41207 matches found
Putty pscp 0.66 - Stack Buffer Overwrite
Putty pscp 0.66 - Stack Buffer Overwrite Source: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563 Author: Date: Feb 20th, 2016 Name: putty Vendor: sgtatham - http://www.chiark.greenend.org.uk/sgtatham/putty/ Version: 0.59 3 9 years ago = affected = 0.66 Platforms: win/nix Technolog...
AlegroCart 1.2.8 - Multiple SQL Injections
AlegroCart 1.2.8 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL...
TECO JN5 L510-DriveLink 1.482 - .lf5 Overwrite Buffer Overflow (SEH)
TECO JN5 L510-DriveLink 1.482 - .lf5 Overwrite Buffer Overflow SEH !/usr/bin/perl TECO JN5 L510-DriveLink 1.482 SEH Overwrite Buffer Overflow Exploit Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Download:...
D-Link DIR-825 (vC) - Multiple Vulnerabilities
D-Link DIR-825 vC - Multiple Vulnerabilities Advisory Information Title: DIR-825 vC Buffer overflows in authentication,HNAP and ping functionalities. Also a directory traversal issue exists which can be exploited Vendors contacted: William Brown , Patrick Cline [email protected] CVE:...
The World Browser 3.0 Final - Remote Code Execution
The World Browser 3.0 Final - Remote Code Execution !/usr/bin/php ?php Author : Ehsan Noreddini E-Mail : [email protected] Social : @prot3ct0r Title : The World Browser Remote Code Execution TheWorld Browser is a tiny, fast and powerful web Browser. It is completely free. There is no function...
Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation
Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=460 Cisco AnyConnect Secure Mobility Client v3.1.08009 Elevation of Privilege Platform: Windows 8.1 Update, Client version 3.1.08009 tested on...
Cerb 7.0.3 - Cross-Site Request Forgery
Cerb 7.0.3 - Cross-Site Request Forgery Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14,...
Microsoft Windows - Local Privilege Escalation (MS15-010)
Microsoft Windows - Local Privilege Escalation MS15-010 // ex.cpp / Windows XP/2K3/VISTA/2K8/7 WMSYSTIMER Kernel EoP CVE-2015-0003 March 2015 Public Release: May 24, 2015 Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake mail com /...
Chamilo LMS 1.9.10 - Multiple Vulnerabilities
Chamilo LMS 1.9.10 - Multiple Vulnerabilities I. Overview ======================================================== Chamilo LMS 1.9.10 or prior versions are prone to a multiple Cross-Site Scripting Stored + Reflected & CSRF vulnerabilities. These vulnerabilities allows an attacker to gain control...
Citrix Nitro SDK - Command Injection
Citrix Nitro SDK - Command Injection Abstract Securify discovered a command injection vulnerability in xenhotfix page of the NITRO SDK. The attacker-supplied command is executed with elevated privileges nsroot. This issue can be used to compromise of the entire Citrix SDX appliance and all...
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-4943poc.c The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain...
K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation
K7 Computing Multiple Products - Arbitrary Write Privilege Escalation / Exploit Title - K7 Computing Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.k7computing.co.uk/ Tested Version - 14.2.0.240...
IPUX CL5452CL5132 IP Camera - UltraSVCamX.ocx ActiveX Stack Buffer Overflow
IPUX CL5452CL5132 IP Camera - UltraSVCamX.ocx ActiveX Stack Buffer Overflow IPUX CL5452/CL5132 IP Camera UltraSVCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com Affected version:...
TYPO3 Extension ke DomPDF - Remote Code Execution
TYPO3 Extension ke DomPDF - Remote Code Execution Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in...
Enalean Tuleap 7.4.99.5 - Remote Command Execution
Enalean Tuleap 7.4.99.5 - Remote Command Execution Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...
PayPal Inc BB #85 MB iOS 4.6 - Authentication Bypass
PayPal Inc BB 85 MB iOS 4.6 - Authentication Bypass Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...
Rejetto HTTP File Server (HFS) 2.3a2.3b2.3c - Remote Command Execution
Rejetto HTTP File Server HFS 2.3a2.3b2.3c - Remote Command Execution ========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Lin...
DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal
DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read...
Publish-It 3.6d - Buffer Overflow
Publish-It 3.6d - Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...
DirectControlTM 3.1.7.0 - Multiple Vulnerabilities
DirectControlTM 3.1.7.0 - Multiple Vulnerabilities DirectControlTM Version 3.1.7.0 - Multiple Vulnerabilties ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home :...
AFCommerce - controlheader.php Remote File Inclusion
AFCommerce - controlheader.php Remote File Inclusion source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
LiveZilla 5.0.1.4 - Remote Code Execution
LiveZilla 5.0.1.4 - Remote Code Execution CVE-2013-6225: Security Advisory – Curesec Research Team 1. Introduction Advisory ID: Cure-2013-1007 Advisory URL: https://www.curesec.com/de/veroeffentlichungen /advisories.html Blog URL: https://cureblog.de/2013/11/remote-code-execution-in-livezilla/...
davfs2 1.4.61.4.7 - Local Privilege Escalation
davfs2 1.4.61.4.7 - Local Privilege Escalation davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at...
Apple Safari 6.0.1 for iOS 6.0 Apple Mac OSX 10.78 - Heap Buffer Overflow
Apple Safari 6.0.1 for iOS 6.0 Apple Mac OSX 10.78 - Heap Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0903-1 | | http://packetstormsecurity.com/ |...
Kasseler CMS 2 r1223 - Multiple Vulnerabilities
Kasseler CMS 2 r1223 - Multiple Vulnerabilities Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type...
UMI CMS 2.9 - Cross-Site Request Forgery
UMI CMS 2.9 - Cross-Site Request Forgery Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request...
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS...
cURL - Buffer Overflow (PoC)
cURL - Buffer Overflow PoC cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5messa...
TVMOBiLi 2.1.0.3557 - Denial of Service
TVMOBiLi 2.1.0.3557 - Denial of Service Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Publi...
Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)
Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow Metasploit ============================================================================================ Apple iTunes 'iTunes Extended M3U Stack Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in iTunes...
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage...
Symantec End Point Protection 11.x Symantec Network Access Control 11.x - Local Code Execution (PoC)
Symantec End Point Protection 11.x Symantec Network Access Control 11.x - Local Code Execution PoC Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP...
FlexNet License Server Manager - Stack Overflow In lmgrd
FlexNet License Server Manager - Stack Overflow In lmgrd Luigi Auriemma Application: FlexNet License Server Manager http://www.flexerasoftware.com/products/flexnet-publisher.htm http://www.globes.com/support/fnputilitiesdownload.htm Versions: = 11.9.1 and others earlier this version number was...
pkexec - Race Condition Privilege Escalation
pkexec - Race Condition Privilege Escalation / Exploit Title: pkexec Race condition CVE-2011-1485 exploit Author: xi4oyu Tested on: rhel 6 CVE : 2011-1485 Linux pkexec exploit by xi4oyu , thx [email protected] Have fun ¡Á U can reach us @ http://www.wooyun.org : / include include include include inclu...
PolicyKit polkit-1 0.101 - Local Privilege Escalation
PolicyKit polkit-1 0.101 - Local Privilege Escalation / polkit-pwnage.c ============================== = PolicyKit Pwnage = = by zx2c4 = = Sept 2, 2011 = ============================== Howdy folks, This exploits CVE-2011-1485, a race condition in PolicyKit. davidz25 explains: --begin-- Briefly, t...
Multiple WordPress Plugins - timthumb.php File Upload
Multiple WordPress Plugins - timthumb.php File Upload Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the...
Cogent DataHub 7.1.1.63 - Source Disclosure
Cogent DataHub 7.1.1.63 - Source Disclosure Luigi Auriemma Application: Cogent DataHub http://www.cogentdatahub.com/Products/CogentDataHub.html Versions: = 7.1.1.63 Platforms: Windows Bug: source disclosure Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...
Libmodplug ReadS3M - Stack Overflow
Libmodplug ReadS3M - Stack Overflow Source: https://www.sec-consult.com/files/20110407-0libmodplugstackoverflow.txt SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Libmodplug ReadS3M Stack Overflow product: Libmodplug...
TYPSoft FTP Server 1.10 - RETR Denial of Service (2)
TYPSoft FTP Server 1.10 - RETR Denial of Service 2 !/usr/bin/python TYPSoft FTP Server v 1.10 RETR CMD Denial Of Service CVE-2005-3294 OSVDB 19992 12/23/2010 C Emanuele Gentili Notes: I have wrote this exploit because the code published here 1 do not work correctly. 1...
ISC DHCPD - Denial of Service
ISC DHCPD - Denial of Service ! /usr/bin/env python Exploit title: isc-dhcpd DoS Date: 03/07/2010 Author: sid Software Link: https://www.isc.org/software/dhcp Version: 4.0.x, 4.1.x, 4.2.x CVE: cve-2010-2156 ps: is possible make a bruteforce on subnet ip address to find a correct value. import sys...
CMS Openpage - index.php SQL Injection
CMS Openpage - index.php SQL Injection ==================================================== CMS Openpage index.php SQL Injection Vulnerability ==================================================== + Discovered by: Phenom + My id: http://inj3ct0r.com/author/2157 + Original:...
RealAdmin - detail.php Blind SQL Injection
RealAdmin - detail.php Blind SQL Injection RealAdmin detail.php Blind Sql Injection Vulnerability ======================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : RealAdmin .:. Download...
Microsoft IIS - ASP Multiple Extensions Security Bypass 5.x6.x Vulnerabilities
Microsoft IIS - ASP Multiple Extensions Security Bypass 5.x6.x Vulnerabilities !/usr/bin/python Exploit Title: Exploit for Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x Date: 29 dec 2009 Author: Emanuele 'emgent' Gentili and Emanuele 'crossbower' Acri Software Link: N/A Version: I...
Nuked-klaN 1.7.7 - Remote File Inclusion
Nuked-klaN 1.7.7 - Remote File Inclusion ======================================================================================== | Title : Nuked-Klan 1.7.7 RFI Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...
Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow
Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow / Software: Jasc Paint Shop Pro v8 Local Buffer Overflow Exploit UNIVERSAL Bug type: Local buffer overflow Exploitation method: SEH handler overwrite Description: When a crafted .PNG file is oppened a stack buffer overflow occurs because of...
Joomla! Component Hotel Booking System - Cross-Site Scripting SQL Injection
Joomla! Component Hotel Booking System - Cross-Site Scripting SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV111$2009 ----------------------------------------------------------------------------------------- ECHOADV111$2009 Joomla Hotel...
TorrentTrader Classic 1.09 - Multiple Vulnerabilities
TorrentTrader Classic 1.09 - Multiple Vulnerabilities waraxe-2009-SA074 - Multiple Vulnerabilities in TorrentTrader Classic 1.09 =============================================================================== Author: Janek Vind "waraxe" Date: 15. June 2009 Location: Estonia, Tartu Web:...
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion Denial of Service !/usr/bin/perl -w udp IAX protocol fuzzer Created: Blake Cornell Exploits found with this code can be found at http://www.securityscraper.com/ Released under the VoIPER project Do not hesitate to show enthusiasm and support...
Flexphplink Pro - Arbitrary File Upload
Flexphplink Pro - Arbitrary File Upload !/usr/bin/perl HAPPY CHRISTMAS !! Flexphplink Pro http://www.hotscripts.com/jump.php?listingid=21062&jumptype=1 Bug: Arbitrary File Upload I coded this exploit just for fun ; Exploit coded by Osirys osirysatlivedotit http://osirys.org Greets: x0r, miclen,...
WebStudio eHotel - Blind SQL Injection
WebStudio eHotel - Blind SQL Injection WebStudio eHotel pageid Blind SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.bdigital.biz/index.php?pageid=216 DorK : "Powered by WebStudio eHotel" Demo :...