41207 matches found
Advanced HRM 1.6 - Remote Code Execution
Advanced HRM 1.6 - Remote Code Execution Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Date: 2018-10-06 Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1....
OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions
OpenEMR 5.0.1.3 - Authenticated Arbitrary File Actions Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Versio...
Online Trade - Information Disclosure
Online Trade - Information Disclosure Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on...
HPE VAN SDN 2.7.18.0503 - Remote Root
HPE VAN SDN 2.7.18.0503 - Remote Root ''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...
Foxit Reader 9.0.1.1049 - Remote Code Execution
Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
WebKitGTK+ 2.21.3 - Crash (PoC)
WebKitGTK+ 2.21.3 - Crash PoC Title: WebKitGTK+ win = window.open"sleeponesecond.php", "WIN"; window.open"https://www.paypal.com", "WIN"; win.document.execCommand'Stop'; win.document.write"Spoofed URL"; win.document.close; Backtrace using fedora 27: 0 WTF::StringImpl::rawHash at...
Brother HL Series Printers 1.15 - Cross-Site Scripting
Brother HL Series Printers 1.15 - Cross-Site Scripting Exploit Title: XSS at Brother HL series printers Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: Brother HL series printers. Tested on: Mozilla FireFox Reflected XSS Payload...
Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting
Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting Exploit Title: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Dork: inurl:Satellite?c Date: 18.12.201 Exploit Author: Richard Alviarez Vendor Homepage: http://oracle.com Version: 7.x 11gR1 CVE: CVE-2018-2791...
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vend...
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
VideoFlow Digital Video Protection DVP 2.10 - Hard-Coded Credentials VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the D...
OpenCMS 10.5.3 - Cross-Site Request Forgery
OpenCMS 10.5.3 - Cross-Site Request Forgery Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link...
Laravel Log Viewer 0.13.0 - Local File Download
Laravel Log Viewer 0.13.0 - Local File Download Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1...
TestLink Open Source Test Management 1.9.16 - Remote Code Execution
TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...
NEC Univerge SV9100SV8100 WebPro 10.0 - Configuration Download
NEC Univerge SV9100SV8100 WebPro 10.0 - Configuration Download NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download Vendor: NEC Corporation Product web page: http://www.nec.com Affected version: WebPro =10.00 DSP Firmware Version: 12.11.00.02 Summary: NEC's UNIVERGE® SV9100 is the...
ALLMediaServer 0.95 - Remote Buffer Overflow
ALLMediaServer 0.95 - Remote Buffer Overflow !/usr/bin/python Exploit Title: Stack Buffer Overflow in ALLMediaServer 0.95 Exploit Author: Mario Kartone Ciccarelli Contact: https://twitter.com/Kartone CVE: CVE-2017-17932 Date: 09-01-2018 Thanks to PoC: https://www.exploit-db.com/exploits/43406/...
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential...
Proxifier for Mac 2.19 - Local Privilege Escalation
Proxifier for Mac 2.19 - Local Privilege Escalation With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run...
Ametys CMS 4.0.2 - Password Reset
Ametys CMS 4.0.2 - Password Reset Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for...
3CX Phone System 15.5.3554.1 - Directory Traversal
3CX Phone System 15.5.3554.1 - Directory Traversal Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector:...
ZKTime Web Software 2.0 - Cross-Site Request Forgery
ZKTime Web Software 2.0 - Cross-Site Request Forgery Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category:...
libvorbis 1.3.5 - Multiple Vulnerabilities
libvorbis 1.3.5 - Multiple Vulnerabilities libvorbis multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= The libvorbis package contains a general purpose audio and music encoding format. This is useful for creating encoding and playing decoding...
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
Virtual Postage VPA - Man In The Middle Remote Code Execution Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A...
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1...
DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 - Information Disclosure + Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE:...
KBVault MySQL 0.16a - Arbitrary File Upload
KBVault MySQL 0.16a - Arbitrary File Upload Exploit Title: KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code Google Dork: inurl:"FileExplorer/Explorer.aspx" Date: 2017-06-14 Exploit Author: Fatih Emiral Vendor Homepage: http://kbvaultmysql.codeplex.com/ Software Link:...
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution !/usr/bin/python -- coding: utf-8 -- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = chr for in...
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform...
Microsoft-Windows---'SrvOs2FeaToNt'-SMB-Remote-Code-Execution-(MS17-010)-
Description: SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. Srv.sys process SrvOs2FeaListSizeToNt and when the logic is not correct it leads to a cross-border copy. The vulnerabili...
SAP SAPCAR 721.510 - Heap Buffer Overflow
SAP SAPCAR 721.510 - Heap Buffer Overflow ''' Source: https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability 1. Advisory Information Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability Advisory ID: CORE-2017-0001 Advisory URL:...
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This...
Microsoft Event Viewer 1.0 - XML External Entity Injection
Microsoft Event Viewer 1.0 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt + ISR: ApparitionSec + CVE: CVE-2019-0948 Vendor: ===============...
Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read MS16-104 // This PoC attempts to exploit a memory disclosure bug in Microsoft Internet // Explorer 11. On x64 systems, this should cause an access violation when // run with page-heap...
InfraPower PPS-02-S Q213V1 - Remote Command Execution
InfraPower PPS-02-S Q213V1 - Remote Command Execution InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...
BuilderEngine 3.5.0 - Arbitrary File Upload
BuilderEngine 3.5.0 - Arbitrary File Upload...
Microsoft Word 20132016 - sprmSdyaTop Denial of Service (MS16-099)
Microsoft Word 20132016 - sprmSdyaTop Denial of Service MS16-099 Application: Microsoft Office Word Platforms: Windows, OSX Versions: Microsoft Office Word 2013,2016 Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: August 09, 2016 CVE:...
SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection
SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP...
eXtplorer 2.1.9 - .ZIP Directory Traversal
eXtplorer 2.1.9 - .ZIP Directory Traversal / + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVERSAL.txt + ISR: apparitionsec Vendor: ============== extplorer.net Product: ==================...
ASUS Memory Mapping Driver (ASMMAPASMMAP64) - Physical Memory ReadWrite
ASUS Memory Mapping Driver ASMMAPASMMAP64 - Physical Memory ReadWrite / Source: http://rol.im/asux/ ASUS Memory Mapping Driver ASMMAP/ASMMAP64: Physical Memory Read/Write PoC by slipstream/RoL - https://twitter.com/TheWack0lian - http://rol.im/chat/ The ASUS "Generic Function Service" includes a...
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...
Hikvision Digital Video Recorder - Cross-Site Request Forgery
Hikvision Digital Video Recorder - Cross-Site Request Forgery 3tes2ttest2password...
abrt (Centos 7.1 Fedora 22) - Local Privilege Escalation
abrt Centos 7.1 Fedora 22 - Local Privilege Escalation !/usr/bin/python CVE-2015-5273 + CVE-2015-5287 CENTOS 7.1/Fedora22 local root probably works on SL and older versions too abrt-hook-ccpp insecure open usage + abrt-action-install-debuginfo insecure temp directory usage rebel 09/2015...
ElasticSearch 1.6.0 - Arbitrary File Download
ElasticSearch 1.6.0 - Arbitrary File Download elasticpwn Script for ElasticSearch url path traversal vuln. CVE-2015-5531 crg@fogheaven elasticpwn$ python CVE-2015-5531.py exploitlab.int /etc/hosts !dSR script for CVE-2015-5531 127.0.0.1 localhost The following lines are desirable for IPv6 capable...
Apache Spark Cluster 1.3.x - Arbitrary Code Execution
Apache Spark Cluster 1.3.x - Arbitrary Code Execution Exploit Title: Arbitary Code Execution in Apache Spark Cluster Date: 23/03/2015 Exploit Author: AkhlD AkhilDas CodeBreach.in Vendor Homepage: https://spark.apache.org/ Software Link: https://spark.apache.org/downloads.html Version: All 0.0.x,...
Smart PHP Poll - Authentication Bypass
Smart PHP Poll - Authentication Bypass Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright � Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : [email protected] Download Script...
Pandora FMS 5.1 SP1 - SQL Injection
Pandora FMS 5.1 SP1 - SQL Injection Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID:...
Ansible Tower 2.0.2 - Multiple Vulnerabilities
Ansible Tower 2.0.2 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.5 impact: high homepage...
Nexus 5 Android 5.0 - Local Privilege Escalation
Nexus 5 Android 5.0 - Local Privilege Escalation / CVE-2014-4322 exploit for Nexus Android 5.0 author: retme [email protected] website: retme.net The exploit must be excuted as system privilege and specific SELinux context. If exploit successed,you will gain root privilege and "kernel" SELinux...
GParted 0.14.1 - OS Command Execution
GParted 0.14.1 - OS Command Execution SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 appli...
Free Article Submissions 1.0 - SQL Injection
Free Article Submissions 1.0 - SQL Injection Exploit Title: Free Article Submissions SQL Injection Vulnerability Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal" inurl:/category.php?id=2 "Arts & Entertainment" Date: 07/12/2014 Exploit Author: BarrabravaZ Vendor Homepage:...
ZTE ZXHN H108L - Authentication Bypass (1)
ZTE ZXHN H108L - Authentication Bypass 1 Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-84...