41207 matches found
AcmlmBoard 1.A2 - pow SQL Injection
AcmlmBoard 1.A2 - pow SQL Injection AcmlmBoard v1.A2 SQL Injection Vulnerability Bug by: h0yt3r Dork: "AcmlmBoard v1.A2" This Board Software suffers from some not correctly verified variables which are used in SQL Querys. An Attacker can easily get sensitive information from the database by...
Easy-Clanpage 2.2 - id SQL Injection
Easy-Clanpage 2.2 - id SQL Injection .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. Easy-Clanpage v2.2 gallery Remote SQL Injection Vulnerability .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. + Author: n3w7u + Mail: [email protected] + Source:...
Weblogicnet - files_dir Multiple Remote File Inclusions
Weblogicnet - filesdir Multiple Remote File Inclusions Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website :...
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/24585/info Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues,...
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service !/usr/bin/env python :: Kristian Hermansen :: Date: 20070514 Reference: CVE-2007-1531 Description: Microsoft Windows Vista SP0 dumps interfaces when it receives this ARP packet. This DoS is useful for an internet cafe,...
4Images 1.7.x - search.php SQL Injection
4Images 1.7.x - search.php SQL Injection !/usr/bin/php //search.php?searchuser=x%2527%20union%20select%20userpassword%20from%204imagesusers%20where%20username=%2527ADMIN w4ck1ng - w4ck1ng.com / if!$argv3 die"Usage: php $argv0 host path options table prefix user id\n Options: -d: Determine table...
Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (2)
Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities 2 source: https://www.securityfocus.com/bid/20365/info Multiple Computer Associates products are prone to multiple buffer-overflow vulnerabilities because the applications using an affected library...
Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl() Local Privilege Escalation
Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl Local Privilege Escalation / $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4,...
Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow
Quake 3 Engine 1.32b - RRemapShader Remote Client Buffer Overflow // remapthis.c - "RRemapShader" q3 engine 1.32b client remote bof exploit // by landser - landser at hotmail.co.il // // this code works as a preloaded shared library on a game server, // it hooks two functions on the running serve...
Web Host Automation Ltd. Helm 3.2.10 Beta - domains.asp?txtDomainName Cross-Site Scripting
Web Host Automation Ltd. Helm 3.2.10 Beta - domains.asp?txtDomainName Cross-Site Scripting source: https://www.securityfocus.com/bid/17263/info Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...
RhinoSoft Serv-U FTP Server 3.x 5.x - Local Privilege Escalation
RhinoSoft Serv-U FTP Server 3.x 5.x - Local Privilege Escalation / Hax0rcitos proudly presents Serv-u Local Exploit v3.x. tested also against last version 5.1.0.0 All Serv-u Versions have default Login/password for local Administration. This account is only available to connect in the loopback...
TildeSlash Monit 1-4 - Authentication Handling Buffer Overflow
TildeSlash Monit 1-4 - Authentication Handling Buffer Overflow // source: https://www.securityfocus.com/bid/10581/info It is reported that TildeSlash Monit is vulnerable to a buffer overflow vulnerability during authentication handling. This issue arises due to a failure of the affected applicati...
Gallery 1.3.x1.4 - Remote Global Variable Injection
Gallery 1.3.x1.4 - Remote Global Variable Injection source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs d...
NX Web Content Management System 2002 Prerelease 1 - datasets.php?c_path Local File Inclusion
NX Web Content Management System 2002 Prerelease 1 - datasets.php?cpath Local File Inclusion source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacke...
ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service
ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service // source: https://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records...
Washington University WU-FTPD 2.5.0 - message Remote Buffer Overflow
Washington University WU-FTPD 2.5.0 - message Remote Buffer Overflow // source: https://www.securityfocus.com/bid/726/info There is a buffer overflow in wu-ftpd message file expansions which may be remotely exploitable. In situations where the message file can be written to in some way remotely b...
DotNetNuke 9.5 - File Upload Restrictions Bypass
DotNetNuke 9.5 - File Upload Restrictions Bypass Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...
HomeGuard Pro 9.3.1 - Insecure Folder Permissions
HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Title: HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Author: boku Date: 2020-02-13 Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/hg-pro/exe/HomeGuardPro-Setup.exe Version 9.3.1 Tested On:...
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Date: 2020-01-14 Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312...
F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)
F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Date: 2020-01-30 Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference:...
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual...
Centreon 19.10.5 - centreontrapd Remote Command Execution
Centreon 19.10.5 - centreontrapd Remote Command Execution Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version:...
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link:...
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Date: 2020-01-20 Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version:...
Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials
Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link:...
Mersive Solstice 2.8.0 - Remote Code Execution
Mersive Solstice 2.8.0 - Remote Code Execution Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link:...
FlexAir Access Control 2.3.35 - Authentication Bypass
FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...
Symantec Advanced Secure Gateway (ASG) ProxySG - Unrestricted File Upload
Symantec Advanced Secure Gateway ASG ProxySG - Unrestricted File Upload ===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed...
QEMU - Denial of Service
QEMU - Denial of Service include include include include include include include include include include include include include include include include include define diex do \ perrorx; \ exitEXITFAILURE; \ while0; // Constans define SRCADDR "10.0.2.15" define DSTADDR "10.0.2.2" define INTERFACE...
Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font loadstore Operators
Adobe Acrobat CoolType AFDKO - Memory Corruption in the Handling of Type 1 Font loadstore Operators -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling librar...
Trend Micro Deep Discovery Inspector IDS - Security Bypass
Trend Micro Deep Discovery Inspector IDS - Security Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DEEP-DISCOVERY-INSPECTOR-PERCENT-ENCODING-IDS-BYPASS.txt + ISR: Apparition Security Vendor...
Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion
Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: ...
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The...
ZOC Terminal 7.23.4 - Script Denial of Service (PoC)
ZOC Terminal 7.23.4 - Script Denial of Service PoC Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version:...
Jinja2 2.10 - from_string Server Side Template Injection
Jinja2 2.10 - fromstring Server Side Template Injection ''' Exploit Title: Jinja2 Command injection fromstring function Date: date Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: http://jinja.pocoo.org Software Link: https://pypi.org/project/Jinja2/files Version: 2.10 Tested on:...
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery Cross-Site Scripting
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery Cross-Site Scripting Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vul...
xorg-x11-server 1.20.3 - Privilege Escalation
xorg-x11-server 1.20.3 - Privilege Escalation Exploit Title: xorg-x11-server 1.20.3 - Privilege Escalation Date: 2018-10-27 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.x.org/ Version: xorg-x11-server 1.19.0 - 1.20.2 Tested on: OpenBSD 6.3 and 6.4 CVE : CVE-2018-14665 raptorxorgasm...
WebKit - WebCore::AXObjectCache::handleMenuItemSelected Use-After-Free
WebKit - WebCore::AXObjectCache::handleMenuItemSelected Use-After-Free function jsfuzzer var a; forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69238==ERROR: AddressSanitizer:...
CA Release Automation NiMi 6.5 - Remote Command Execution
CA Release Automation NiMi 6.5 - Remote Command Execution Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Date: 2016-06-23 Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link:...
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Date: 2018-07-21 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2015-5996 Description: The router is...
MSVOD 10 - cid SQL Injection
MSVOD 10 - cid SQL Injection Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...
wityCMS 0.6.1 - Cross-Site Scripting
wityCMS 0.6.1 - Cross-Site Scripting Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link:...
ModbusPal 1.6b - XML External Entity Injection
ModbusPal 1.6b - XML External Entity Injection + Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version:...
2345 Security Guard 3.7 - 2345NetFirewall.sys Denial of Service
2345 Security Guard 3.7 - 2345NetFirewall.sys Denial of Service / Exploit Title: 2345 Security Guard 3.7 - Denial of Service Date: 2018-05-08 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 Tested on:...