41207 matches found
Typora 0.9.9.24.6 - Directory Traversal
Typora 0.9.9.24.6 - Directory Traversal Exploit Title: Code execution via path traversal Date: 17-05-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137...
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t...
Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution
Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution history.pushState'', '', '/' function exploit var target = "http://127.0.0.1" var boltadminurl = target + "/bolt"; var xhr = new XMLHttpRequest; xhr.open"POST", boltadminurl + "/upload", true; xhr.setRequestHeader"Accept",...
Valentina Studio 9.0.5 Linux - Host Buffer Overflow (PoC)
Valentina Studio 9.0.5 Linux - Host Buffer Overflow PoC -- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link:...
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Date: 18/01/2019 Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage:...
S-nail 14.8.16 - Local Privilege Escalation
S-nail 14.8.16 - Local Privilege Escalation !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling...
ZTE ZXHN H168N - Improper Access Restrictions
ZTE ZXHN H168N - Improper Access Restrictions POC: CVE-2018-7357 and CVE-2018-7358 Disclaimer: This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Protocol: UPn...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 C...
WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free
WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free htmlvar00002, htmlvar00006 column-span: all; :root 1px; position: fixed; -webkit-column-width: 1px; .class2 text-indent: -webkit-shape-margin: 0px; -webkit-writing-mode: vertical-rl; '.' defselement, .class8 display:...
Nikto 2.1.6 - CSV Injection
Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...
Epiphany 3.28.2.1 - Denial of Service
Epiphany 3.28.2.1 - Denial of Service Summary: ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call,...
Adobe Flash 28.0.0.161 - Use-After-Free
Adobe Flash 28.0.0.161 - Use-After-Free !/usr/bin/env python coding: UTF-8 import BaseHTTPServer import sys from SimpleHTTPServer import SimpleHTTPRequestHandler print "@Syfi2k" print "+ CVE-2018-4878 poc " print "--------------------------------" print "Calc.exe Shellcode via Msfvenom" print...
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery Exploit Title: Open-AuditIT Professional 2.1 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage:...
TestLink Open Source Test Management 1.9.16 - Remote Code Execution (PoC)
TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any presen...
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1...
glibc 2.26 - getcwd() Local Privilege Escalation
glibc 2.26 - getcwd Local Privilege Escalation / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the...
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserializatio...
OpenEMR 5.0.0 - OS Command Injection Cross-Site Scripting
OpenEMR 5.0.0 - OS Command Injection Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection & Reflected Cross Site Scripting product: OpenEMR vulnerable version: 5.0.0 fixed version:...
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDOWS-GAME-DEFINITION-FILE-MAKER-v6.3.9600-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec...
NfSen 1.3.7 AlienVault OSSIM 5.3.6 - Local Privilege Escalation
NfSen 1.3.7 AlienVault OSSIM 5.3.6 - Local Privilege Escalation Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...
Humax HG100R 2.0.6 - Backup File Download
Humax HG100R 2.0.6 - Backup File Download coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan import requests...
Gemalto SmartDiag Diagnosis Tool 2.5 - Local Buffer Overflow (SEH)
Gemalto SmartDiag Diagnosis Tool 2.5 - Local Buffer Overflow SEH Exploit Title: Gemalto SmartDiag Diagnosis Tool = v2.5 - Buffer Overflow - SEH Overwrite Date: 16-03-2017 Software Link: http://support.gemalto.com/index.php?id=downloadtools Exploit Author: Majid Alqabandi Contact:...
Moodle 2.x3.x - SQL Injection
Moodle 2.x3.x - SQL Injection Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: [email protected] Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.1...
Mozilla Firefox - table Use-After-Free
Mozilla Firefox - table Use-After-Free body display: table function freememory try fuzzPriv.forceGC; catcherr alert'Please install domFuzzLite3'; function go var s = document.getSelection; window.find"1",true,false,true,false; s.modify"extend","forward","line";...
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free Privilege Escalation // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. //...
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities 1. ADVISORY INFORMATION ======================================== Title: ManagEnegine ADManager Plus = 6.5.40 Multiple Vulnerabilities Application: ManagEnegine Admanager Remotely Exploitable: Yes Authentication Required: Yes Versions...
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution Metasploit Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/...
Linux Kernel 3.10.0 (CentOS RHEL 7.1) - aiptek Nullpointer Dereference
Linux Kernel 3.10.0 CentOS RHEL 7.1 - aiptek Nullpointer Dereference OS-S Security Advisory 2016-05 Linux aiptek Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7515 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat...
Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities
Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer...
Roundcube Webmail 1.1.3 - Directory Traversal
Roundcube Webmail 1.1.3 - Directory Traversal Advisory ID: HTB23283 Product: Roundcube Vendor: Roundcube.net Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch:...
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak MS15-023 Source: https://code.google.com/p/google-security-research/issues/detail?id=461 Windows: NtUserGetClipboardAccessToken Token Leak Redux Platform: Windows 8.1 Update, Windows 10 Build 10130 Class: Security Bypass/EoP Summary: Th...
Oracle GlassFish Server 4.1 - Directory Traversal
Oracle GlassFish Server 4.1 - Directory Traversal Trustwave SpiderLabs Security Advisory TWSL2015-016: Path Traversal in Oracle GlassFish Server Open Source Edition Published: 08/27/2015 Version: 1.0 Vendor: Oracle Corporation Project sponsored by Oracle Product: GlassFish Server Open Source...
Microsoft Windows Server 2003 SP2 - TCPIP IOCTL Privilege Escalation (MS14-070)
Microsoft Windows Server 2003 SP2 - TCPIP IOCTL Privilege Escalation MS14-070 / Exploit Title: Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation MS14-070 Date: 2015-08-10 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows 2003 SP2 x86 Windows 2003 SP2 x86-64 Windows 2003 SP2 IA-64...
Apache JackRabbit - WebDAV XML External Entity
Apache JackRabbit - WebDAV XML External Entity !/usr/bin/env python """ Exploit Title: Jackrabbit WebDAV XXE Date: 25-05-2015 Software Link: http://jackrabbit.apache.org/jcr/ Exploit Author: Mikhail Egorov Contact: 0ang3el gmail com Website: http://0ang3el.blogspot.com CVE: CVE-2015-1833 Category...
Fortinet Single Sign On - Stack Overflow
Fortinet Single Sign On - Stack Overflow 1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors...
GParted 0.14.1 - OS Command Execution
GParted 0.14.1 - OS Command Execution SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 appli...
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://www.soitec.com Affected version: 1.4 and 1.3 Summary: Soitec power plants are a profitable and ecological...
Gogs - label SQL Injection
Gogs - label SQL Injection Blind SQL Injection in Gogs label search ======================================== Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...
HP Operations Agent - Cross-Site Scripting iFrame Injection
HP Operations Agent - Cross-Site Scripting iFrame Injection !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent /...
phpMyFAQ 2.8.x - Multiple Vulnerabilities
phpMyFAQ 2.8.x - Multiple Vulnerabilities Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specif...
Sagem Fast 3304-V2 - Authentication Bypass (1)
Sagem Fast 3304-V2 - Authentication Bypass 1 Title : Sagem F@st 3304-V2 Authentication Bypass Vendor : http://www.sagemcom.com Severity : High Tested on : Firefox, Google Chrome, Internet Explorer Tested Router : Sagem F@st 3304-V2 3304, 3464, 3504 may also be affected Date : 2014-09-04 Author :...
Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities
Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobile hotspot...
Daum Game 1.1.0.5 - ActiveX IconCreate Method Remote Stack Buffer Overflow
Daum Game 1.1.0.5 - ActiveX IconCreate Method Remote Stack Buffer Overflow var overwrite =...
Burden 1.8 - Authentication Bypass
Burden 1.8 - Authentication Bypass Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013...
Artweaver 3.1.5 - .awd Buffer Overflow
Artweaver 3.1.5 - .awd Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Artweaver Buffer Overflow Vulnerability 1. Advisory Information Title: Artweaver Buffer Overflow Vulnerability Advisory ID: CORE-2013-0701 Advisory URL:...
Adobe Reader X 10.1.4.38 - .BMP.RLE Heap Corruption
Adobe Reader X 10.1.4.38 - .BMP.RLE Heap Corruption ''' Title: Adobe Reader X BMP/RLE heap corruption Product: Adobe Reader X Version: 10.x Product Homepage: adobe.com Binary affected: AcroForm.api Binary Version: 10.1.4.38 Binary MD5: 8e0fc0c6f206b84e265cc3076c4b9841 Configuration Requirements...
Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities
Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013...
BabyGekko 1.2.2e - Multiple Vulnerabilities
BabyGekko 1.2.2e - Multiple Vulnerabilities Advisory ID: HTB23122 Product: BabyGekko Vendor: babygekko.com Vulnerable Versions: 1.2.2e and probably prior Tested Version: 1.2.2e Vendor Notification: October 24, 2012 Vendor Patch: November 4, 2012 Public Disclosure: November 14, 2012 Vulnerability...
F5 BIG-IP - Authentication Bypass (PoC)
F5 BIG-IP - Authentication Bypass PoC Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...