41207 matches found
JioFi 4G M2S 1.0.2 - Denial of Service
JioFi 4G M2S 1.0.2 - Denial of Service Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...
gnutls 3.6.6 - verify_crt() Use-After-Free
gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...
Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution
Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding...
BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link:...
BEWARD Intercom 2.3.1 - Credentials Disclosure
BEWARD Intercom 2.3.1 - Credentials Disclosure !/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions abo...
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...
FreshRSS 1.11.1 - Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 Information -------------------- Advisory by Netsparker Name: Multiple Cross-Site Scripting Vulnerabilities in FreshRSS Affected Software: FreshRSS Affected Versions: 1.11.1 Homepage:...
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp Kernel Pointer / Exploit Title: Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp kernel pointer Google Dork: - Date: 2018-11-20 Exploit Author: Jinbum Park Vendor Homepage: - Software Link: - Version: Linux Kernel 4.8 Ubuntu 16.04 Tested on: 4.8.0-36-generic...
ELBA5 5.8.0 - Remote Code Execution
ELBA5 5.8.0 - Remote Code Execution Exploit Title: ELBA5 5.8.0 - Remote Code Execution Date: 2018-11-16 Exploit Author: Florian Bogner Vendor Homepage: https://www.elba.at Vulnerable Software:...
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested...
Electron WebPreferences - Remote Code Execution
Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Date: 2018-07-21 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2015-5996 Description: The router is...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160...
WordPress Plugin Responsive Cookie Consent 1.7 1.6 1.5 - (Authenticated) Persistent Cross-Site Scripting
WordPress Plugin Responsive Cookie Consent 1.7 1.6 1.5 - Authenticated Persistent Cross-Site Scripting Exploit Title: Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting Date: 2018-04-20 Exploit Author: B0UG Vendor Homepage:...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage:...
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link:...
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...
uWSGI 2.0.17 - Directory Traversal
uWSGI 2.0.17 - Directory Traversal Exploit Title: uWSGI PHP Plugin Directory Traversal Date: 01-03-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin...
Armadito Antivirus 0.12.7.2 - Detection Bypass
Armadito Antivirus 0.12.7.2 - Detection Bypass / Title: Armadito Antivirus - Malware Detection Bypass Date: 21/02/2018 Author: Souhail Hammou Author's website: http://rce4fun.blogspot.com Vendor Homepage: http://www.teclib-edition.com/en/ Version: 0.12.7.2 CVE: CVE-2018-7289 Details: -------- An...
Shopware 5.2.55.3 - Cross-Site Scripting
Shopware 5.2.55.3 - Cross-Site Scripting Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Updat...
Master IP CAM 01 - Multiple Vulnerabilities
Master IP CAM 01 - Multiple Vulnerabilities Exploit Title: Master IP CAM 01 Multiple Vulnerabilities Date: 17-01-2018 Remote: Yes Exploit Authors: Daniele Linguaglossa, Raffaele Sabato Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CV...
glibc 2.26 - getcwd() Local Privilege Escalation
glibc 2.26 - getcwd Local Privilege Escalation / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the...
BarcodeWiz ActiveX Control 6.7 - Buffer Overflow (PoC)
BarcodeWiz ActiveX Control 6.7 - Buffer Overflow PoC + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BARCODEWIZ-v6.7-ACTIVEX-COMPONENT-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.barcodewiz.com...
FiberHome LM53Q1 - Multiple Vulnerabilities
FiberHome LM53Q1 - Multiple Vulnerabilities !/usr/bin/python /$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$ | $$/|/| $$ | $$ | $$ | $$ $$ | $$ | $$/ | $$ |/ | $$ | $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$...
SysGauge Server 3.6.18 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepage:...
Ichano AtHome IP Cameras - Multiple Vulnerabilities
Ichano AtHome IP Cameras - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into...
Multiple OEM - nsd Remote Stack Format String (PoC)
Multiple OEM - nsd Remote Stack Format String PoC STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full...
osCommerce 2.3.4.1 - Arbitrary File Upload
osCommerce 2.3.4.1 - Arbitrary File Upload Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link:...
WordPress Plugin WPGYM - SQL Injection
WordPress Plugin WPGYM - SQL Injection Exploit Title: WPGYM - Wordpress Gym Management System - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964 Demo:...
Pelco SarixSpectra Cameras - Remote Code Execution
Pelco SarixSpectra Cameras - Remote Code Execution Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model:...
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1204 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos function,...
Uniview NVR - Password Disclosure
Uniview NVR - Password Disclosure Uniview NVR remote passwords disclosure Author: B1t The Uniview NVR web application does not enforce authorizations on the main.cgi file when requesting json data. It says that you can do anything without authentication, however you must know the request structur...
Robert 0.5 - Multiple Vulnerabilities
Robert 0.5 - Multiple Vulnerabilities Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link :...
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT...
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Microsoft Windows - Running Object Table Register ROTFLAGSALLOWANYCLIENT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGSALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or Window...
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities CVE-2017-6086 Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source...
D-Link DCS-936L Network Camera - Cross-Site Request Forgery
D-Link DCS-936L Network Camera - Cross-Site Request Forgery Exploit Title: D-Link DCS-936L network camera incomplete/weak CSRF protection vulnerability Date: 26/03/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgerycrosssitescriptingincontactformmanagerwordpressplugin.html Abstract It was discovered that Contact Form Manager does not protect against...
D-Link DCS Series Cameras - Insecure Crossdomain
D-Link DCS Series Cameras - Insecure Crossdomain Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on...
Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities
Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities Multiple vulnerabilities in TrueOnline / ZyXEL / Billion routers Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 26/12/2016 /...
Mozilla Firefox 50.1.0 - Use-After-Free
Mozilla Firefox 50.1.0 - Use-After-Free -- body background-color:lime; font-color:red; ; / Mozilla Firefox 50.1.0 Use-After-Free POC Author: Marcin Ressel Date: 13.01.2017 Vendor Homepage: www.mozilla.org Software Link: https://ftp.mozilla.org/pub/firefox/releases/50.0.2/ Version: 50.1.0 Tested o...
Red Hat JBoss EAP - Deserialization of Untrusted Data
Red Hat JBoss EAP - Deserialization of Untrusted Data Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untruste...
Linux Kernel 4.5.1 - Off-By-One (PoC)
Linux Kernel 4.5.1 - Off-By-One PoC / EDB Note Download: http://cyseclabs.com/exploits/matreshka.c Blog http://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit / / Quick and dirty PoC for CVE-2016-6187 heap off-by-one PoC By Vitaly Nikolenko [email protected] There's no privilege...
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date:...
EyeLock nano NXT 3.5 - Remote Code Execution
EyeLock nano NXT 3.5 - Remote Code Execution !/usr/bin/env python EyeLock nano NXT 3.5 Remote Root Exploit Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT...
PHP File Vault 0.9 - Directory Traversal
PHP File Vault 0.9 - Directory Traversal PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description...
Ubee EVW3226 ModemRouter 1.0.20 - Multiple Vulnerabilities
Ubee EVW3226 ModemRouter 1.0.20 - Multiple Vulnerabilities ''' Ubee EVW3226 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Ubee EVW3226, 1.0.20 - Product page: http://www.ubeeinteractive.com/products/cable/evw322...
iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting
iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you...
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities Operation Technology ETAP 14.1.0 Multiple Stack Buffer Overrun Vulnerabilities Vendor: Operation Technology, Inc. Product web page: http://www.etap.com Affected version: 14.1.0.0 Summary: Enterprise Software Solution...