Lack of Web and API Authentication Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model...
Linux Kernel 3.8.9 (x86-64) - perf_swevent_init Local Privilege Escalation (2)
Linux Kernel 3.8.9 x86-64 - perfsweventinit Local Privilege Escalation 2 / CVE-2013-2094 exploit x8664 Linux include include include include include include include include include define BASE 0x380000000 define BASEJUMP 0x1780000000 define SIZE 0x10000000 define KSIZE 0x2000000 define TMPx...
phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities
phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web:...
McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method
McAfee Virtual Technician MVT 6.5.0.2101 - Insecure ActiveX Method Advisory ID: HTB23128 Product: McAfee Virtual Technician MVT 6.5.0.2101 Vendor: McAfee Vulnerable Versions: 6.5.0.2101 and probably prior Tested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9 Vendor Notification:...
glossword 1.8.12 - Multiple Vulnerabilities
glossword 1.8.12 - Multiple Vulnerabilities =================================================== Vulnerable Software: Glossword 1.8.12 Tested version: Glossword 1.8.12 Download: http://sourceforge.net/projects/glossword/files/glossword/1.8.12/ Vulns: XSS && Database Backup Disclosure && CSRF &&...
Bitweaver 2.8.1 - Multiple Vulnerabilities
Bitweaver 2.8.1 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver http://www.bitweaver.org/ Product: Bitweaver Version affected: 2.8.1 and earlier versions Product description:...
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform...
Supernews 2.6.1 - noticias.php?cat SQL Injection
Supernews 2.6.1 - noticias.php?cat SQL Injection Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31. $que...
SOOP Portal Raven 1.0b - SQL Injection
SOOP Portal Raven 1.0b - SQL Injection Exploit Title: SOOP Portal Raven 1.0b sql injection Google Dork: Powered by SOOP Portal Raven 1.0b Date: date Author: Evil-Thinker Version: Raven 1.0b Tested on: Windows Soft Technologie : ASP.net Exploit Details :...
EzPub Simple Classic ASP CMS - SQL Injection
EzPub Simple Classic ASP CMS - SQL Injection Title: EzPub - Simple Classic ASP CMS Vulnerable to SQL Injection Vendor: http://www.soft4web.ro Found by: p0pc0rn 08/03/2011 Dork: intext:"Powered by EZPub" SQL - Microsoft JET Database Engine error ------------------------------------------...
Joomla! Component Ozio Gallery - SQL Injection
Joomla! Component Ozio Gallery - SQL Injection Exploit Title: Joomla Component comoziogallery SQL Injection Vulnerability Date: 2010/07/25 Author: ViRuS Qalaa Email: [email protected] My Sites : www.pal-mafia.com & www.vbspiders.com Tested on: Windows Team hacker:ViRuS Qalaa & HaCkEr aRaR X-MaN HaCk3r...
Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection
Worldweaver DX Studio Player 3.0.29.1 Firefox plugin - Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio...
PHP-Fusion Mod Book Panel - bookid SQL Injection
PHP-Fusion Mod Book Panel - bookid SQL Injection /+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\ + + + |----------------------------------------------------------------| + + | PHP-Fusion Mod - Book Panel Remote SQL Injectio...
DMXReady PayPal Store Manager 1.1 - Contents Change
DMXReady PayPal Store Manager 1.1 - Contents Change Title : DMXReady PayPal Store Manager http://target/path//applications/PayPalStoreManager/incpaypalstoremanager.asp Edit - http://target/path//admin/PayPalStoreManager/CategoryManager/list.asp : milw0rm.com 2009-01-14...
Simple Machines Forum (SMF) 1.0.131.1.5 - Destroyer 0.1 Password Reset Security Bypass
Simple Machines Forum SMF 1.0.131.1.5 - Destroyer 0.1 Password Reset Security Bypass !/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood b...
ShopMaker CMS 1.0 - id SQL Injection
ShopMaker CMS 1.0 - id SQL Injection || | | ShopMaker v1.0 product.php id Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | script : http://shop.maker.ir | | Dor...
Linksys WRT54G Firmware 1.00.9 - Security Bypass (2)
Linksys WRT54G Firmware 1.00.9 - Security Bypass 2 | l/ l j| \ / \ | \l j| \ | T l j| \ | | / \ | ' / | T | YY Y| o | T | Yl/ | | T | Y| jY Y | \ | | | | || Q || / | | | | || j | | | | || l | O | | Y | | | | || || | | | | | || / | | | | | || | | | . | j l | | |l || | j l | | || || T j l | | || T ...
XOOPS Module eEmpregos - cid SQL Injection
XOOPS Module eEmpregos - cid SQL Injection XOOPS Module eEmpregos SQL Injectioncid AUTHOR : S@BUN HOME 1 : http://www.milw0rm.com/author/1334 MAİL : [email protected] DORK 1 : allinurl: "modules/eEmpregos/index.php" DORK 2 : allinurl: cid "modules/eEmpregos" example...
IBM AIX 5.3.0 - setlocale() Local Privilege Escalation
IBM AIX 5.3.0 - setlocale Local Privilege Escalation setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccdddd\x2f\xf2\x28\x2f" egg="\x60"2350 shellcode= by intropy caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel...
Ubuntu 6.06 - DHCPd Remote Denial of Service
Ubuntu 6.06 - DHCPd Remote Denial of Service Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit Author: RoMaNSoFt Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/4601.tgz 1022007-DoS-CVE-2007-5365.tgz milw0rm.com 2007-11-02...
Kodak Image Viewer - TIFTIFF Code Execution (MS07-055)
Kodak Image Viewer - TIFTIFF Code Execution MS07-055 / MS07-055 Kodak Image Viewer TIF/TIFF Code Execution Proof Of Concept by Hong Gil-Dong, Jeon Woo-chi Hwang-Hee?1542, Prime Minister in Korea Once upon a time, One servant of Hwang-Hee was arguing with another servant. they asked Hwang-Hee to...
PHP 4.4.75.2.3 - MySQLMySQLi Safe_Mode Bypass
PHP 4.4.75.2.3 - MySQLMySQLi SafeMode Bypass Affected Products: Philip Olausson Reported: 2007-06-05 Released: 2007-08-30 CVE: CVE-2007-3997 Issue: A vulnerability exists in PHP's MySQL and MySQLi extenstions which can be used to bypass PHP's safemode security restriction. Description: PHP is a...
STWC-Counter 3.4.0 - downloadcounter.php Remote File Inclusion
STWC-Counter 3.4.0 - downloadcounter.php Remote File Inclusion ?php //File Inclusion Exploit for STWC-Counter = 3.4.0.0 //Found and Exploit Coded by burncycle - burncycleatrobert-berandotde //| //Vendor: http://www.stwc-counter.de/ //Dork: www.stwc-counter.de //| //Bug in "downloadcounter.php":...
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service / source: https://www.securityfocus.com/bid/15365/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from a failure to properly unregister kernel resources when network devices are...
JamMail 1.8 - Jammail.pl Arbitrary Command Execution
JamMail 1.8 - Jammail.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to...
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection 1 source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote...
CCBILL CGI - ccbillx.c whereami.cgi Remote Code Execution
CCBILL CGI - ccbillx.c whereami.cgi Remote Code Execution / ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGH...
Microsoft Windows - WizardOpium Local Privilege Escalation
Microsoft Windows - WizardOpium Local Privilege Escalation include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx,...
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage:...
phpMyChat-Plus 1.98 - pmc_username Reflected Cross-Site Scripting
phpMyChat-Plus 1.98 - pmcusername Reflected Cross-Site Scripting Exploit Title: phpMyChat-Plus 1.98 - 'pmcusername' Reflected Cross-Site Scripting Date: 2019-12-19 Exploit Author: Chris Inzinga Vendor Homepage: http://ciprianmp.com/latest/ Download: https://sourceforge.net/projects/phpmychat/...
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before any...
exploitpack.com
Pentest notes for: exploitpack.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:27:33 2019 as: /usr/bin/nmap -sV -A -oA log/exploitpack.com exploitpack.com Nmap scan report for exploitpack.com 132.148.22.104 Host is up 0.18s latency. rDNS record for 132.148.22.104:...
CBAS-Web 19.0.0 - Remote Code Execution
CBAS-Web 19.0.0 - Remote Code Execution Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Microsoft SharePoint 2013 SP1 - DestinationFolder Persistant Cross-Site Scripting
Microsoft SharePoint 2013 SP1 - DestinationFolder Persistant Cross-Site Scripting Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Discovery Date: 2019-09-25 Vendor Homepage: https://www.microsoft.com Software Link:...
SAP Crystal Reports - Information Disclosure
SAP Crystal Reports - Information Disclosure Exploit Title: Sensitive Information Disclosure in SAP Crystal Reports Date: 2019-04-10 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 Version: SAP Crystal...
Thunderbird ESR 60.7.XXX - icalmemorystrdupanddequote Heap-Based Buffer Overflow
Thunderbird ESR 60.7.XXX - icalmemorystrdupanddequote Heap-Based Buffer Overflow X41 D-Sec GmbH Security Advisory: X41-2019-001 Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed...
Zoho ManageEngine ServiceDesk Plus 9.3 - PurchaseRequest.do Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - PurchaseRequest.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via PurchaseRequest.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting Exploit Title: TL-WR840N v5 00000005 Date: 5/10/2019 Exploit Author: purnendu ghosh Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Category: Hardware...
WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...
Ticketly 1.0 - name SQL Injection
Ticketly 1.0 - name SQL Injection Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...