41207 matches found
Tuleap 9.17.99.189 - Blind SQL Injection
Tuleap 9.17.99.189 - Blind SQL Injection =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found: 2018-02-24 by:...
Nexpose 6.4.66 - Cross-Site Request Forgery
Nexpose 6.4.66 - Cross-Site Request Forgery Exploit Title: Cross Site Request Forgery at Nexpose Automated Actions Release Date: 2017-12-13 Exploit Author: Shwetabh Vishnoi Link: https://www.linkedin.com/in/shwetabhvishnoi Vendor Homepage: https://www.rapid7.com/ Software Link:...
Oracle JDeveloper 11.1.x12.x - Directory Traversal
Oracle JDeveloper 11.1.x12.x - Directory Traversal + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-TRAVERSAL.txt + ISR: apparition security Vendor: ============= www.oracle.com Product:...
GitStack - Remote Code Execution
GitStack - Remote Code Execution Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setup your own private...
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-28...
GetGo Download Manager 5.3.0.2712 - Buffer Overflow
GetGo Download Manager 5.3.0.2712 - Buffer Overflow Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link:...
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps...
Avaya IP Office (IPO) 10.1 - SoftConsole Remote Buffer Overflow (SEH)
Avaya IP Office IPO 10.1 - SoftConsole Remote Buffer Overflow SEH + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt + ISR: apparitionSec Vendor:...
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
Ladon Framework for Python 0.9.40 - XML External Entity Expansion Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and re...
Trend Micro OfficeScan 11.0XG (12.0) - Man In The Middle Remote Code Execution
Trend Micro OfficeScan 11.0XG 12.0 - Man In The Middle Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec...
Jenkins 1.650 - Java Deserialization
Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...
Microsoft Windows 78.12008 R22012 R22016 R2 - EternalBlue SMB Remote Code Execution (MS17-010)
Microsoft Windows 78.12008 R22012 R22016 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpackfrom import sys import socket import time ''' MS17-010 exploit for Windows 2000 and...
Australian Education App - Remote Code Execution
Australian Education App - Remote Code Execution Exploit Title: Australian Education App - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser2.com Software Link: See APK archive websites Screenshot: Refer to...
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal Vulnerabilities Summary The following advisory describe two 2 vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network...
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution !/usr/bin/python -- coding: utf-8 -- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = chr for in...
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software...
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 - Privilege Escalation Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link:...
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
Microsoft Edge Scripting Engine - Memory Corruption MS16-129 !-- Source: http://www.security-assessment.com/files/documents/advisory/edgechakramemcorruption.pdf Name: Microsoft Edge Scripting Engine Memory Corruption Vulnerability MS16-129 CVE: CVE-2016-7202 Vendor Website:...
Linux Kernel 4.5.1 - Off-By-One (PoC)
Linux Kernel 4.5.1 - Off-By-One PoC / EDB Note Download: http://cyseclabs.com/exploits/matreshka.c Blog http://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit / / Quick and dirty PoC for CVE-2016-6187 heap off-by-one PoC By Vitaly Nikolenko [email protected] There's no privilege...
Macro Expert 4.0 - Multiple Privilege Escalations
Macro Expert 4.0 - Multiple Privilege Escalations Exploit Title: Macro Expert 4.0 Multiple Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.macro-expert.com/ Software Link:...
Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation
Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation / ░▀█▀░█▀█░█░░░█▀█░█▀▀░░░█░█░█░█░█░░░█▀█░█▀▄░█▀▀░█░█░ ░░█░░█▀█░█░░░█░█░▀▀█░░░▀▄▀░█░█░█░░░█░█░█░█░█▀▀░▀▄▀░ ░░▀░░▀░▀░▀▀▀░▀▀▀░▀▀▀░░░░▀░░▀▀▀░▀▀▀░▀░▀░▀▀░░▀▀▀░░▀░░ T A L O S V U L N D E V Proof-of-Concept Exploit Advisory:...
Linux Kernel 3.10.0 (CentOS RHEL 7.1) - Wacom Multiple Nullpointer Dereferences
Linux Kernel 3.10.0 CentOS RHEL 7.1 - Wacom Multiple Nullpointer Dereferences OS-S Security Advisory 2016-11 Linux wacom multiple Nullpointer Dereferences Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C...
Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
Apache Sling Framework Adobe AEM 2.3.6 - Information Disclosure Document Title: =============== Apache Sling Framework v2.3.6 Adobe AEM CVE-2016-0956 - Information Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1536 Adobe...
D-Link DIR-645 - Multiple UPNP Vulnerabilities
D-Link DIR-645 - Multiple UPNP Vulnerabilities Advisory Information Title: Dlink DIR-645 UPNP Buffer Overflow Vendors contacted: William Brown Dlink Release mode: Released CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issue...
ZHONE S3.0.501 - Multiple Vulnerabilities
ZHONE S3.0.501 - Multiple Vulnerabilities Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx...
Liferay 6.1.0 CE - Privilege Escalation
Liferay 6.1.0 CE - Privilege Escalation Exploit Title: Liferay 6.1.0 CE GA1 Privilege Escalation Date: 18/05/2015 Exploit Author: Massimo De Luca - mentat.is Vendor Homepage: https://www.liferay.com Software Link:...
BMC Track-It! 11.4 - Multiple Vulnerabilities
BMC Track-It! 11.4 - Multiple Vulnerabilities Multiple critical vulnerabilities in BMC Track-It! 11.4 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/07/2016 / Last updated:...
SO Planning 1.32 - Multiple Vulnerabilities
SO Planning 1.32 - Multiple Vulnerabilities SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and...
Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities
Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Critical vulnerabilities allow surveillance on...
Fuse 2.9.3-15 - Local Privilege Escalation
Fuse 2.9.3-15 - Local Privilege Escalation Source: https://gist.github.com/taviso/ecb70eb12d461dd85cba Tweet: https://twitter.com/taviso/status/601370527437967360 Recommend Reading: http://seclists.org/oss-sec/2015/q2/520 YouTube: https://www.youtube.com/watch?v=V0i3uJJPJ88 Making a demo exploit...
BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion
BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version:...
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ===============================================================================...
Microsoft-Excel-Malformed-FEATHEADER
MS Excel Malformed FEATHEADER Record Exploit CVE-2009-3129, MS09-067, OSVDB-59860 Vulnerble application MS office 2003/2007 import sys import zlib Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes by RubberDuck = shellcode = b"\xFC\x33\xD2\xB2\x30\x64\xFF\x32\x5A\x8B"...
Yealink VoIP Phone SIP-T38G - Default Credentials
Yealink VoIP Phone SIP-T38G - Default Credentials Title: Yealink VoIP Phone SIP-T38G Default Credentials Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5755 Description: Web interface use...
doorGets CMS 5.2 - SQL Injection
doorGets CMS 5.2 - SQL Injection Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Publi...
Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection
Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was...
Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities
Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities Title: Ditto Forensic FieldStation, multiple vulnerabilities Versions affected: = 2013Oct15a all Vendor: CRU Wiebetech Discovered by: Martin Wundram Email: [email protected] Date found: 2013-04-22 Date published: 2013-12-12...
IcoFX 2.5.0.0 - .ico Buffer Overflow (PoC)
IcoFX 2.5.0.0 - .ico Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ IcoFX Buffer Overflow Vulnerability PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/30208.zip 1. Advisory Information Title: IcoFX Buffer Overflow...
Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass
Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass Exploit Title: Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass Date: 10/10/2013 Exploit Author: myexploit Vendor Homepage: http://www.ruckuswireless.com/ Version: 2942 Wireless Acce...
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak !/usr/bin/env python CVE-2003-0001 'Etherleak' exploit ================================= Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel...
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command...
Invision Power Board 1.x?2.x3.x - Admin Takeover
Invision Power Board 1.x?2.x3.x - Admin Takeover IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN @johnjean on twitter Affected application: Invision Power Board = 3.4.4 Type ...
Groovy Media Player 3.2.0 - .mp3 Buffer Overflow
Groovy Media Player 3.2.0 - .mp3 Buffer Overflow Title: ==== Groovy Media Player 3.2.0 Buffer Overflow Vulnerability Credit: ====== Name: Akshaysinh Vaghela Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== CVE-2013-2760 Reserved Date: ==== 21-03-2013...
Axway Secure Transport 5.1 SP2 - Directory Traversal
Axway Secure Transport 5.1 SP2 - Directory Traversal Secure Transport Path Traversal Vulnerability Public Disclosure Date: November 11, 2012 Vendors Affected: Axway http://www.axway.com Systems Affected: Secure Transport Problem: A path traversal vulnerability was identified in SecureTransport...
mcrypt 2.5.8 - Local Stack Overflow
mcrypt 2.5.8 - Local Stack Overflow !/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .=...
phpPaleo - Local File Inclusion
phpPaleo - Local File Inclusion 'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on...
Symfony2 - Local File Disclosure
Symfony2 - Local File Disclosure Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information...
Tiki Wiki CMS Groupware 8.1 - show_errors HTML Injection
Tiki Wiki CMS Groupware 8.1 - showerrors HTML Injection source: https://www.securityfocus.com/bid/51128/info Tiki Wiki CMS Groupware is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied...
Carel PlantVisor 2.4.4 - Directory Traversal
Carel PlantVisor 2.4.4 - Directory Traversal Luigi Auriemma Application: Carel PlantVisor http://www.carel.com/carelcom/web/eng/catalogo/prodottodett.jsp?idprodotto=310 Versions: = 2.4.4 Platforms: Windows Bug: directory traversal Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma...
Realmarketing CMS - Multiple SQL Injections
Realmarketing CMS - Multiple SQL Injections +Exploit Title: Realmarketing CMS System Sensitive Database Disclosure Vulnerability +Author : ^Xecuti0n3r + Date : 22.04.2011 + Hour : 13:37 PM + E-mail : xecuti0n3ryahoo.com + dork : intext:realweb.de inurl:default.php + Category : Web Apps SQli Choos...