41207 matches found
ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service
ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service // source: https://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records...
Washington University WU-FTPD 2.5.0 - message Remote Buffer Overflow
Washington University WU-FTPD 2.5.0 - message Remote Buffer Overflow // source: https://www.securityfocus.com/bid/726/info There is a buffer overflow in wu-ftpd message file expansions which may be remotely exploitable. In situations where the message file can be written to in some way remotely b...
S.u.S.E Linux 5.2 - gnuplot Local Overflow Local Privilege Escalation
S.u.S.E Linux 5.2 - gnuplot Local Overflow Local Privilege Escalation / source: https://www.securityfocus.com/bid/319/info Linux gnuplot 3.5 is shipped with S.u.S.E. Linux 5.2 and installed suid root by default. There is a buffer overflow vulnerability present in gnuplot which allows for users to...
DotNetNuke 9.5 - File Upload Restrictions Bypass
DotNetNuke 9.5 - File Upload Restrictions Bypass Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...
Dota 2 7.23f - Denial of Service (PoC)
Dota 2 7.23f - Denial of Service PoC Exploit Title: Dota 2 7.23f - Denial of Service PoC Google Dork: N/A Date: 2020-02-05 Exploit Author: Bogdan Kurinnoy [email protected] bi7s Vendor Homepage: https://www.valvesoftware.com/en/ Software Link: N/A Version: 7.23f Tested on: Windows 10 x64 CVE :...
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
School ERP System 1.0 - Cross Site Request Forgery Add Admin Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link:...
Centreon 19.10.5 - centreontrapd Remote Command Execution
Centreon 19.10.5 - centreontrapd Remote Command Execution Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version:...
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Date: 2020-01-20 Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version:...
Rukovoditel Project Management CRM 2.5.2 - filters SQL Injection
Rukovoditel Project Management CRM 2.5.2 - filters SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/...
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000,...
CBAS-Web 19.0.0 - Information Disclosure
CBAS-Web 19.0.0 - Information Disclosure Exploit Title: CBAS-Web 19.0.0 - Information Disclosure Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
CBAS-Web 19.0.0 - Username Enumeration
CBAS-Web 19.0.0 - Username Enumeration Exploit Title: CBAS-Web 19.0.0 - Username Enumeration Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Microsoft Windows Server 2012 - Group Policy Security Feature Bypass
Microsoft Windows Server 2012 - Group Policy Security Feature Bypass Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R...
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - OS Command Injection !/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor...
Trend Micro Deep Discovery Inspector IDS - Security Bypass
Trend Micro Deep Discovery Inspector IDS - Security Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DEEP-DISCOVERY-INSPECTOR-PERCENT-ENCODING-IDS-BYPASS.txt + ISR: Apparition Security Vendor...
Microsoft DirectWrite AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
Microsoft DirectWrite AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The...
Thunderbird ESR 60.7.XXX - icalrecur_add_bydayrules Stack-Based Buffer Overflow
Thunderbird ESR 60.7.XXX - icalrecuraddbydayrules Stack-Based Buffer Overflow X41 D-Sec GmbH Security Advisory: X41-2019-003 Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed...
phpMyAdmin 4.8 - Cross-Site Request Forgery
phpMyAdmin 4.8 - Cross-Site Request Forgery Exploit Title: Cross Site Request Forgery CSRF Date: 11 June 2019 Exploit Author: Riemann Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: 4.8 Tested on: UBUNTU 16.04 LTS -Installed Docker image ...
ZOC Terminal 7.23.4 - Script Denial of Service (PoC)
ZOC Terminal 7.23.4 - Script Denial of Service PoC Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version:...
Rails 5.2.1 - Arbitrary File Content Disclosure
Rails 5.2.1 - Arbitrary File Content Disclosure ''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all...
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...
Valentina Studio 9.0.5 Linux - Host Buffer Overflow (PoC)
Valentina Studio 9.0.5 Linux - Host Buffer Overflow PoC -- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link:...
WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...
Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)
Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
xorg-x11-server 1.20.3 - modulepath Local Privilege Escalation
xorg-x11-server 1.20.3 - modulepath Local Privilege Escalation !/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X...
xorg-x11-server 1.20.3 - Local Privilege Escalation
xorg-x11-server 1.20.3 - Local Privilege Escalation CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. BSD and any other Xorg desktop also affected...
Apache Syncope 2.0.7 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory:...
Project64 2.3.2 - Buffer Overflow (SEH)
Project64 2.3.2 - Buffer Overflow SEH...
MSVOD 10 - cid SQL Injection
MSVOD 10 - cid SQL Injection Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/...
Fortify Software Security Center (SSC) 17.x18.1 - XML External Entity Injection
Fortify Software Security Center SSC 17.x18.1 - XML External Entity Injection Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at...
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt + ISR: Apparition Security Greetz:...
Tuleap 9.17.99.189 - Blind SQL Injection
Tuleap 9.17.99.189 - Blind SQL Injection =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found: 2018-02-24 by:...
D-Link DIR-600M Wireless - Cross-Site Scripting
D-Link DIR-600M Wireless - Cross-Site Scripting Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting Date: 11.02.2018 Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M Category: Hardware Exploit Author: Prasenjit Kanti Paul...
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation Windows: StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation EoP Platform: Windows 10 1709 not tested earlier versions Class: Elevation of Privilege Summary: The SvcMoveFileInheritSecurity R...
Oracle JDeveloper 11.1.x12.x - Directory Traversal
Oracle JDeveloper 11.1.x12.x - Directory Traversal + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-TRAVERSAL.txt + ISR: apparition security Vendor: ============= www.oracle.com Product:...
GitStack - Remote Code Execution
GitStack - Remote Code Execution Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setup your own private...
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
Ladon Framework for Python 0.9.40 - XML External Entity Expansion Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and re...
Shareet - photo SQL Injection
Shareet - photo SQL Injection Exploit Title: Shareet - Photo Sharing Social Network - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://odallated.com/ Software Link: https://www.codester.com/items/4910/shareet-photo-sharing-social-network Demo: https://odallated.com/shareet/demo/...
Trend Micro OfficeScan 11.0XG (12.0) - Host Header Injection
Trend Micro OfficeScan 11.0XG 12.0 - Host Header Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ==================...
Joomla! Component CCNewsLetter 2.1.9 - sbid SQL Injection
Joomla! Component CCNewsLetter 2.1.9 - sbid SQL Injection "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution Metasploit Exploit Title: ManageEngine Desktop Central 10 Build 100087 RCE Date: 24-07-2017 Software Link: https://www.manageengine.com/products/desktop-central/ Exploit Author: Kacper Szurek Contact:...
Microsoft Windows 78.12008 R22012 R22016 R2 - EternalBlue SMB Remote Code Execution (MS17-010)
Microsoft Windows 78.12008 R22012 R22016 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpackfrom import sys import socket import time ''' MS17-010 exploit for Windows 2000 and...
Joomla! Component Joomanager 2.0.0 - com_Joomanager Arbitrary File Download
Joomla! Component Joomanager 2.0.0 - comJoomanager Arbitrary File Download !/usr/bin/python2 -- coding:utf-8 -- ''' GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright C 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license...
NetBSD - Stack Clash (PoC)
NetBSD - Stack Clash PoC / NetBSDCVE-2017-1000375.c please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the...
Xen - Broken Check in memory_exchange() Permits PV Guest Breakout
Xen - Broken Check in memoryexchange Permits PV Guest Breakout Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1184 This bug report describes a vulnerability in memoryexchange that permits PV guest kernels to write to an arbitrary virtual address with hypervisor privileges. The...
Moxa MX AOPC-Server 1.5 - XML External Entity Injection
Moxa MX AOPC-Server 1.5 - XML External Entity Injection + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product:...
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software...
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue...