41207 matches found
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth ----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...
ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities
ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Date: 14/06/2017 Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link:...
NetData 1.13.0 - HTML Injection
NetData 1.13.0 - HTML Injection Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage:...
Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak
Linux Kernel 4.4 Ubuntu 16.04 - sndtimeruserccallback Kernel Pointer Leak include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date...
S-nail 14.8.16 - Local Privilege Escalation
S-nail 14.8.16 - Local Privilege Escalation !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling...
ZTE ZXHN H168N - Improper Access Restrictions
ZTE ZXHN H168N - Improper Access Restrictions POC: CVE-2018-7357 and CVE-2018-7358 Disclaimer: This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Protocol: UPn...
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...
Nikto 2.1.6 - CSV Injection
Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...
WordPress Plugin User Role Editor 4.25 - Privilege Escalation
WordPress Plugin User Role Editor 4.25 - Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The...
Bravo Tejari Web Portal - Cross-Site Request Forgery
Bravo Tejari Web Portal - Cross-Site Request Forgery Exploit Title: Bravo Tejari Web Portal-CSRF CVE-ID: CVE-2018-7216 Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type...
Herospeed - TelnetSwitch Remote Stack Overflow Overwrite Password Enable TelnetD
Herospeed - TelnetSwitch Remote Stack Overflow Overwrite Password Enable TelnetD !/usr/bin/env python2.7 Herospeed TelnetSwitch daemon running on TCP/787, for allowing enable of the telnetd. Where one small stack overflow allows us to overwrite the dynamicly generated password and enable telnetd...
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your...
Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak
Apple macOS High Sierra 10.13 - ctlctloutput-leak Information Leak / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of...
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEPSMAPChrome Sandbox Privilege Escalation
Linux Kernel 4.13 Ubuntu 17.10 - waitid SMEPSMAPChrome Sandbox Privilege Escalation // Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In thi...
Vir.IT eXplorer Anti-Virus 8.5.39 - VIAGLT64.SYS Local Privilege Escalation
Vir.IT eXplorer Anti-Virus 8.5.39 - VIAGLT64.SYS Local Privilege Escalation / Exploit Title - Vir.IT eXplorer Anti-Virus Arbitrary Write Privilege Escalation Date - 1st November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.tgsoft.it Tested Version - 8.5.39 Driver...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (1)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 1 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior ALC WebCTRL, i-Vu 6.0 and...
NfSen 1.3.7 AlienVault OSSIM 5.3.6 - Local Privilege Escalation
NfSen 1.3.7 AlienVault OSSIM 5.3.6 - Local Privilege Escalation Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...
Pelco SarixSpectra Cameras - Cross-Site Request Forgery Cross-Site Scripting
Pelco SarixSpectra Cameras - Cross-Site Request Forgery Cross-Site Scripting Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0...
Humax HG100R 2.0.6 - Backup File Download
Humax HG100R 2.0.6 - Backup File Download coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan import requests...
Moodle 2.x3.x - SQL Injection
Moodle 2.x3.x - SQL Injection Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: [email protected] Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.1...
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow Exploit Title: Azure Data Expert Ultimate 2.2.16 – buffer overflow Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.azuredex.com/downloads.html Version: 2.2.16 Tested on...
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free Privilege Escalation // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. //...
Oracle VM VirtualBox 5.0.32 5.1.14 - Local Privilege Escalation
Oracle VM VirtualBox 5.0.32 5.1.14 - Local Privilege Escalation == Overview === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === Detailed...
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities 1. ADVISORY INFORMATION ======================================== Title: ManagEnegine ADManager Plus = 6.5.40 Multiple Vulnerabilities Application: ManagEnegine Admanager Remotely Exploitable: Yes Authentication Required: Yes Versions...
Roundcube 1.2.2 - Remote Code Execution
Roundcube 1.2.2 - Remote Code Execution Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with RIPS...
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and...
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release:...
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product:...
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
Hyperoptic Tilgin Router HG23xx - Multiple Vulnerabilities Hyperoptic Tilgin Router HG23xx Multiple XSS And CSRF Vulnerabilities Vendor: Hyperoptic Ltd. | Tilgin AB Product web page: http://www.hyperoptic.com http://www.tilgin.com Affected version: HG2330, HG2302 and HG2301 Summary: Tilgin's HG23...
Google Android Broadcom Wi-Fi Driver - Memory Corruption
Google Android Broadcom Wi-Fi Driver - Memory Corruption / Copyright C 2016 by AbdSec Core Team This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, ...
Linux Kernel 3.10.0 (CentOS RHEL 7.1) - aiptek Nullpointer Dereference
Linux Kernel 3.10.0 CentOS RHEL 7.1 - aiptek Nullpointer Dereference OS-S Security Advisory 2016-05 Linux aiptek Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7515 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat...
Roundcube Webmail 1.1.3 - Directory Traversal
Roundcube Webmail 1.1.3 - Directory Traversal Advisory ID: HTB23283 Product: Roundcube Vendor: Roundcube.net Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch:...
Skybox Platform 7.0.611 - Multiple Vulnerabilities
Skybox Platform 7.0.611 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Skybox Platform vulnerable version: =7.0.611 fixed version: 7.5.401 CVE number: impac...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak MS15-023 Source: https://code.google.com/p/google-security-research/issues/detail?id=461 Windows: NtUserGetClipboardAccessToken Token Leak Redux Platform: Windows 8.1 Update, Windows 10 Build 10130 Class: Security Bypass/EoP Summary: Th...
Oracle GlassFish Server 4.1 - Directory Traversal
Oracle GlassFish Server 4.1 - Directory Traversal Trustwave SpiderLabs Security Advisory TWSL2015-016: Path Traversal in Oracle GlassFish Server Open Source Edition Published: 08/27/2015 Version: 1.0 Vendor: Oracle Corporation Project sponsored by Oracle Product: GlassFish Server Open Source...
WordPress Plugin Simple Ads Manager - Multiple SQL Injections
WordPress Plugin Simple Ads Manager - Multiple SQL Injections Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link:...
Fortinet Single Sign On - Stack Overflow
Fortinet Single Sign On - Stack Overflow 1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors...
RedaxScript CMS 2.2.0 - SQL Injection
RedaxScript CMS 2.2.0 - SQL Injection Exploit Title: Radexscript CMS 2.2.0 - SQL Injection vulnerability Google Dork: N/A Date: 02/09/2015 Exploit Author: Pham Kien Cuong [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://redaxscript.com/ Software Link:...
Apple Mac OSX 10.10.x - GateKeeper Bypass
Apple Mac OSX 10.10.x - GateKeeper Bypass Exploit Title: OS X Gatekeeper bypass Vulnerability Date: 01-27-2015 Exploit Author: Amplia Security Research Vendor Homepage: www.apple.com Version: OS X Lion, OS X Mountain Lion, OS X Mavericks, OS X Yosemite Tested on: OS X Lion, OS X Mountain Lion, OS...
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP...
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://www.soitec.com Affected version: 1.4 and 1.3 Summary: Soitec power plants are a profitable and ecological...
OpenEMR 4.1.2(7) - Multiple SQL Injections
OpenEMR 4.1.27 - Multiple SQL Injections Vulnerability title: Multiple Authenticated SQL Injections In OpenEMR CVE: CVE-2014-5462 Vendor: OpenEMR Product: OpenEMR Affected version: 4.1.27 and earlier Fixed version: N/A Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed...
Gogs - label SQL Injection
Gogs - label SQL Injection Blind SQL Injection in Gogs label search ======================================== Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...
Password Manager Pro Pro MSP - Blind SQL Injection
Password Manager Pro Pro MSP - Blind SQL Injection Authenticated blind SQL injection in Password Manager Pro / Pro MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Last...
HP Operations Agent - Cross-Site Scripting iFrame Injection
HP Operations Agent - Cross-Site Scripting iFrame Injection !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent /...
Daum Game 1.1.0.5 - ActiveX IconCreate Method Remote Stack Buffer Overflow
Daum Game 1.1.0.5 - ActiveX IconCreate Method Remote Stack Buffer Overflow var overwrite =...
Vino VNC Server 3.7.3 - Persistent Denial of Service
Vino VNC Server 3.7.3 - Persistent Denial of Service Trustwave SpiderLabs Security Advisory TWSL2013-028: Persistent Denial of Service Vulnerability in Vino VNC Server Published: 09/16/13 Version: 1.0 Vendor: The GNOME Project https://wiki.gnome.org/Vino Product: Vino VNC Server Version affected:...
Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities
Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit Published: 08/01/13 Version: 1.0 Vendor: Electronic Arts http://www.ea.com/, formerly Mindscape, formerly Violet Product: Karotz Version...