WildMIDI 0.4.2 - Multiple Vulnerabilities

WildMIDI 0.4.2 - Multiple Vulnerabilities wildmidi multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= WildMIDI is a simple software midi player which has a core softsynth library that can be use with other applications.The WildMIDI library uses...

Jenkins 1.650 - Java Deserialization

Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...

Australian Education App - Remote Code Execution

Australian Education App - Remote Code Execution Exploit Title: Australian Education App - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser2.com Software Link: See APK archive websites Screenshot: Refer to...

Sophos XG Firewall 16.05.4 MR-4 - Path Traversal

Sophos XG Firewall 16.05.4 MR-4 - Path Traversal Vulnerabilities Summary The following advisory describe two 2 vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network...

Disk Pulse 9.7.26 - Add Directory Local Buffer Overflow

Disk Pulse 9.7.26 - Add Directory Local Buffer Overflow !/usr/bin/python Exploit Title: Disk Pulse v9.7.26 - Add Directory Local Buffer Overflow Date: 12-06-2017 Exploit Author: abatchy17 -- @abatchy17 Vulnerable Software: Disk Pulse v9.7.26 Freeware, Pro, Ultimate Vendor Homepage:...

SAP Business One for Android 1.2.3 - XML External Entity Injection

SAP Business One for Android 1.2.3 - XML External Entity Injection Exploit Title: Blind XXE XML External Entityin SAP Date of Disclosure: 17/05/2017 Author: Ravindra Singh Rathore Vendor Homepage: https://www.sap.com/products/business-one.html Product - SAP Business One Android Application Versio...

Mantis Bug Tracker 1.3.02.3.0 - Password Reset

Mantis Bug Tracker 1.3.02.3.0 - Password Reset + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product...

My Gaming Ladder Combo System 7.5 - SQL Injection

My Gaming Ladder Combo System 7.5 - SQL Injection Exploit Title: My Gaming Ladder Combo System 7.5 - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: http://www.mygamingladder.com/ Software: http://www.mygamingladder.com/demos.shtml Demo: http://www.mygamingladder.com/upgrade/comb...

Intellinet NFC-30IR Camera - Multiple Vulnerabilities

Intellinet NFC-30IR Camera - Multiple Vulnerabilities Bitcrack Cyber Security - BitLabs Advisory http://www.bitcrack.net Multiple Vulnerabilities in Intellinet NFC-30IR Network Cameras ADVISORY -------- Title: Local File Inclusion in CGI-SCRIPT & Hard-Coded Manufacturer Backdoor Advisory ID:...

AXIS (Multiple Products) - Cross-Site Request Forgery

AXIS Multiple Products - Cross-Site Request Forgery 0RWELLL4BS security advisory olsa-CVE-2015-8255 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management...

VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions

VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=850 As already discussed in a number of reports in this tracker 285, 286, 287, 288, 289, 292, VMware Workstation current version 12.1.1 build-3770994...

MySQL 5.5.45 (x64) - Local Credentials Disclosure

MySQL 5.5.45 x64 - Local Credentials Disclosure MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman...

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...

Schneider Electric SBO AS - Multiple Vulnerabilities

Schneider Electric SBO AS - Multiple Vulnerabilities Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...

AlegroCart 1.2.8 - Multiple SQL Injections

AlegroCart 1.2.8 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL...

D-Link DIR-825 (vC) - Multiple Vulnerabilities

D-Link DIR-825 vC - Multiple Vulnerabilities Advisory Information Title: DIR-825 vC Buffer overflows in authentication,HNAP and ping functionalities. Also a directory traversal issue exists which can be exploited Vendors contacted: William Brown , Patrick Cline [email protected] CVE:...

X2Engine 4.2 - Cross-Site Request Forgery

X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...

Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation (MS15-076)

Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation MS15-076 Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory...

Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)

Kaseya Virtual System Administrator VSA - Multiple Vulnerabilities 1 Multiple vulnerabilities in Kaseya Virtual System Administrator Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/...

SysAid Help Desk 14.4 - Multiple Vulnerabilities

SysAid Help Desk 14.4 - Multiple Vulnerabilities Multiple vulnerabilities in SysAid Help Desk 14.4 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 03/06/2015 / Last updated:...

Microsoft Windows - Local Privilege Escalation (MS15-010)

Microsoft Windows - Local Privilege Escalation MS15-010 // ex.cpp / Windows XP/2K3/VISTA/2K8/7 WMSYSTIMER Kernel EoP CVE-2015-0003 March 2015 Public Release: May 24, 2015 Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake mail com /...

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ===============================================================================...

Citrix Nitro SDK - Command Injection

Citrix Nitro SDK - Command Injection Abstract Securify discovered a command injection vulnerability in xenhotfix page of the NITRO SDK. The attacker-supplied command is executed with elevated privileges nsroot. This issue can be used to compromise of the entire Citrix SDX appliance and all...

Chamilo LMS 1.9.10 - Multiple Vulnerabilities

Chamilo LMS 1.9.10 - Multiple Vulnerabilities I. Overview ======================================================== Chamilo LMS 1.9.10 or prior versions are prone to a multiple Cross-Site Scripting Stored + Reflected & CSRF vulnerabilities. These vulnerabilities allows an attacker to gain control...

ManageEngine Desktop Central - Create Administrator

ManageEngine Desktop Central - Create Administrator Administrator account creation in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security =================================================================================...

Microweber CMS 0.95 - SQL Injection

Microweber CMS 0.95 - SQL Injection Exploit Title: SQL Injection in Microweber CMS 0.95 Google Dork: N/A Date: 12/16/2014 Exploit Author: Pham Kien Cuong [email protected] and ITAS Team www.itas.vn Vendor Homepage: Microweber https://microweber.com/ Software Link:...

TYPO3 Extension ke DomPDF - Remote Code Execution

TYPO3 Extension ke DomPDF - Remote Code Execution Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in...

tcpdump 4.6.2 - Geonet Decoder Denial of Service

tcpdump 4.6.2 - Geonet Decoder Denial of Service CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or...

MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass Reflected Cross-Site Scripting Persistent Cross-Site Scripting

MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass Reflected Cross-Site Scripting Persistent Cross-Site Scripting Advisory ID: 92152 Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.0.0–2.2.14 Tested Version: 2.2.14 Advisory Publication: 16 July, 2014 without technical details Vendor...

TestLink 1.9.11 - Multiple SQL Injections

TestLink 1.9.11 - Multiple SQL Injections Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...

DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal

DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read...

doorGets CMS 5.2 - SQL Injection

doorGets CMS 5.2 - SQL Injection Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Publi...

TVT TD-2308SS-B DVR - Directory Traversal

TVT TD-2308SS-B DVR - Directory Traversal Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P...

Android Zygote - Socket and Fork Bomb (Denial of Service)

Android Zygote - Socket and Fork Bomb Denial of Service BootReceiver.java / Android Application that performs the fork bomb attack http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3918 Further informations can be found at http://www.ai-lab.it/bugAndroid/bugAndroid.html @author Luca...

Oracle Java lookUpByteBI - Heap Buffer Overflow

Oracle Java lookUpByteBI - Heap Buffer Overflow Exploit Title: Oracle Java lookupByteBI function heap buffer overflow Google Dork: Date: 2013-09-03 Exploit Author: GuHe Vendor Homepage: http://www.oracle.com/ Software Link: http://www.oracle.com/technetwork/java/javase/downloads/index.html Versio...

Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities

Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command...

Invision Power Board 1.x?2.x3.x - Admin Takeover

Invision Power Board 1.x?2.x3.x - Admin Takeover IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN @johnjean on twitter Affected application: Invision Power Board = 3.4.4 Type ...

TagScanner 5.1 - Stack Buffer Overflow (PoC)

TagScanner 5.1 - Stack Buffer Overflow PoC Title: ====== TagScanner v5.1 - Stack Buffer Overflow Vulnerability Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=831 VL-ID: ===== 831 Introduction: ============= TagScanner is a multifunction program f...

mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read

mnoGoSearch 3.3.12 search.cgi - Arbitrary File Read ----------------------------------------------------------- PT-2013-17 Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ----------------------------------------------------------- --- Vulnerable software mnoGoSearch...

Piwigo 2.4.6 - Multiple Vulnerabilities

Piwigo 2.4.6 - Multiple Vulnerabilities Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type:...

TVMOBiLi 2.1.0.3557 - Denial of Service

TVMOBiLi 2.1.0.3557 - Denial of Service Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Publi...

FlexNet License Server Manager - Stack Overflow In lmgrd

FlexNet License Server Manager - Stack Overflow In lmgrd Luigi Auriemma Application: FlexNet License Server Manager http://www.flexerasoftware.com/products/flexnet-publisher.htm http://www.globes.com/support/fnputilitiesdownload.htm Versions: = 11.9.1 and others earlier this version number was...

RealVNC 4.1.04.1.1 - Authentication Bypass

RealVNC 4.1.04.1.1 - Authentication Bypass Exploit Title: RealVNC 4.1.0 and 4.1.1 Authentication Bypass Exploit Date: 2012-05-13 Author: @fdiskyou e-mail: rui at deniable.org Version: 4.1.0 and 4.1.1 Tested on: Windows XP CVE: CVE-2006-2369 Requires vncviewer installed Basic port of hdmoore/msf2...

Liferay XSL - Command Execution (Metasploit)

Liferay XSL - Command Execution Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

phpPaleo - Local File Inclusion

phpPaleo - Local File Inclusion 'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on...

MailEnable Webmail - Cross-Site Scripting

MailEnable Webmail - Cross-Site Scripting ME020567: MailEnable webmail cross-site scripting vulnerability CWE-79 References: CVE-2012-0389 Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Vendor...

pkexec - Race Condition Privilege Escalation

pkexec - Race Condition Privilege Escalation / Exploit Title: pkexec Race condition CVE-2011-1485 exploit Author: xi4oyu Tested on: rhel 6 CVE : 2011-1485 Linux pkexec exploit by xi4oyu , thx [email protected] Have fun ¡Á U can reach us @ http://www.wooyun.org : / include include include include inclu...

ServersCheck Monitoring Software 8.8.x - Multiple Vulnerabilities

ServersCheck Monitoring Software 8.8.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/49793/info ServersCheck Monitoring Software is prone to multiple remote input-validation vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. Multiple cross-site...

Carel PlantVisor 2.4.4 - Directory Traversal

Carel PlantVisor 2.4.4 - Directory Traversal Luigi Auriemma Application: Carel PlantVisor http://www.carel.com/carelcom/web/eng/catalogo/prodottodett.jsp?idprodotto=310 Versions: = 2.4.4 Platforms: Windows Bug: directory traversal Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma...

Libmodplug ReadS3M - Stack Overflow

Libmodplug ReadS3M - Stack Overflow Source: https://www.sec-consult.com/files/20110407-0libmodplugstackoverflow.txt SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Libmodplug ReadS3M Stack Overflow product: Libmodplug...