41207 matches found
Libmodplug ReadS3M - Stack Overflow
Libmodplug ReadS3M - Stack Overflow Source: https://www.sec-consult.com/files/20110407-0libmodplugstackoverflow.txt SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Libmodplug ReadS3M Stack Overflow product: Libmodplug...
SmarterMail 7.37.4 - Multiple Vulnerabilities
SmarterMail 7.37.4 - Multiple Vulnerabilities Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Identified: October 28, 2010 Vendor: SmarterTools Application: SmarterMail 7.x Bugs: Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection,...
Microsoft Data Access Components - Remote Overflow (MS11-002)
Microsoft Data Access Components - Remote Overflow MS11-002 .body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var...
Elcom CommunityManager.NET - Authentication Bypass
Elcom CommunityManager.NET - Authentication Bypass Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 Release Date. 20-Dec-2010 Last Update. - Vendor Notification Date. 22-Jan-2010 Product. Elcom Technology's CommunityManager.NET Platform. IIS with ASP.NET...
Pandora Fms 3.1 - Directory Traversal Local File Inclusion
Pandora Fms 3.1 - Directory Traversal Local File Inclusion + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating...
Joomla! Component com_beamospetition - SQL Injection
Joomla! Component combeamospetition - SQL Injection Exploit Title : Joomla "combeamospetition" Sql Injection Vulnerability Date : 29 - 7 - 2010 Author : Forza-Dz Vendor : http://code.joomla.org/gf/project/beamospetition/frs/ Version : All Versions Tested on : Win Sp2 and Mc Dork =...
HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
HP OpenView Network Node Manager OV NNM - getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Date: 2010.07.02 Author: S2 Crew Hungary Software Link: hp.com Version: 7.53 Tested on: Windows 2003 CVE:...
PreProject Multi-Vendor Shopping Malls - SQL Injection
PreProject Multi-Vendor Shopping Malls - SQL Injection Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability Download: http://preproject.com/products.asp Dork: inurl:Powered by: PreProjects + detail.php?prodid=694 Author: [email protected] Exploit :...
CMS Openpage - index.php SQL Injection
CMS Openpage - index.php SQL Injection ==================================================== CMS Openpage index.php SQL Injection Vulnerability ==================================================== + Discovered by: Phenom + My id: http://inj3ct0r.com/author/2157 + Original:...
Kolang 4.3.10 5.3.0 - proc_open() PHP safe_mode Bypass
Kolang 4.3.10 5.3.0 - procopen PHP safemode Bypass // "shellcode loader" : load and execute arbitrary shellcode from a file // Hami...
tincan ltd - section SQL Injection
tincan ltd - section SQL Injection +/=============================================+ + Title : tincan ltd section SQL Injection Vulnerability + site s.p : www.tincan.co.uk + Author : altbta + Email : [email protected] + home : v4-team.com & tryag.cc +=============================================/+...
Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow
Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow / Software: Jasc Paint Shop Pro v8 Local Buffer Overflow Exploit UNIVERSAL Bug type: Local buffer overflow Exploitation method: SEH handler overwrite Description: When a crafted .PNG file is oppened a stack buffer overflow occurs because of...
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion Denial of Service !/usr/bin/perl -w udp IAX protocol fuzzer Created: Blake Cornell Exploits found with this code can be found at http://www.securityscraper.com/ Released under the VoIPER project Do not hesitate to show enthusiasm and support...
OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service / cve-2009-1386.c OpenSSL http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as the first record instead of...
PHP 5.2.6 - create_function() Code Injection (2)
PHP 5.2.6 - createfunction Code Injection 2 source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be...
6rbScript 3.3 - section.php Local File Inclusion
6rbScript 3.3 - section.php Local File Inclusion || | | 6rbScript V3.3 Local file Vulnerability | | | | | | script : www.6rbscript.com | | DorK : inurl:"section.php?name=singers" | dorK : Powered By 6rbScript V3.3 || Author : Stack Expl need magic quote = off & open basdir = off in many server...
Plogger 3.0 - SQL Injection
Plogger 3.0 - SQL Injection GulfTech Security Research August 05, 2008 Vendor : Mike Johnson URL : http://www.plogger.org/ Version : Plogger addfile$filecontents, $row"path"; The...
OTManager CMS 24a - Local File Inclusion Cross-Site Scripting
OTManager CMS 24a - Local File Inclusion Cross-Site Scripting =========================================================== OTManager CMS LFI/XSS Multiple Remote Vulnerabilities =========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| -------...
Joomla! Component joovideo 1.2.2 - id SQL Injection
Joomla! Component joovideo 1.2.2 - id SQL Injection Mambo Component comjoovideo SQL InjectionPowered by joovideo V1.0 AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAÄ°L : [email protected] TODAY MY BÄ°RTDAY SOO I WROTE 5 BUGS ALL FOR HACKERS 5 EXPLOÄ°TS HAVE 100.000...
nuBoard 0.5 - ssid SQL Injection
nuBoard 0.5 - ssid SQL Injection Nuboardv0.5 SQL Injection Vulnerability By IRCRASH AUTHOR : IRCRASH Discovered by : Dr.Crash Exploited By : Dr.Crash IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm Script Download : http://switch.dl.sourceforge.net/sourceforge/nuboard/nuboardv0.5.tar.gz SQL...
RichStrong CMS - cat SQL Injection
RichStrong CMS - cat SQL Injection --==+=================== Spanish Hackers Team www.spanish-hackers.com =================+==-- --==+ RichStrong CMS showproduct.asp?cat= Remote SQL Injection Exploit +==-- --==+====================================================================================+==...
Vortex Portal 1.0.42 - Remote File Inclusion
Vortex Portal 1.0.42 - Remote File Inclusion Vortex Portal 1.0.42 RFI ---------- Author : ShAy6oOoN ---------- Group : PitBull Crew ---------- Script : Vortex Portal 1.0.42 ---------- Download : http://www.igamingcms.com/legacy-software/VortexPortal1.0.42.zip ---------- Vuln Type: RFI ----------...
Madwifi 0.9.2.1 - WPARSN IE Remote Kernel Buffer Overflow
Madwifi 0.9.2.1 - WPARSN IE Remote Kernel Buffer Overflow / ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2...
Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (2)
Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities 2 source: https://www.securityfocus.com/bid/20365/info Multiple Computer Associates products are prone to multiple buffer-overflow vulnerabilities because the applications using an affected library...
Newswriter SW 1.42 - editfunc.inc.php File Inclusion
Newswriter SW 1.42 - editfunc.inc.php File Inclusion ============================================================================================== Newswriter SW = 1.42 NWCONFSYSTEMserverpath Remote File Inclusion Vulnerability...
Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl() Local Privilege Escalation
Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl Local Privilege Escalation / $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4,...
DoceboLms 2.0.5 - help.php Remote File Inclusion
DoceboLms 2.0.5 - help.php Remote File Inclusion Vulnerable Script: Docebo LMS 2.05 Discovered: beford Noobs: %22Based+on+DoceboLMS+2.0%22 Vulnerable Files doceboLMS205/modules/credits/business.php = include$GET'lang'.'/language.php'; doceboLMS205/modules/credits/credits.php =...
PHPKIT 1.6.1R2 - filecheck Remote Command Execution
PHPKIT 1.6.1R2 - filecheck Remote Command Execution works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." also if magicquotesgpc =...
Microsoft Windows Server 2000 - UPNP getdevicelist Memory Leak Denial of Service
Microsoft Windows Server 2000 - UPNP getdevicelist Memory Leak Denial of Service / Author: Winny Thomas Nevis Labs, Pune, INDIA Details: While working on the exploit for MS05-047 i came across a condition where a specially crafted request to upnpgetdevicelist would cause services.exe to consume...
CartWIZ 1.10 - AddToCart.asp SQL Injection
CartWIZ 1.10 - AddToCart.asp SQL Injection source: https://www.securityfocus.com/bid/13330/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful...
RhinoSoft Serv-U FTP Server 3.x 5.x - Local Privilege Escalation
RhinoSoft Serv-U FTP Server 3.x 5.x - Local Privilege Escalation / Hax0rcitos proudly presents Serv-u Local Exploit v3.x. tested also against last version 5.1.0.0 All Serv-u Versions have default Login/password for local Administration. This account is only available to connect in the loopback...
Samba 2.2.8 (LinuxBSD) - Remote Code Execution
Samba 2.2.8 LinuxBSD - Remote Code Execution / Remote root exploit for Samba 2.2.x and prior that works against Linux all distributions, FreeBSD 4.x, 5.x, NetBSD 1.x and OpenBSD 2.x, 3.x and 3.2 non-executable stack. sambal.c is able to identify samba boxes. It will send a netbios name packet to...
NX Web Content Management System 2002 Prerelease 1 - datasets.php?c_path Local File Inclusion
NX Web Content Management System 2002 Prerelease 1 - datasets.php?cpath Local File Inclusion source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacke...
William Deich Super 3.x - SysLog Format String
William Deich Super 3.x - SysLog Format String // source: https://www.securityfocus.com/bid/5367/info super is prone to a format string vulnerability. This problem is due to incorrect use of the syslog function to log error messages. It is possible to corrupt memory by passing format strings...
GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection
GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
Apache Tomcat - AJP Ghostcat File ReadInclusion
Apache Tomcat - AJP Ghostcat File ReadInclusion !/usr/bin/env python CNVD-2020-10487 Tomcat-Ajp lfi by ydhcui import struct Some references: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html def packstrings: if s is None: return struct.pack"h", -1 l = lens return struct.pack"H%dsb" % l, l...
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A...
Chevereto 3.13.4 Core - Remote Code Execution
Chevereto 3.13.4 Core - Remote Code Execution Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Date: 2020-01-11 Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, ...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome...
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Date: 2019-09-22 Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro...
Visual Studio 2008 - XML External Entity Injection
Visual Studio 2008 - XML External Entity Injection Exploit Title: Visual Studio 2008 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Software Link: Visual Studio 2008 Express IDE Tested Version: 2008 CVE: N/A + Credits: John Page aka...
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this i...
iOS IOUSBDeviceFamily 12.4.1 - IOInterruptEventSource Heap Corruption (PoC)
iOS IOUSBDeviceFamily 12.4.1 - IOInterruptEventSource Heap Corruption PoC Exploit Title: iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption PoC Date: 2019-10-29 Exploit Author: Sem Voigtlander, Joshua Hill and Raz Mashat Vendor Homepage: https://apple.com/ Software Link:...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...
LimeSurvey 3.17.13 - Cross-Site Scripting
LimeSurvey 3.17.13 - Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172,...
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...
BSI Advance Hotel Booking System 2.0 - booking_details.php Persistent Cross-Site Scripting
BSI Advance Hotel Booking System 2.0 - bookingdetails.php Persistent Cross-Site Scripting Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Date: Wed Jun 4 2014 Exploit Author: Angelo Ruwantha Vendor...
Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation
Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combi...
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1...
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...