ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC)

ConQuest DICOM Server 1.4.17d - Stack Buffer PoC !/usr/bin/env python -- coding: utf8 -- ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE Vendor: University of Manchester. Developed by Marcel van Herk, Lambert Zijp and Jan Meinders. The Netherlands Cancer Institute Product web page:...

OsiriX DICOM Viewer 8.0.1 - Memory Corruption

OsiriX DICOM Viewer 8.0.1 - Memory Corruption !/usr/bin/env python -- coding: utf8 -- OsiriX DICOM Viewer 8.0.1 dulparse.cc Remote Memory Corruption Vulnerability Vendor: Pixmeo Sarl Product web page: http://www.osirix-viewer.com Affected version: OsiriX 8.0.1 Summary: With high performance and a...

Adobe Connect 9.5.7 - Cross-Site Scripting

Adobe Connect 9.5.7 - Cross-Site Scripting Document Title: =============== Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1838 Security ID: PSIRT-5180 Bulletin:...

Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation

Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation / ░▀█▀░█▀█░█░░░█▀█░█▀▀░░░█░█░█░█░█░░░█▀█░█▀▄░█▀▀░█░█░ ░░█░░█▀█░█░░░█░█░▀▀█░░░▀▄▀░█░█░█░░░█░█░█░█░█▀▀░▀▄▀░ ░░▀░░▀░▀░▀▀▀░▀▀▀░▀▀▀░░░░▀░░▀▀▀░▀▀▀░▀░▀░▀▀░░▀▀▀░░▀░░ T A L O S V U L N D E V Proof-of-Concept Exploit Advisory:...

Linux Kernel 3.10.0 (CentOS RHEL 7.1) - Wacom Multiple Nullpointer Dereferences

Linux Kernel 3.10.0 CentOS RHEL 7.1 - Wacom Multiple Nullpointer Dereferences OS-S Security Advisory 2016-11 Linux wacom multiple Nullpointer Dereferences Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C...

NetUSB - Kernel Stack Buffer Overflow

NetUSB - Kernel Stack Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: NetUSB Kernel Stack Buffer Overflow Date: 9/10/15 Exploit Author: Adrian Ruiz Bermudo Vendor Homepage: http://www.kcodes.com/ Version: Multiple:...

Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation

Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=460 Cisco AnyConnect Secure Mobility Client v3.1.08009 Elevation of Privilege Platform: Windows 8.1 Update, Client version 3.1.08009 tested on...

PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile disable_functions Bypass Load Dynamic Library

PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile disablefunctions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...

NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation

NETGEAR Wireless Management System 2.1.4.15 Build 1236 - Privilege Escalation NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. WMS5316 ProSafe 16AP Wireless Management System - Firmware 2.1.4.15 Build 1236. - Vulnerability Information:...

Cerb 7.0.3 - Cross-Site Request Forgery

Cerb 7.0.3 - Cross-Site Request Forgery Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14,...

Microsoft Windows Server 2003 SP2 - TCPIP IOCTL Privilege Escalation (MS14-070)

Microsoft Windows Server 2003 SP2 - TCPIP IOCTL Privilege Escalation MS14-070 / Exploit Title: Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation MS14-070 Date: 2015-08-10 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows 2003 SP2 x86 Windows 2003 SP2 x86-64 Windows 2003 SP2 IA-64...

SO Planning 1.32 - Multiple Vulnerabilities

SO Planning 1.32 - Multiple Vulnerabilities SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and...

ElasticSearch 1.4.5 1.5.2 - Directory Traversal

ElasticSearch 1.4.5 1.5.2 - Directory Traversal !/usr/bin/python Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 Pedro Andujar || twitter: pandujar || email: @segfault.es || @digitalsec.net Tested on default Linux .de...

Enalean Tuleap 7.4.99.5 - Remote Command Execution

Enalean Tuleap 7.4.99.5 - Remote Command Execution Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...

PayPal Inc BB #85 MB iOS 4.6 - Authentication Bypass

PayPal Inc BB 85 MB iOS 4.6 - Authentication Bypass Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...

Moab 7.2.9 - Authentication Bypass

Moab 7.2.9 - Authentication Bypass Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computi...

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...

glibc - NUL Byte gconv_translit_find Off-by-One

glibc - NUL Byte gconvtranslitfind Off-by-One // // Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit //...

Catia V5-6R2013 - CATV5_Backbone_Bus Stack Buffer Overflow (PoC)

Catia V5-6R2013 - CATV5BackboneBus Stack Buffer Overflow PoC ''' Title: Dassault Syst�mes Catia V5-6R2013 "CATV5BackboneBus" Stack Buffer Overflow Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...

Publish-It 3.6d - Buffer Overflow

Publish-It 3.6d - Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...

Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection

Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was...

DirectControlTM 3.1.7.0 - Multiple Vulnerabilities

DirectControlTM 3.1.7.0 - Multiple Vulnerabilities DirectControlTM Version 3.1.7.0 - Multiple Vulnerabilties ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home :...

Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities

Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities Title: Ditto Forensic FieldStation, multiple vulnerabilities Versions affected: = 2013Oct15a all Vendor: CRU Wiebetech Discovered by: Martin Wundram Email: [email protected] Date found: 2013-04-22 Date published: 2013-12-12...

IcoFX 2.5.0.0 - .ico Buffer Overflow (PoC)

IcoFX 2.5.0.0 - .ico Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ IcoFX Buffer Overflow Vulnerability PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/30208.zip 1. Advisory Information Title: IcoFX Buffer Overflow...

davfs2 1.4.61.4.7 - Local Privilege Escalation

davfs2 1.4.61.4.7 - Local Privilege Escalation davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at...

Apple Safari 6.0.1 for iOS 6.0 Apple Mac OSX 10.78 - Heap Buffer Overflow

Apple Safari 6.0.1 for iOS 6.0 Apple Mac OSX 10.78 - Heap Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0903-1 | | http://packetstormsecurity.com/ |...

FOSCAM IP-Cameras - Improper Access Restrictions

FOSCAM IP-Cameras - Improper Access Restrictions Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...

UMI CMS 2.9 - Cross-Site Request Forgery

UMI CMS 2.9 - Cross-Site Request Forgery Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request...

BabyGekko 1.2.2e - Multiple Vulnerabilities

BabyGekko 1.2.2e - Multiple Vulnerabilities Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability...

Apple QuickTime Player 7.7.2 - Crash (PoC)

Apple QuickTime Player 7.7.2 - Crash PoC !/usr/bin/perl Title : Apple QuickTime Player 7.7.2 Division By Zero Version : 7.7.21680.56 Date : 2012-10-23 Vendor : http://www.apple.com Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP SP3 ENG Bug : ---- Don't...

Joomla! Component com_enmasse 1.2.0.4 - SQL Injection

Joomla! Component comenmasse 1.2.0.4 - SQL Injection Exploit Title: Joomla comenmasse Remote Exploit Author: Daniel Barragan "D4NB4R" Español hola, este exploit afecta sitios de ecommerce por lo cual el exploit solo dara una muestra de la extraccion posible de datos, No me hago responsable del us...

traq 2.3.5 - Multiple Vulnerabilities

traq 2.3.5 - Multiple Vulnerabilities ==================================================================== Vulnerable Software: traq-2.3.5 Official Site: TraqProject.org ==================================================================== About Software: Traq is a PHP powered project manager,...

F5 BIG-IP - Authentication Bypass (PoC)

F5 BIG-IP - Authentication Bypass PoC Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...

WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload

WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage...

Tiki Wiki CMS Groupware 8.1 - show_errors HTML Injection

Tiki Wiki CMS Groupware 8.1 - showerrors HTML Injection source: https://www.securityfocus.com/bid/51128/info Tiki Wiki CMS Groupware is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied...

Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.0411.10) - Boundary Crossing Privilege Escalation

Acpid 1:2.0.10-1ubuntu2 Ubuntu 11.0411.10 - Boundary Crossing Privilege Escalation Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10,...

Multiple WordPress Plugins - timthumb.php File Upload

Multiple WordPress Plugins - timthumb.php File Upload Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the...

Cogent DataHub 7.1.1.63 - Source Disclosure

Cogent DataHub 7.1.1.63 - Source Disclosure Luigi Auriemma Application: Cogent DataHub http://www.cogentdatahub.com/Products/CogentDataHub.html Versions: = 7.1.1.63 Platforms: Windows Bug: source disclosure Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...

Realmarketing CMS - Multiple SQL Injections

Realmarketing CMS - Multiple SQL Injections +Exploit Title: Realmarketing CMS System Sensitive Database Disclosure Vulnerability +Author : ^Xecuti0n3r + Date : 22.04.2011 + Hour : 13:37 PM + E-mail : xecuti0n3ryahoo.com + dork : intext:realweb.de inurl:default.php + Category : Web Apps SQli Choos...

Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC)

Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow PoC !/usr/bin/perl Title: Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability Vendor: Altova GmbH Product web page: http://www.altova.com Affected version: Enterprise Edition 2011 Summary: Altova DatabaseSpy®...

RealAdmin - detail.php Blind SQL Injection

RealAdmin - detail.php Blind SQL Injection RealAdmin detail.php Blind Sql Injection Vulnerability ======================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : RealAdmin .:. Download...

Nuked-klaN 1.7.7 - Remote File Inclusion

Nuked-klaN 1.7.7 - Remote File Inclusion ======================================================================================== | Title : Nuked-Klan 1.7.7 RFI Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

PHP Live! 3.3 - deptid SQL Injection

PHP Live! 3.3 - deptid SQL Injection , . | | o | | |,---.,---., .,---.,---.,---.,---.,---|,---.,---.| .,---.|/ ---'| || || |,---|| ,---|| | ||---'| | || || \ | ---'---|---|---^---'---^ ---'---' ---' ' ---'---' o PHP Live! 3.3 deptid Remote SQL Injection --== Author ==-- + Author : v3n0m + Contact...

WebStudio eHotel - Blind SQL Injection

WebStudio eHotel - Blind SQL Injection WebStudio eHotel pageid Blind SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.bdigital.biz/index.php?pageid=216 DorK : "Powered by WebStudio eHotel" Demo :...

ZEEMATRI 3.0 - adid SQL Injection

ZEEMATRI 3.0 - adid SQL Injection || | | ZEEMATRI v3.0 bannerclick.php adid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.IQ-TY.com & www.TrYaG.cc | | email: [email protected] | | | | | | | script:...

Vibro-School-CMS - nID SQL Injection

Vibro-School-CMS - nID SQL Injection ! ! ! OOOO O OOOOOOOOO ! !O O O O O ! !O O O ! !O OOOO OOOO OOOOOO OOOO OOO OO O OOOO OO OO OOOO ! !O OOO OOO O O O O OO O O O O OO O O O ! !O OO OO O O OOOOOO O O O O O O OOOOOO ! !O O OOOO O O O O O O O O O O O ! ! OOOO OO OOOOOO OOOO OOOOOO OOOOOOOOO OOOO O...

PHPWebGallery 1.3.4 - Cross-Site Scripting Local File Inclusion

PHPWebGallery 1.3.4 - Cross-Site Scripting Local File Inclusion ---------------------------------------------------------------- Script : PhpWebGallery 1.3.4 Type : Multiple Vulnerabilities XSS/LFI Rist : High Google Dork : inurl:"picture.php?cat=" "Powered by PhpWebGallery 1.3.4"...

OpenBSD 4.0 - vga Local Privilege Escalation

OpenBSD 4.0 - vga Local Privilege Escalation / A PRODUCTION OF LUL-DISLCOSURE INC. PROUDLY PRESENTS... 888 888 888 888 888 888 .d88b. 88888b. .d88b. 88888b. 88888b. .d8888b .d88888 d88""88b 888 "88b d8P Y8b 888 "88b 888 "88b 88K d88" 888 888 888 888 888 88888888 888 888 888 888 "Y8888b. 888 888...

AcmlmBoard 1.A2 - pow SQL Injection

AcmlmBoard 1.A2 - pow SQL Injection AcmlmBoard v1.A2 SQL Injection Vulnerability Bug by: h0yt3r Dork: "AcmlmBoard v1.A2" This Board Software suffers from some not correctly verified variables which are used in SQL Querys. An Attacker can easily get sensitive information from the database by...

LinPHA 1.3.1 - new_images.php Blind SQL Injection

LinPHA 1.3.1 - newimages.php Blind SQL Injection order = $REQUEST'order'; 188. 189. if$defaultorder != $REQUEST'order' 190. 191. $this-linkaddress .= '&order='.$REQUEST'order'; 192. 193. 194. else 195. 196. $this-order = $defaultorder; 197. 198. 199. 200. // 201. // set sql query string 202. //...