41207 matches found
libiec61850 1.3 - Stack Based Buffer Overflow
libiec61850 1.3 - Stack Based Buffer Overflow Exploit Title: libiec61850 1.3 - Stack Based Buffer Overflow Date: 2018-11-06 Exploit Author: Dhiraj Mishra Vendor Homepage: http://libiec61850.com/libiec61850/ Software Link: https://github.com/mz-automation/libiec61850 Version: 1.3 Tested on: Linux...
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
CirCarLife SCADA 4.3.0 - Credential Disclosure
CirCarLife SCADA 4.3.0 - Credential Disclosure Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0...
Episerver 7 patch 4 - XML External Entity Injection
Episerver 7 patch 4 - XML External Entity Injection Exploit Title: Episerver 7 patch 4 - XML External Entity Injection Google Dork: N/A Date: 2018-08-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.episerver.se/ Version: Episerver 7 patch 4 and below CVE : N/A episploit.py - Blind XXE...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb...
SoftExpert Excellence Suite 2.0 - cddocument SQL Injection
SoftExpert Excellence Suite 2.0 - cddocument SQL Injection Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAI...
VLC media player 2.2.8 - Arbitrary Code Execution (PoC)
VLC media player 2.2.8 - Arbitrary Code Execution PoC Exploit Title: VLC media player 2.2.8 - Arbitrary Code Execution PoC Date: 2018-06-06 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link:...
Microsoft COM for Windows - Privilege Escalation
Microsoft COM for Windows - Privilege Escalation Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in...
DomainMod 4.09.03 - sslpaid Cross-Site Scripting
DomainMod 4.09.03 - sslpaid Cross-Site Scripting Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link:...
Open-AudIT Professional - 2.1.1 - Cross-Site Scripting
Open-AudIT Professional - 2.1.1 - Cross-Site Scripting Exploit Title: Open-AudIT Professional 2.1.1 – Multiple Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.1.1 Category:...
WordPress Plugin User Role Editor 4.25 - Privilege Escalation
WordPress Plugin User Role Editor 4.25 - Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The...
Kodi 17.6 - Persistent Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831...
Match Clone Script 1.0.4 - Cross-Site Scripting
Match Clone Script 1.0.4 - Cross-Site Scripting Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho...
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Joomla! Component Saxum Astro 4.0.14 - SQL Injection Exploit Title: Joomla! Component Saxum Astro 4.0.14 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/living/astrology-a-horoscope/saxumastro/...
Geovision Inc. IP Camera Video - Remote Command Execution
Geovision Inc. IP Camera Video - Remote Command Execution !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...
OTRS 5.0.x6.0.x - Remote Command Execution
OTRS 5.0.x6.0.x - Remote Command Execution Exploit Title: OTRS Shell Access Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE...
Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak
Apple macOS High Sierra 10.13 - ctlctloutput-leak Information Leak / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of...
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEPSMAPChrome Sandbox Privilege Escalation
Linux Kernel 4.13 Ubuntu 17.10 - waitid SMEPSMAPChrome Sandbox Privilege Escalation // Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In thi...
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow Exploit-CVE-2017-6008 The CVE-2017-6008 is a vulnerability in the HitmanPro scan that allows privilege escalation by exploiting a kernel pool buffer overflow. The exploits here use the Quota Process Pointer Overwrite attack as described in the...
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA...
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modi...
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution Metasploit Exploit Title: ManageEngine Desktop Central 10 Build 100087 RCE Date: 24-07-2017 Software Link: https://www.manageengine.com/products/desktop-central/ Exploit Author: Kacper Szurek Contact:...
NetBSD - Stack Clash (PoC)
NetBSD - Stack Clash PoC / NetBSDCVE-2017-1000375.c please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the...
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1221 Similar to the previously reported issue 1206 , when parsing AVI files the CAVIFileParser object contains a fixed-size array of what...
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow Exploit Title: Azure Data Expert Ultimate 2.2.16 – buffer overflow Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.azuredex.com/downloads.html Version: 2.2.16 Tested on...
Conext ComBox 865-1058 - Denial of Service
Conext ComBox 865-1058 - Denial of Service Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost...
Roundcube 1.2.2 - Remote Code Execution
Roundcube 1.2.2 - Remote Code Execution Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with RIPS...
Microsoft Event Viewer 1.0 - XML External Entity Injection
Microsoft Event Viewer 1.0 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt + ISR: ApparitionSec + CVE: CVE-2019-0948 Vendor: ===============...
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
Microsoft Excel - Out-of-Bounds Read Code Execution MS16-042 Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution Application: Microsoft Office Excel Affected Products: Microsoft Office Excel 2007,2010,2013,2016 Software Link: https://products.office.com/en-ca/excel Date: April...
Schneider Electric SBO AS - Multiple Vulnerabilities
Schneider Electric SBO AS - Multiple Vulnerabilities Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...
abrt (Centos 7.1 Fedora 22) - Local Privilege Escalation
abrt Centos 7.1 Fedora 22 - Local Privilege Escalation !/usr/bin/python CVE-2015-5273 + CVE-2015-5287 CENTOS 7.1/Fedora22 local root probably works on SL and older versions too abrt-hook-ccpp insecure open usage + abrt-action-install-debuginfo insecure temp directory usage rebel 09/2015...
ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal
ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use...
Advantech Webaccess 8.0 3.4.3 - ActiveX Multiple Vulnerabilities
Advantech Webaccess 8.0 3.4.3 - ActiveX Multiple Vulnerabilities Introduction Using Advantech WebAccess SCADA Software we can remotely manage Industrial Control systems devices like RTU's, Generators, Motors etc. Attackers can execute code remotely by passing maliciously crafted string to...
Pligg CMS 2.0.2 - Cross-Site Request Forgery (Add Admin)
Pligg CMS 2.0.2 - Cross-Site Request Forgery Add Admin Admin input name="password" type="text" class="form-control" id="password" value="hacker123" onchange="checkPasswordthis.va...
WordPress Plugin Simple Ads Manager - Multiple SQL Injections
WordPress Plugin Simple Ads Manager - Multiple SQL Injections Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link:...
Virtuosa-Phoenix-Edition-5.2-ASX
Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 junkA = '\x41' 1021 junkB = '\x42' 8979 nSEH = '\xeb\x06\xff\xff' SEH = '\x7e\xaa\x01\x10' nop = '\x90' 10...
ASUS-RT-AC66U-acsd-Param
TitleASUS RT-AC66U Remote Root Shell Exploit - acsd param command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy and Jacob Thompson Security Analsyts @ Independent Security Evaluators Software Vendorhttp://asus.com Exploit/Advisoryhttp://securityevaluators.com,...
Ultra Electronics 7.2.0.197.4.0.7 - Multiple Vulnerabilities
Ultra Electronics 7.2.0.197.4.0.7 - Multiple Vulnerabilities Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...
NRPE 2.15 - Remote Code Execution
NRPE 2.15 - Remote Code Execution !/usr/bin/python Exploit Title : NRPE http://www.abcompcons.com/files/nrpeclient.py pyOpenSSL Library required http://pyopenssl.sourceforge.net/ root@localhost pip-python install pyOpenSSL NRPE = 2.15 Remote Command Execution Vulnerability Release date: 17.04.201...
Microsoft Windows XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
Microsoft Windows XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation """ Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt 1...
D-Link DIR-100 - Multiple Vulnerabilities
D-Link DIR-100 - Multiple Vulnerabilities Title: Router D-Link DIR-100 Multiple Vulnerabilities Date: 2013-09-19 Author: Felix Richter Contact: [email protected] Vulnerable Software: ftp://ftp.dlink.de/dir/dir-100/driversoftware/DIR-100fwrevd403b07ALLde20120410.zip Patched Software:...
MediaWiki 1.22.1 PdfHandler - Remote Code Execution
MediaWiki 1.22.1 PdfHandler - Remote Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to...
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type...
Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035MS11-070)
Microsoft WINS - ECommEndDlg Input Validation Error MS11-035MS11-070 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MS WINS ECommEndDlg Input Validation Error 1. Advisory Information Title: MS WINS ECommEndDlg Input Validation Error Advisory ID: CORE-2011-0526 Advisory URL:...
BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow (Metasploit)
BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow Metasploit Title : BisonFTP Server Remote Buffer Overflow Exploit Author : Veerendra G.G SecPod Technologies www.secpod.com Advisory : http://secpod.org/blog/?p=384 http://secpod.org/msf/bisonserverbof.rb Version : BisonFTP Server 'BisonFTP...
Adobe Photoshop CS5 - .gif Remote Code Execution
Adobe Photoshop CS5 - .gif Remote Code Execution Application: Adobe Photoshop CS5 GIF Remote Code Execution Platforms: Adobe Photoshop CS5 12.0 and 12.1 Exploitation: Remote code execution CVE Number: CVE-2011-2131 Adobe Vulnerability Identifier: APSB11-22 PRL: 2011-08 Author: Francis Provencher...
Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)
Apple Safari 5.0.5 - SVG Remote Code Execution DEP Bypass Abysssec Public Advisory apple killed one of our 0day no point to keep it private anymore : there is another version of exploit using POPup and thats more reliable but as you know safari block pop up by default so we found a cool way to...
vTiger CRM 5.0.4 - Local File Inclusion
vTiger CRM 5.0.4 - Local File Inclusion !/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link:...
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2011-002: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways D3G-CCR https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt Published: 2011-02-04 Version: 1.0 Vendor: Comcas...