41207 matches found
OpenBSD 4.0 - vga Local Privilege Escalation
OpenBSD 4.0 - vga Local Privilege Escalation / A PRODUCTION OF LUL-DISLCOSURE INC. PROUDLY PRESENTS... 888 888 888 888 888 888 .d88b. 88888b. .d88b. 88888b. 88888b. .d8888b .d88888 d88""88b 888 "88b d8P Y8b 888 "88b 888 "88b 88K d88" 888 888 888 888 888 88888888 888 888 888 888 "Y8888b. 888 888...
AcmlmBoard 1.A2 - pow SQL Injection
AcmlmBoard 1.A2 - pow SQL Injection AcmlmBoard v1.A2 SQL Injection Vulnerability Bug by: h0yt3r Dork: "AcmlmBoard v1.A2" This Board Software suffers from some not correctly verified variables which are used in SQL Querys. An Attacker can easily get sensitive information from the database by...
LinPHA 1.3.1 - new_images.php Blind SQL Injection
LinPHA 1.3.1 - newimages.php Blind SQL Injection order = $REQUEST'order'; 188. 189. if$defaultorder != $REQUEST'order' 190. 191. $this-linkaddress .= '&order='.$REQUEST'order'; 192. 193. 194. else 195. 196. $this-order = $defaultorder; 197. 198. 199. 200. // 201. // set sql query string 202. //...
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/24585/info Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues,...
Vivotek Motion Jpeg Control - MjpegDecoder.dll 2.0.0.13 Remote Overflow
Vivotek Motion Jpeg Control - MjpegDecoder.dll 2.0.0.13 Remote Overflow ' metasploit one, alpha2... add a user 'sun' with pass 'tzu' FRAGMENT =...
NavBoard 2.6.0 - Remote Code Execution
NavBoard 2.6.0 - Remote Code Execution "; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input type=tex...
SmodCMS 2.10 - Slownik ssid SQL Injection
SmodCMS 2.10 - Slownik ssid SQL Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '...
iPhotoAlbum 1.1 - header.php Remote File Inclusion
iPhotoAlbum 1.1 - header.php Remote File Inclusion iPhotoAlbum v1.1header.phpRemote File Include Vulnerability D.Script: http://sourceforge.net/projects/iphotoalbum/ Discovered by: GloDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code Exploit:Path/lib/static/header.php?setmenu=SheLL Greetz To:...
4Images 1.7.x - search.php SQL Injection
4Images 1.7.x - search.php SQL Injection !/usr/bin/php //search.php?searchuser=x%2527%20union%20select%20userpassword%20from%204imagesusers%20where%20username=%2527ADMIN w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path options table prefix user id\n Options: -d: Determine table...
Linux Kernel 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service
Linux Kernel 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service / ecl-nf-snmpwn.c - 30/05/06 Alex Behar Yuri Gushin A patch review we did on the 2.6.16.17-18 Linux kernel source tree revealed a restructuring of code in the snmpparsemangle and the snmptrapdecode functions. After furthe...
Web Host Automation Ltd. Helm 3.2.10 Beta - domains.asp?txtDomainName Cross-Site Scripting
Web Host Automation Ltd. Helm 3.2.10 Beta - domains.asp?txtDomainName Cross-Site Scripting source: https://www.securityfocus.com/bid/17263/info Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...
AWStats 5.7 6.2 - Multiple Remote
AWStats 5.7 6.2 - Multiple Remote / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...
Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow
Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...
WarpSpeed 4nAlbum Module 0.92 - nmimage.php?z Cross-Site Scripting
WarpSpeed 4nAlbum Module 0.92 - nmimage.php?z Cross-Site Scripting source: https://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. There is an information...
Samba 2.2.x - call_trans2open Remote Buffer Overflow (1)
Samba 2.2.x - calltrans2open Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server,...
Microsoft IIS 4.0 Microsoft JET 3.53.5.1 Database Engine - VBA
Microsoft IIS 4.0 Microsoft JET 3.53.5.1 Database Engine - VBA source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications...
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com...
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage:...
HomeGuard Pro 9.3.1 - Insecure Folder Permissions
HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Title: HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Author: boku Date: 2020-02-13 Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/hg-pro/exe/HomeGuardPro-Setup.exe Version 9.3.1 Tested On:...
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual...
ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution
ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution !/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download:...
Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials
Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link:...
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Date : 2019-11-29 Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat pwn.c include...
FlexAir Access Control 2.3.35 - Authentication Bypass
FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
eMerge E3 1.00-06 - Privilege Escalation
eMerge E3 1.00-06 - Privilege Escalation Exploit Title: eMerge E3 1.00-06 - Privilege Escalation Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...
Acronis True Image OEM 19.0.5128 - afcdpsrv Unquoted Service Path
Acronis True Image OEM 19.0.5128 - afcdpsrv Unquoted Service Path Exploit Title: Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Date: 2019-11-11 Author: Alejandra Sánchez Vendor Homepage: https://www.acronis.com Software:...
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/...
Kirona-DRS 5.5.3.5 - Information Disclosure
Kirona-DRS 5.5.3.5 - Information Disclosure Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DR...
Symantec Advanced Secure Gateway (ASG) ProxySG - Unrestricted File Upload
Symantec Advanced Secure Gateway ASG ProxySG - Unrestricted File Upload ===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed...
Inteno IOPSYS Gateway - Improper Access Restrictions
Inteno IOPSYS Gateway - Improper Access Restrictions Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650...
YouPHPTube 7.4 - Remote Code Execution
YouPHPTube 7.4 - Remote Code Execution Exploit Title: YouPHPTube &webSiteTitle=Zerodays.lol&databaseHost=&databaseName=&databasePass=&databasePort=&databaseUser="...
QEMU - Denial of Service
QEMU - Denial of Service include include include include include include include include include include include include include include include include include define diex do \ perrorx; \ exitEXITFAILURE; \ while0; // Constans define SRCADDR "10.0.2.15" define DSTADDR "10.0.2.2" define INTERFACE...
Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font loadstore Operators
Adobe Acrobat CoolType AFDKO - Memory Corruption in the Handling of Type 1 Font loadstore Operators -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling librar...
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1...
IPFire 2.21 - Cross-Site Scripting
IPFire 2.21 - Cross-Site Scripting Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.is...
GattLib 0.2 - Stack Buffer Overflow
GattLib 0.2 - Stack Buffer Overflow Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
Base64 Decoder 1.1.2 - Local Buffer Overflow SEH !/usr/bin/env python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Date: 12-20-18 Vulnerable Software: Base64 Decoder 1.1.2 Vendor Homepage: http://4mhz.de/b64dec.html Version: 1.1.2 Software...
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
CA Release Automation NiMi 6.5 - Remote Command Execution
CA Release Automation NiMi 6.5 - Remote Command Execution Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Date: 2016-06-23 Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link:...
Imperva SecureSphere 11.5 12.0 13.0 - Privilege Escalation
Imperva SecureSphere 11.5 12.0 13.0 - Privilege Escalation Title: Imperva SecureSphere = v13 - Privilege Escalation Author: 0x09AL Date: 01/08/2018 Tested on: Imperva SecureSphere 11.5,12.0,13.0 Vendor: https://www.imperva.com/ Vulnerability Description There is a program named PCE.py which runs ...
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0...
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" m...
Jenkins Mailer Plugin 1.20 - Cross-Site Request Forgery (Send Email)
Jenkins Mailer Plugin 1.20 - Cross-Site Request Forgery Send Email Exploit Title : Jenkins mailer plugin \ '+table'covermessage'+'' s = smtplib.SMTPtable'smtpserver' s.starttls s.logintable'lid', table'lpw' s.sendmailmsg'From', msg'To', msg.asstring def urlset : url...
DLINK DCS-5020L - Remote Code Execution (PoC)
DLINK DCS-5020L - Remote Code Execution PoC “The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to...
Sony Playstation 4 (PS4) 5.01 5.05 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 5.01 5.05 - WebKit Code Execution PoC PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install...
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1...
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-28...
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow PoC CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected...
WebKit - WebCore::FormSubmission::create Use-After-Free
WebKit - WebCore::FormSubmission::create Use-After-Free function jsfuzzer textarea1.setRangeText"foo"; textarea2.autofocus = true; textarea1.name = "foo"; form.insertBeforetextarea2, form.firstChild; form.submit; function eventhandler2 forvar i=0;i a b !--...