41207 matches found
F5 BIG-IP - Authentication Bypass (PoC)
F5 BIG-IP - Authentication Bypass PoC Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...
PluXml 5.1.5 - Local File Inclusion
PluXml 5.1.5 - Local File Inclusion Advisory ID: HTB23086 Product: PluXml Vendor: pluxml.org Vulnerable Versions: 5.1.5 and probably prior Tested Version: 5.1.5 Vendor Notification: 11 April 2012 Vendor Patch: 16 April 2012 Public Disclosure: 2 May 2012 Vulnerability Type: Local File Inclusion CV...
MailEnable Webmail - Cross-Site Scripting
MailEnable Webmail - Cross-Site Scripting ME020567: MailEnable webmail cross-site scripting vulnerability CWE-79 References: CVE-2012-0389 Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Vendor...
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.0411.10) - Boundary Crossing Privilege Escalation
Acpid 1:2.0.10-1ubuntu2 Ubuntu 11.0411.10 - Boundary Crossing Privilege Escalation Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10,...
Linux Kernel 2.6.27 2.6.36 (RedHat x86-64) - compat Local Privilege Escalation
Linux Kernel 2.6.27 2.6.36 RedHat x86-64 - compat Local Privilege Escalation / Ac1dB1tch3z Vs Linux Kernel x8664 0day Today is a sad day.. R.I.P. Tue, 29 Apr 2008 / Tue, 7 Sep 2010 a bit of history: MCASTMSFILTER Compat mode bug found... upon commit! 2 year life on this one author David L Stevens...
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/41885/info Claus Muus Spitfire is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...
BM Classifieds Ads - SQL Injection
BM Classifieds Ads - SQL Injection ALGERIAN HACKER - NORTH-AFRICA SECURITY TEAM - ! BM Classifieds ads SQL injection vulnerability ! Author : Dr.0rYX & Cr3w-DZ ! MAIL : [email protected] & [email protected] / Software Information + Vendor : http://www.bmscripts.com/ + script : powered by BM Classified...
Linux Kernel 2.6 2.6.19 (White Box 4 CentOS 4.44.5 Fedora Core 456 x86) - ip_append_data() Ring0 Privilege Escalation (1)
Linux Kernel 2.6 2.6.19 White Box 4 CentOS 4.44.5 Fedora Core 456 x86 - ipappenddata Ring0 Privilege Escalation 1 / 0x82-CVE-2009-2698 Linux kernel 2.6 . / include include include include include include include unsigned int uid, gid; void getrootuidunsigned task unsigned addr=task;...
Linux Kernel 2.6 (Gentoo Ubuntu 8.109.04) UDEV 1.4.1 - Local Privilege Escalation (2)
Linux Kernel 2.6 Gentoo Ubuntu 8.109.04 UDEV 1.4.1 - Local Privilege Escalation 2 / cve-2009-1185.c udev http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, whic...
Joomla! Component beamospetition 1.0.12 - SQL Injection Cross-Site Scripting
Joomla! Component beamospetition 1.0.12 - SQL Injection Cross-Site Scripting Joomla component beamospetition 1.0.12 Sql Injection / Xss Author : vdss Dork : "Powered by beamospetition 1.0.12" Dl : http://joomlacode.org/gf/project/beamospetition/ Xss :...
DMXReady Registration Manager 1.1 - Contents Change
DMXReady Registration Manager 1.1 - Contents Change Title : DMXReady Registration Manager http://target/path//applications/RegistrationManager/incregistrationmanager.asp Edit - http://target/path//admin/RegistrationManager/addcategory.asp : milw0rm.com 2009-01-14...
Joomla! Component FacileForms 1.4.4 - Remote File Inclusion
Joomla! Component FacileForms 1.4.4 - Remote File Inclusion Title: Joomla Component ComFacileforms ================================================================ + Author : Dr.Kacak + Special Thankz : KnocKout and all my friends + System 0VerfL0verZ...
phpMyChat 0.14.5 - chatusers_popupL.php3 Multiple Cross-Site Scripting Vulnerabilities
phpMyChat 0.14.5 - chatuserspopupL.php3 Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26698/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these...
PHP-Nuke platinum 7.6.b.5 - Remote File Inclusion
PHP-Nuke platinum 7.6.b.5 - Remote File Inclusion ---------------------------------------------- GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEaTs To ---------------------------------------------- A2J, Chucks, The Pitbull, ICQBomber, str0ke ---------------------------------------------- BiG sHoUt OuT tO...
Scallywag - template.php?path Remote File Inclusion
Scallywag - template.php?path Remote File Inclusion Scallywag = Remote File Inclusion Vulnerability Dork:"Powered by Scallywag" Vuln Code ERROR1:skin/dark/template.php ?php include"$path/source/top.txt"; RFI CODE BUG1:...
OpenBSD 3.x 4.0 - vga_ioctl() Local Privilege Escalation
OpenBSD 3.x 4.0 - vgaioctl Local Privilege Escalation / Critical Security OpenBSD 3.x-4.0 vgaioctl root exploit Bug had been discovered by allmighty Ilja van Sprundel ilja.netric.org Some code had been stolen from noir's openbsd exploit sources Fix is available:...
Jax PHP Scripts 1.01.342.143.31 - Guestbook File Client IP Disclosure
Jax PHP Scripts 1.01.342.143.31 - Guestbook File Client IP Disclosure source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input...
Multiple Vendor ICMP Message Handling - Denial of Service
Multiple Vendor ICMP Message Handling - Denial of Service source: https://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol ICMP are reported prone to several denial-of-service attacks. ICMP is employed by network nodes to determine...
Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure
Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure / CAN-2004-0415 / gcc -O3 prockmemdump.c -o prockmemdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING,...
Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script dernierscommentaires.php Remote File Inclusion source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include...
Microsoft Windows XP20002003 - Message Queuing Service Heap Overflow
Microsoft Windows XP20002003 - Message Queuing Service Heap Overflow source: https://www.securityfocus.com/bid/8783/info It has been reported that the Microsoft Message Queuing service is prone to a heap overflow. The Symantec DeepSight analyst team is currently analyzing proof-of-concept exploit...
Microsoft Windows - RPC DCOM Remote (1)
Microsoft Windows - RPC DCOM Remote 1 ////////////////////////////////////////////////////////////////////////////////////////////// // // Windows RPC DCOM Remote Exploit with 18 Targets // by pHrail and smurfy + some offsets by teos // // Targets: // 0 Win2k Polish nosp ver 5.00.2195 // 1 Win2k...
Libc locale - Local Privilege Escalation (1)
Libc locale - Local Privilege Escalation 1 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (MS00-040) (2)
Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service MS00-040 2 source: https://www.securityfocus.com/bid/1331/info In special circumstances while handling requests to access the Remote Registry Server, Windows NT 4.0 can crash due to winlogon.exe's inability to process specially...
Microsoft IIS 4.0 Microsoft JET 3.53.5.1 Database Engine - VBA
Microsoft IIS 4.0 Microsoft JET 3.53.5.1 Database Engine - VBA source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications...
Xi Graphics Maximum CDE 1.2.3TriTeal TED CDE 4.3Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)
Xi Graphics Maximum CDE 1.2.3TriTeal TED CDE 4.3Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow 1 // source: https://www.securityfocus.com/bid/122/info An implementation fault in the ToolTalk object database server allows a remote attacker to run arbitrary code as the superuser on hosts...
HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution (1)
HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution 1 / source: https://www.securityfocus.com/bid/1749/info HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution 1 The 'rpc.ypupdated'...
DBPower C300 HD Camera - Remote Configuration Disclosure
DBPower C300 HD Camera - Remote Configuration Disclosure Exploit Title: DBPower C300 HD Camera - Remote Configuration Disclosure Date: 2020-02-19 Author: Todor Donev Vendor: https://donev.eu/ CVE: N/A Copyright 2020 c Todor Donev https://donev.eu/...
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Lin...
Rukovoditel Project Management CRM 2.5.2 - filters SQL Injection
Rukovoditel Project Management CRM 2.5.2 - filters SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/...
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Exploit Title: Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link:...
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000,...
ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution
ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution !/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download:...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link:...
GNU Mailutils 3.7 - Privilege Escalation
GNU Mailutils 3.7 - Privilege Escalation Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo...
Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting
Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Adrenalin Core HCM 5.4.0 - prntDDLCntrlName Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - prntDDLCntrlName Reflected Cross-Site Scripting Exploit Title: Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software...
Solaris xscreensaver 11.4 - Privilege Escalation
Solaris xscreensaver 11.4 - Privilege Escalation Exploit Title: Solaris xscreensaver 11.4 - Privilege Escalation Date: 2019-10-16 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/technetwork/server-storage/solaris11/ Version: Solaris 11.x Tested on: Solaris 11.4 and 11.3 X86...
Kirona-DRS 5.5.3.5 - Information Disclosure
Kirona-DRS 5.5.3.5 - Information Disclosure Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DR...
V-SOL GPONEPON OLT Platform 2.03 - Unauthenticated Configuration Download
V-SOL GPONEPON OLT Platform 2.03 - Unauthenticated Configuration Download Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Date: 2019-09-27 Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com...
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth ----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...
Microsoft DirectWrite AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
Microsoft DirectWrite AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...
Supra Smart Cloud TV - openLiveURL() Remote File Inclusion
Supra Smart Cloud TV - openLiveURL Remote File Inclusion Exploit Title: Remote file inclusion Date: 03-06-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References:...
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Intelbras IWR 3000N - Denial of Service Remote Reboot /bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a denial ...
Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting
Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE...
JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting
JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
Rails 5.2.1 - Arbitrary File Content Disclosure
Rails 5.2.1 - Arbitrary File Content Disclosure ''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all...
Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak
Linux Kernel 4.4 Ubuntu 16.04 - sndtimeruserccallback Kernel Pointer Leak include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date...
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - Unauthenticated Arbitrary Requests !/usr/bin/env python3 import argparse from ssl import wrapsocket from json import loads, dumps from socket import createconnection def requeststage1base, version, target: stage1 = "" with open'ustage1', 'r' as stage1fd: stage1 = stage1fd.read return...
xorg-x11-server 1.20.3 - modulepath Local Privilege Escalation
xorg-x11-server 1.20.3 - modulepath Local Privilege Escalation !/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X...