41207 matches found
xorg-x11-server 1.20.1 - Local Privilege Escalation
xorg-x11-server 1.20.1 - Local Privilege Escalation Exploit Title: xorg-x11-server bolo console opened Building root shell wait 2 minutes crontab overwritten ... cut Xorg output ... Xorg killed II Server terminated successfully 0. Closing log file. Don't forget to cleanup /etc/crontab and /tmp di...
LiquidVPN 1.36 1.37 - Privilege Escalation
LiquidVPN 1.36 1.37 - Privilege Escalation / ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE IDs: CVE-2018-18856, CVE-2018-18857, CVE-2018-1885...
Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket
Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket ======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889...
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and bel...
OpenSLP 2.0.0 - Double-Free
OpenSLP 2.0.0 - Double-Free ''' | | | | | | | || | | | | -| | . | . | | . | . | | | . | | -| | | | -| -| ||| || ||||||| || || ||| || 2018-06-28 SLPD DOUBLE FREE ================ CVE-2018-12938 An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by...
DIGISOL DG-BR4000NG - Cross-Site Scripting
DIGISOL DG-BR4000NG - Cross-Site Scripting Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Date: 2018-06-24 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta...
MikroTik RouterOS 6.38.4 (MIPSBE) - Chimay Red Stack Clash Remote Code Execution
MikroTik RouterOS 6.38.4 MIPSBE - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python3 Mikrotik Chimay Red Stack Clash Exploit by BigNerd95 Tested on RouterOS 6.38.4 mipsbe using a CRS109 Used tools: pwndbg, rasm2, mipsrop for IDA I used ropper only to automatically find gadgets ASL...
Sony Playstation 4 (PS4) 4.55 5.50 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 4.55 5.50 - WebKit Code Execution PoC window.didload = 0; window.didpost = 0; window.onload = function window.didload = 1; if window.didpost == 1 window.stage2; window.postExpl = function window.didpost = 1; if window.didload == 1 window.stage2; function makeid var text = "...
JBoss Remoting 6.14.18 - Denial of Service
JBoss Remoting 6.14.18 - Denial of Service Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Date: 14-02-2018 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link:...
WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
WebKit - WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free function jsfuzzer var b = document.createElement"body"; a.appendb; ta.autofocus = true; var iframe = document.createElement"iframe"; b.appendChildiframe; li.appendChilddd; iframe.contentDocument.caretRangeFromPoint; function...
PHPFreeChat 1.7 - Denial of Service
PHPFreeChat 1.7 - Denial of Service Exploit Title: phpFreeChat 1.7 and earlier - Denial of Service Version: 1.7 and earlier Date: 21/01/2018 Vendor Homepage: http://www.phpfreechat.net Software Link: http://www.phpfreechat.net/download Exploit Author: A. Pakbaz CVE : CVE-2018-5954 1 $pid=pcntlfor...
FuzzerTCP
This is yet a simple fuzzer written in Python that uses SCAPY to create IP packages and send them over a socket, it works as a server/client and logs all packet in hexadecimal to make it easier to modify. Fuzzer Author: Juan Sacco Date and time: 31 October 2017 Description: This a yet simple fuzz...
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt + ISR: ApparitionSec Vendor: =======...
Linksys E Series - Multiple Vulnerabilities
Linksys E Series - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable /...
binutils 2.29.51.20170921 - read_1_byte Heap Buffer Overflow
binutils 2.29.51.20170921 - read1byte Heap Buffer Overflow Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read1byte-dwarf2-c/ Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: nm -A -a -l -S -s...
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'Fatek Automation PLC WinProladder Stack-based Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Fatek Automation PLC...
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Automated Logic WebCTRL 6.5 - Local Privilege Escalation Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior ALC WebCTRL,...
Apple macOSiOS - xpc_data Objects Sandbox Escape Privilege Escalation
Apple macOSiOS - xpcdata Objects Sandbox Escape Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1247 When XPC serializes large xpcdata objects it creates mach memory entry ports to represent the memory region then transfers that region to the receiving proce...
Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table
Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see...
Intel Active Management Technology - System Privileges
Intel Active Management Technology - System Privileges !/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-5689 = dork="Server: IntelR Active Management Technology" port:"16992", ports= 623, 664, 16992, 16993, 16994, 16995 products= Active Management Technology AMT, Intel Standard...
D-Link DWR-116 DWR-116A1 - Arbitrary File Download
D-Link DWR-116 DWR-116A1 - Arbitrary File Download Title: D-Link DWR-116 Arbitrary File Download Vendor: D-Link www.dlink.com Affected models: DWR-116 / DWR-116A1 Tested on: V1.01EU, V1.00CPb10, V1.05AU CVE: CVE-2017-6190 Date: 04.07.2016 Author: Patryk Bogdan @patrykbogdan Description: D-Link...
Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution
Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By...
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)
Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free PoC // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A trigger for CVE-2017-6074, crashes kernel. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // //...
NTP 4.2.8p8 - Denial of Service
NTP 4.2.8p8 - Denial of Service !/usr/bin/env python Exploit Title: ntpd remote pre-auth Denial of Service Date: 2016-11-21 Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: http://dumpco.re/cve-2016-7434/ Vendor Homepage: http://www.ntp.org/ Software Link:...
MiCasaVerde VeraLite - Remote Code Execution
MiCasaVerde VeraLite - Remote Code Execution Exploit Title: MiCasa VeraLite Remote Code Execution Date: 10-20-2016 Software Link: http://getvera.com/controllers/veralite/ Exploit Author: Jacob Baines Contact: https://twitter.com/JuniorBaines CVE: CVE-2013-4863 & CVE-2016-6255 Platform: Hardware 1...
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor:...
Linux Kernel - TCP Related Read Use-After-Free
Linux Kernel - TCP Related Read Use-After-Free // Source: https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html // to build clang derp4.c -o derp4 -static include include include include include include ifndef SYSmmap define SYSmmap 9 endif ifndef SYSsocke...
GitLab - impersonate Feature Privilege Escalation
GitLab - impersonate Feature Privilege Escalation Exploit Title: GitLab privilege escalation via "impersonate" feature Date: 02-05-2016 Software Link: https://about.gitlab.com/ Version: 8.2.0 - 8.2.4, 8.3.0 - 8.3.8, 8.4.0 - 8.4.9, 8.5.0 - 8.5.11, 8.6.0 - 8.6.7, 8.7.0 Exploit Author: Kaimi Website...
vBulletin 5.2.2 - Server-Side Request Forgery
vBulletin 5.2.2 - Server-Side Request Forgery ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6483 - Release date: 05.08.2016 - Severity: High ============================================= I...
PHP gettext 1.0.12 - gettext.php Code Execution
PHP gettext 1.0.12 - gettext.php Code Execution CVE-2016-6175 gettext.php | @kmkzsecurity Project Homepage: https://launchpad.net/php-gettext/ Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz Version: 1.0.12 latest release Tested on: Linux Debian, PHP...
Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers
Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers Vendor: Inductive Automation Product web page: http://www.inductiveautomation.com Affected version: 7.8.1 b2016012216 and 7.8.0 b2015101414 Platform: Java...
SAP HANA 1.00.095 - hdbindexserver Memory Corruption
SAP HANA 1.00.095 - hdbindexserver Memory Corruption ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public...
WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion
WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion Advisory ID: HTB23275 Product: Gwolle Guestbook WordPress Plugin Vendor: Marcel Pol Vulnerable Versions: 1.5.3 and probably prior Tested Version: 1.5.3 Advisory Publication: October 14, 2015 without technical details Vendor...
Horde Groupware 5.2.10 - Cross-Site Request Forgery
Horde Groupware 5.2.10 - Cross-Site Request Forgery Advisory ID: HTB23272 Product: Horde Groupware Vendor: http://www.horde.org Vulnerable Versions: 5.2.10 and probably prior Tested Version: 5.2.10 Advisory Publication: September 30, 2015 without technical details Vendor Notification: September 3...
AirLink101 SkyIPCam1620W - OS Command Injection
AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...
Phoenix Contact ILC 150 ETH PLC - Remote Control Script
Phoenix Contact ILC 150 ETH PLC - Remote Control Script ! /usr/bin/env python ''' Exploit Title: Phoenix Contact ILC 150 ETH PLC Remote Control script Date: 2015-05-19 Exploit Author: Photubias - tijldotdeneutathowestdotbe Vendor Homepage:...
Sefrengo CMS 1.6.1 - Multiple SQL Injections
Sefrengo CMS 1.6.1 - Multiple SQL Injections Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://www.sefrengo.org/ Software Link:...
Symantec Data Center Security - Multiple Vulnerabilities
Symantec Data Center Security - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec...
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)
ManageEngine EventLog Analyzer - Multiple Vulnerabilities 2 Multiple vulnerabilities in ManageEngine EventLog Analyzer Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 05/11/2014 / Last...
Ammyy Admin 3.5 - Remote Code Execution (Metasploit)
Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...
Broadcom PIPA C211 - Sensitive Information Disclosure
Broadcom PIPA C211 - Sensitive Information Disclosure Vulnerability title: Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 CVE: CVE-2014-2046 Vendor: Broadcom Ltd Product: PIPA C211 Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2 Fixed version: N/A...
Oracle WebCenter Sites Satellite Server - HTTP Header Injection
Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...
Clipbucket 2.6 Revision 738 - Multiple SQL Injections
Clipbucket 2.6 Revision 738 - Multiple SQL Injections Advisory ID: HTB23125 Product: ClipBucket Vendor: clip-bucket.com Vulnerable Versions: 2.6 Revision 738 and probably prior Tested Version: 2.6 Revision 738 Vendor Notification: November 7, 2012 Vendor Patch: November 28, 2012 Public Disclosure...
Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities
Samsung Kies 2.3.2.1205420 - Multiple Vulnerabilities Advisory ID: HTB23099 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.3.2.1205420 and probably prior Tested Version: 2.3.2.1205420 Vendor Notification: June 25, 2012 Public Disclosure: October 15, 2012 Vulnerability...
Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting Cross-Site Request Forgery
Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting Cross-Site Request Forgery Exploit Title: Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF Date: 13/09/2012 Exploit Author: modpr0be modpr0beatspentera.com Vendor Homepage: http://www.trendmicro.com...
IrfanView JLS Formats PlugIn - Heap Overflow
IrfanView JLS Formats PlugIn - Heap Overflow Summary ======= IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin jpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, ...
Oreans Themida 2.1.8.0 - .TMD File Handling Buffer Overflow
Oreans Themida 2.1.8.0 - .TMD File Handling Buffer Overflow / Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability Vendor: Oreans Technologies Product web page: http://www.oreans.com Affected version: 2.1.8.0 32/64bit Summary: Advanced Windows software protection system,...
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
Linux Kernel 2.6.36 IGMP - Remote Denial of Service / linux-undeadattack.c Linux IGMP Remote Denial Of Service Introduced in linux-2.6.36 CVE-2012-0207 credits to Ben Hutchings: http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html written By Kingcope Year 2012...
VMware - Update Manager Directory Traversal
VMware - Update Manager Directory Traversal Exploit Title:VMware Update Manager Directory Traversal Date:18/11/2011 Author: Alexey Sintsov Software Link: http://www.vmware.com/ Version:2.0.2 Tested on: Windows 2003 / vCenter Update Manager 4.1 U1 CVE : CVE-2011-4404 DSECRG-11-042 VMware Update...
Clear iSpotClearspot 2.0.0.0 - Cross-Site Request Forgery
Clear iSpotClearspot 2.0.0.0 - Cross-Site Request Forgery Trustwave's SpiderLabs Security Advisory TWSL2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt Published: 2010-12-10 Version: 1.0 Vendor: Clear http://www.clear.com...