41207 matches found
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt + ISR: Apparition Security Greetz:...
Norton Core Secure WiFi Router - BLE Command Injection (PoC)
Norton Core Secure WiFi Router - BLE Command Injection PoC PoC command injection in BLE service of Norton Core Secure WiFi Router CVE-2018-5234 For more information read paper. To demonstrate the exploitation, we will use: - OS GNU/Linux; - Bluetooth dongle adapter; - BlueZ utility for testing...
Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery
Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" laste...
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Monstra CMS 3.0.4 - Arbitrary Folder Deletion Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra...
WolfCMS 0.8.3.1 - Cross-Site Request Forgery
WolfCMS 0.8.3.1 - Cross-Site Request Forgery Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category:...
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link:...
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation Windows: StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation EoP Platform: Windows 10 1709 not tested earlier versions Class: Elevation of Privilege Summary: The SvcMoveFileInheritSecurity R...
EPIC MyChart - X-Path Injection
EPIC MyChart - X-Path Injection Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software...
Flash Operator Panel 2.31.03 - Command Execution
Flash Operator Panel 2.31.03 - Command Execution Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability...
Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (1)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 1 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting Exploit Title: Wordpress Plugin Participants Database 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link:...
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
Virtual Postage VPA - Man In The Middle Remote Code Execution Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A...
Sophos Cyberoam - Cross-site scripting
Sophos Cyberoam - Cross-site scripting Exploit Title: Sophos Cyberoam – Cross-site scripting XSS vulnerability Date: 25/05/2017 Exploit Author: Bhadresh Patel Version: = Firmware Version 10.6.4 CVE : CVE-2016-9834 This is an article with video tutorial for Sophos Cyberoam – Cross-site scripting X...
Alerton Webtalk 2.53.3 - Multiple Vulnerabilities
Alerton Webtalk 2.53.3 - Multiple Vulnerabilities ''' Security Issues in Alerton Webtalk ================================== Introduction ------------ Vulnerabilities were identified in the Alerton Webtalk Software supplied by Alerton. This software is used for the management of building automatio...
Moxa MXview 2.8 - Denial of Service
Moxa MXview 2.8 - Denial of Service + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: =========== MXView v2.8 Download:...
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor...
Nintendo Switch - WebKit Code Execution (PoC)
Nintendo Switch - WebKit Code Execution PoC CVE-2016-4657 Switch PoC body font-size: 2em; a text-decoration: none; color: 000; a:hover color: f00; font-weight: bold; CVE-2016-4657 Nintendo Switch PoC go! reload waiting... click go. // display JS errors as alerts. Helps debugging. window.onerror =...
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery !-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication...
Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation
Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities a...
Panda Security URL Filtering 4.3.1.9 - Local Privilege Escalation
Panda Security URL Filtering 4.3.1.9 - Local Privilege Escalation CVE: CVE-2015-7378 Vendor: Panda Security Reported by: Kyriakos Economou Date of Release: 05/04/2016 Affected Products: Multiple Affected Version: Panda Security URL Filtering v4.3.1.9 Fixed Version: Panda Security URL Filtering...
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
OpenMRS Reporting Module 0.9.7 - Remote Code Execution Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source...
Beckhoff CX9020 CPU Module - Remote Code Execution
Beckhoff CX9020 CPU Module - Remote Code Execution ! /usr/bin/env python ''' Exploit Title: Beckhoff CX9020 CPU Module Web Exploit RCE Date: 2015-10-22 Exploit Author: Photubias - tijldotdeneutathowestdotbe, based on work by Frank Lycops [email protected] Vendor Homepage:...
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
vTiger CRM 6.3.0 - Authenticated Remote Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exploit Title: Vtiger CRM = 6.3.0 Authenticated Remote Code Execution Date: 2015-09-28 Exploit Author: Benjamin Daniel Mussler Vendor Homepage: https://www.vtiger.com Software Link:...
X2Engine 4.2 - Arbitrary File Upload
X2Engine 4.2 - Arbitrary File Upload Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5074/ Details: It was discovered that authenticated users were able to upload files of any type providing that the file did not have an extension that was...
WordPress Plugin Count Per Day 3.4 - SQL Injection
WordPress Plugin Count Per Day 3.4 - SQL Injection Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Versions: 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendo...
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
Kaseya Virtual System Administrator VSA - Multiple Vulnerabilities 1 Multiple vulnerabilities in Kaseya Virtual System Administrator Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/...
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details...
SysAid Help Desk 14.4 - Multiple Vulnerabilities
SysAid Help Desk 14.4 - Multiple Vulnerabilities Multiple vulnerabilities in SysAid Help Desk 14.4 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 03/06/2015 / Last updated:...
ElasticSearch 1.4.5 1.5.2 - Directory Traversal
ElasticSearch 1.4.5 1.5.2 - Directory Traversal !/usr/bin/python Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 Pedro Andujar || twitter: pandujar || email: @segfault.es || @digitalsec.net Tested on default Linux .de...
MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series
MiniUPnPd 1.0 MIPS - Remote Stack Overflow Remote Code Execution for AirTies RT Series !/usr/bin/env python Exploit Title: MiniUPnPd 1.0 Stack Overflow RCE for AirTies RT Series Date: 26.04.2015 Exploit Author: Onur ALANBEL BGA Vendor Homepage: http://miniupnp.free.fr/ Version: 1.0 Architecture:...
Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
Apport 2.14.1 Ubuntu 14.04.2 - Local Privilege Escalation !/bin/sh CVE-2015-1318 Reference: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1438758 Example: % uname -a Linux maggie 3.13.0-48-generic 80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x8664 x8664 x8664 GNU/Linux % lsbrelease -a No LS...
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page :...
Intel Network Adapter Diagnostic Driver - IOCTL Handling
Intel Network Adapter Diagnostic Driver - IOCTL Handling / Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.com Affected products: Network Adapter Driver for Windows XP Network Adapter Driver for Windows 7 Network Adapter Driver...
ManageEngine Desktop Central - Create Administrator
ManageEngine Desktop Central - Create Administrator Administrator account creation in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security =================================================================================...
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery Title: Innovaphone PBX Admin-GUI CSRF Impact: High CVSS2 Score: 7.8 AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C Announced: August 21, 2014 Reporter: Rainer Giedat NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de Products: Innovaphone PBX...
Linux Kernel 3.13 - SGID Privilege Escalation
Linux Kernel 3.13 - SGID Privilege Escalation / CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include...
Ilch CMS 2.0 - Persistent Cross-Site Scripting
Ilch CMS 2.0 - Persistent Cross-Site Scripting Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure:...
Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities
Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit Published: 08/01/13 Version: 1.0 Vendor: Electronic Arts http://www.ea.com/, formerly Mindscape, formerly Violet Product: Karotz Version...
Symantec Web Gateway 5.1.0.x - Multiple Vulnerabilities
Symantec Web Gateway 5.1.0.x - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities - Surveillance via Symantec Web Gateway product: Symantec Web Gateway vulnerable version:...
Apache CXF 2.5.102.6.72.7.4 - Denial of Service
Apache CXF 2.5.102.6.72.7.4 - Denial of Service SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed...
Xpient - Cash Drawer Operation
Xpient - Cash Drawer Operation Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...
Sysax FTP Automation Server 5.33 - Local Privilege Escalation
Sysax FTP Automation Server 5.33 - Local Privilege Escalation Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 20...
AV Arcade Free Edition - add_rating.php?id Blind SQL Injection
AV Arcade Free Edition - addrating.php?id Blind SQL Injection Exploit Title: AV Arcade Free Edition Blind SQL Injection Date: 31/08/2012 Author: DaOne @LibyanCA Software Link: http://www.avscripts.net/avarcade/freearcadescript/ Google Dork: intext:Powered by AV Arcade Free Edition" Exploit-DB Not...
Webmatic 3.1.1 - Blind SQL Injection
Webmatic 3.1.1 - Blind SQL Injection Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference:...
TORCS 1.3.2 - .xml File Buffer Overflow SafeSEH Evasion
TORCS 1.3.2 - .xml File Buffer Overflow SafeSEH Evasion / Exploit Title: TORCS Research Team Division Author: Andres Gomez and David Mora a.k.a Mighty-D ... Pwn and beans! Software Link: http://torcs.sourceforge.net/ Version: torcs 1.3.2 Vendor notified: 03/02/2012 Tested on: Windows XP Service...
PHP 5.3.8 - Multiple Vulnerabilities
PHP 5.3.8 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple...
Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit)
Final Draft 8 - Multiple Stack Buffer Overflows Metasploit Name : Final Draft 8 Multiple Stack Buffer Overflows Vendor Website : http://www.finaldraft.com/index.php Date Released : 29/11/2011 Affected Software : Final Draft in in in in in in in By crafting a file that contains more than 10,032...
Kahf Poems 1.0 - Multiple Vulnerabilities
Kahf Poems 1.0 - Multiple Vulnerabilities + Title : Kahf Poems V1.0 guestbook.php SQL Injection + Name : Kahf Poems + Affected Version : v1.0 + Software Link : http://www.traidnt.net/vb/traidnt19736/ + Tested on : L:Vista & Windows Xp and Windows 7 + Date : 13/08/2011 + Dork : "intitle:Kahf Poems...
Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting
Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2....