41207 matches found
Adobe ColdFusion 2018 - Arbitrary File Upload
Adobe ColdFusion 2018 - Arbitrary File Upload Exploit Title: Unrestricted file upload in Adobe ColdFusion 2018 Google Dork: ext:cfm Date: 10-12-2018 Exploit Author: Pete Freitag of Foundeo Reversed: Vahagn vah13 Vardanian Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 C...
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities ''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL:...
Anviz AIM CrossChex Standard 4.3 - CSV Injection
Anviz AIM CrossChex Standard 4.3 - CSV Injection Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on...
Faleemi Desktop Software 1.8.2 - Device alias Local Buffer Overflow (SEH)
Faleemi Desktop Software 1.8.2 - Device alias Local Buffer Overflow SEH Exploit Title: Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-25 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe Tested Version...
Apache Syncope 2.0.7 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory:...
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR DEP Bypass)
Foxit Reader 9.0.1.1049 - Buffer Overflow ASLR DEP Bypass %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Exploit Title: Foxit Reader 9.0.1.1049 - Buffer Overflow ASLRDEP Date: 2018-08-04 Exploit Author: Manoj Ahuje Tested on: Windows 7 Pro x32 Software Link:...
PHP Template Store Script 3.0.6 - Cross-Site Scripting
PHP Template Store Script 3.0.6 - Cross-Site Scripting Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name Date: 02.08.2018 Site Titel : Exclusive Scripts Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy...
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 170109) - Access Control Bypass
Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds 140721 170109 - Access Control Bypass Exploit Title: Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds: 140721 - 170109 Backdoor Date: 15-03-2018 Vendor Homepage: http://www.hikvision.com/en/ Exploit Author: Matamorphosis Category: Web Apps...
WebLog Expert Enterprise 9.4 - Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: ======= www.weblogexpert.c...
Suricata 4.0.4 - IDS Detection Bypass
Suricata 4.0.4 - IDS Detection Bypass ----------------------------------------------------- Vulnerability Type: Detection Bypass Affected Product: Suricata Vulnerable version: SYN Seq=0 Ack= 0 - Evil Server Client ACK Seq=1 Ack= 84 - Evil Server Client - PSH, ACK Seq=1 Ack= 84 - Evil Server IDS...
TestLink Open Source Test Management 1.9.16 - Remote Code Execution
TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...
Quickad 4.0 - SQL Injection
Quickad 4.0 - SQL Injection Exploit Title: Classified Ads CMS - Quickad 4.0 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://bylancer.com/ Software Link: https://codecanyon.net/item/quickad-classified-ads-php-script/19960675 Version: 4.0 Category: Webapps Tested on:...
Herospeed - TelnetSwitch Remote Stack Overflow Overwrite Password Enable TelnetD
Herospeed - TelnetSwitch Remote Stack Overflow Overwrite Password Enable TelnetD !/usr/bin/env python2.7 Herospeed TelnetSwitch daemon running on TCP/787, for allowing enable of the telnetd. Where one small stack overflow allows us to overwrite the dynamicly generated password and enable telnetd...
Linux Kernel 4.14.rc3 - Local Denial of Service
Linux Kernel 4.14.rc3 - Local Denial of Service / Exploit Title: Linux Kernelnrfrags was overwritten by ev-iferror = err 0xff in the condition where nlh-nlmsglen==0x10 and skb-len nlh-nlmsglen. POC: / include include include include include define NETLINKUSER 31 define MAXPAYLOAD 1024 / maximum...
FiberHome ADSL AN1020-25 - Improper Access Restrictions
FiberHome ADSL AN1020-25 - Improper Access Restrictions Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHo...
Mozilla Firefox 53 - gfxTextRun Out-of-Bounds Read
Mozilla Firefox 53 - gfxTextRun Out-of-Bounds Read .class1 float: left; white-space: pre-line; .class2 border-bottom-style: solid; font-face: Arial; font-size: 7ex; function go menuitem.appendChilddocument.body.firstChild; canvas.toBlobcallback; function callback var s = menu.style;...
Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution (MS17-010)
Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb from struct import pack import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system depended on what is...
Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)
Microsoft Windows - SMB Remote Code Execution Scanner MS17-010 Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework auxiliary/scanner/smb/smbms17010 require 'msf/core' class MetasploitModule 'MS17-010 SMB RCE...
NETGEAR WNR2000v5 - hidden_lang_avi Remote Stack Overflow (Metasploit)
NETGEAR WNR2000v5 - hiddenlangavi Remote Stack Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlanga...
F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure
F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure -- coding: utf-8 -- !/usr/bin/python Exploit Title: Ticketbleed Google Dork: n/a Date: Exploit: 02/13/17, Advisory Published: 02/09/17 Exploit Author: @0x00string Vendor Homepage: https://f5.com/ Software Link:...
Oracle VM VirtualBox 5.0.32 5.1.14 - Local Privilege Escalation
Oracle VM VirtualBox 5.0.32 5.1.14 - Local Privilege Escalation == Overview === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === Detailed...
GNU Screen 4.5.0 - Local Privilege Escalation
GNU Screen 4.5.0 - Local Privilege Escalation !/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot " echo "+...
ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC)
ConQuest DICOM Server 1.4.17d - Stack Buffer PoC !/usr/bin/env python -- coding: utf8 -- ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE Vendor: University of Manchester. Developed by Marcel van Herk, Lambert Zijp and Jan Meinders. The Netherlands Cancer Institute Product web page:...
Apport 2.x (Ubuntu Desktop 12.10 16.04) - Local Code Execution
Apport 2.x Ubuntu Desktop 12.10 16.04 - Local Code Execution Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem...
Citrix ReceiverReceiver Desktop Lock 4.5 - Authentication Bypass
Citrix ReceiverReceiver Desktop Lock 4.5 - Authentication Bypass thel3l Title: Citrix Receiver/Receiver Desktop Lock 4.5 Incorrect Access Control CVE: CVE-2016-9111 Date of Discovery: October 27 2016 Exploit Author: Rithwik Jayasimha Author Homepage/Contact: https://thel3l.me Vendor Name: Citrix...
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=871 Windows: NtLoadKeyEx Read Only Hive Arbitrary File Write EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7...
Microsoft Windows - DFS Client Driver Arbitrary Drive Mapping Privilege Escalation (MS16-123)
Microsoft Windows - DFS Client Driver Arbitrary Drive Mapping Privilege Escalation MS16-123 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=885 Windows: DFS Client Driver Arbitrary Drive Mapping EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not tested 8.1 Update 2 or Windo...
Microsoft Windows (x86) - afd.sys Local Privilege Escalation (MS11-046)
Microsoft Windows x86 - afd.sys Local Privilege Escalation MS11-046 / Exploit Title: Windows x86 all versions AFD privilege escalation MS11-046 Date: 2016-10-16 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows XP SP3 x86 Windows XP Pro SP2 x64 Windows Server 2003 SP2 x86 Windows...
HP Client 9.19.08.17.9 - Command Injection
HP Client 9.19.08.17.9 - Command Injection Exploit Title: HP Client - Automation Command Injection Date: 10/10/2016 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: Tested on version 7.9 but should work on 8.1, 9.0, 9.1...
SAP SAPCAR - Multiple Vulnerabilities
SAP SAPCAR - Multiple Vulnerabilities 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP...
Microsoft Windows 7 - WebDAV Local Privilege Escalation (MS16-016) (2)
Microsoft Windows 7 - WebDAV Local Privilege Escalation MS16-016 2 Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this...
EMC ViPR SRM - Cross-Site Request Forgery
EMC ViPR SRM - Cross-Site Request Forgery !-- EMC M&R Watch4net lacks Cross-Site Request Forgery protection Abstract It was discovered that EMC M&R Watch4net does not protect against Cross-Site Request Forgery CSRF attacks. A successful CSRF attack can compromise end user data and may allow an...
D-Link DVGN5402SP - Multiple Vulnerabilities
D-Link DVGN5402SP - Multiple Vulnerabilities Exploit Title: DLink DVGN5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVGN5402SP File Path Traversal...
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC)
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow PoC !/usr/bin/env python Baumer VeriSens Application Suite 2.6.2 Buffer Overflow Vulnerability Vendor: Baumer Holding AG | Baumer Optronic GmbH Product web page: http://www.baumer.com Software link:...
Acrobat Reader DC 15.008.20082.15957 - .PDF Parsing Memory Corruption
Acrobat Reader DC 15.008.20082.15957 - .PDF Parsing Memory Corruption Application: Acrobat Reader DC Platforms: Windows Versions: 15.008.20082.15957 CVE: CVE-2015-7622 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1...
Oxwall 1.7.4 - Cross-Site Request Forgery
Oxwall 1.7.4 - Cross-Site Request Forgery Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September ...
LinuxMIPS Kernel 2.6.36 - NetUSB Remote Code Execution
LinuxMIPS Kernel 2.6.36 - NetUSB Remote Code Execution !/usr/bin/env python Source: http://haxx.in/blasty-vs-netusb.py CVE-2015-3036 - NetUSB Remote Code Execution exploit Linux/MIPS =========================================================================== This is a weaponized exploit for the...
ApportAbrt (Ubuntu Fedora) - Local Privilege Escalation
ApportAbrt Ubuntu Fedora - Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include warning this file must be compiled with -static // // Apport/Abrt Vulnerability Demo Exploit. // // Apport:...
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from...
SAP NetWeaver Enqueue Server - Denial of Service
SAP NetWeaver Enqueue Server - Denial of Service Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability...
CMS Made Simple 1.11.9 - Multiple Vulnerabilities
CMS Made Simple 1.11.9 - Multiple Vulnerabilities Vulnerabilities in CMS Made Simple, version 1.11.9 Discovered by Pedro Ribeiro [email protected] of Agile Information Security Reported to [email protected] and [email protected] Disclosure: 28/02/2014 / Last updated: 12/10/2014 CMS...
XCloner Standalone 3.5 - Cross-Site Request Forgery
XCloner Standalone 3.5 - Cross-Site Request Forgery Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosur...
Orbit Open Ad Server 1.1.0 - SQL Injection
Orbit Open Ad Server 1.1.0 - SQL Injection Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor...
SpagoBI 4.0 - Persistent Cross-Site Scripting
SpagoBI 4.0 - Persistent Cross-Site Scripting 01. Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Informati...
Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow !/usr/bin/perl -w Exploit Title: WatchGuard Firewall XTM version 11.7.4u1 - Remote buffer overflow exploit sessionid cookie Date: Oct 18 2013 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage:...
XnView 1.99.1 - .JLS File Decompression Heap Overflow
XnView 1.99.1 - .JLS File Decompression Heap Overflow SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a...
symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities
symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include:...
IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities
IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities Vendor: IBM Corporation Product web page: http://www.ibm.com Affected version: 4.8.6 Summary: Through its extraordinary flexibility, reliability, and...
RuggedCom Devices - Backdoor Access
RuggedCom Devices - Backdoor Access Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardene...