41207 matches found
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery Date: 2018-04-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE:...
CyberArk Password Vault 9.7 10 - Memory Disclosure
CyberArk Password Vault 9.7 10 - Memory Disclosure Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the...
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods !-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, th...
DLINK DCS-5020L - Remote Code Execution (PoC)
DLINK DCS-5020L - Remote Code Execution PoC “The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to...
Linux Kernel 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
Linux Kernel 4.4.0-116 Ubuntu 16.04.4 - Local Privilege Escalation / Ubuntu 16.04.4 kernel priv esc all credits to @bleidl - vnik / // Tested on: // 4.4.0-116-generic 140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x8664 // if different kernel adjust CRED offset + check kernel stack size include...
ClipBucket 4.0.0 - Release 4902 - Command Injection File Upload SQL Injection
ClipBucket 4.0.0 - Release 4902 - Command Injection File Upload SQL Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable...
Sony Playstation 4 (PS4) 5.01 5.05 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 5.01 5.05 - WebKit Code Execution PoC PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install...
Adminer 4.3.1 - Server-Side Request Forgery
Adminer 4.3.1 - Server-Side Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: apparition security Vendor: ============== www.adminer.org Product...
Disk Pulse Enterprise 10.1.18 - Remote Buffer Overflow
Disk Pulse Enterprise 10.1.18 - Remote Buffer Overflow Exploit Title: Disk Pulse Enterprise Server v10.1.18 - Buffer Overflow Exploit Author: Ahmad Mahfouz Description: Disk Pule Enterprise Server Unauthenticated Remote Buffer Overflow SEH Contact: http://twitter.com/eln1x Date: 12/01/2018 CVE:...
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential...
MistServer 2.12 - Cross-Site Scripting
MistServer 2.12 - Cross-Site Scripting + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product:...
HP iMC Plat 7.2 - Remote Code Execution
HP iMC Plat 7.2 - Remote Code Execution !/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE Date: 11-28-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
Stock Photo Selling 1.0 - SQL Injection
Stock Photo Selling 1.0 - SQL Injection !/usr/bin/perl -w Exploit Title: Stock Photo Selling Script 1.0 - SQL Injection Dork: N/A Date: 21.09.2017 Vendor Homepage: http://sixthlife.net/ Software Link: http://sixthlife.net/product/stock-photo-selling-website/ Demo: http://www.photoreels.com/...
DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 - Information Disclosure + Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE:...
Uniview NVR - Password Disclosure
Uniview NVR - Password Disclosure Uniview NVR remote passwords disclosure Author: B1t The Uniview NVR web application does not enforce authorizations on the main.cgi file when requesting json data. It says that you can do anything without authentication, however you must know the request structur...
Adobe Creative Cloud Desktop Application 4.0.0.185 - Local Privilege Escalation
Adobe Creative Cloud Desktop Application 4.0.0.185 - Local Privilege Escalation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt + ISR: apparitionSec Vendor: ==============...
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log...
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation Title: ====== Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router. CVE Details: ============ CVE-2017-6896 Reference: ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896...
AXIS (Multiple Products) - Cross-Site Request Forgery
AXIS Multiple Products - Cross-Site Request Forgery 0RWELLL4BS security advisory olsa-CVE-2015-8255 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management...
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This...
NTOPNG 2.4 Web Interface - Cross-Site Request Forgery
NTOPNG 2.4 Web Interface - Cross-Site Request Forgery + + Credits / Discovery: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt + ISR: ApparitionSEC + Vendor: ============ www.ntop.org Product:...
SwiftMailer 5.4.5-DEV - Remote Code Execution
SwiftMailer 5.4.5-DEV - Remote Code Execution 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/...
Red Hat JBoss EAP - Deserialization of Untrusted Data
Red Hat JBoss EAP - Deserialization of Untrusted Data Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untruste...
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=850 As already discussed in a number of reports in this tracker 285, 286, 287, 288, 289, 292, VMware Workstation current version 12.1.1 build-3770994...
EyeLock nano NXT 3.5 - Local File Disclosure
EyeLock nano NXT 3.5 - Local File Disclosure EyeLock nano NXT 3.5 Local File Disclosure Vulnerability Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT...
ASUS Memory Mapping Driver (ASMMAPASMMAP64) - Physical Memory ReadWrite
ASUS Memory Mapping Driver ASMMAPASMMAP64 - Physical Memory ReadWrite / Source: http://rol.im/asux/ ASUS Memory Mapping Driver ASMMAP/ASMMAP64: Physical Memory Read/Write PoC by slipstream/RoL - https://twitter.com/TheWack0lian - http://rol.im/chat/ The ASUS "Generic Function Service" includes a...
Geeklog 1.4.0 - Multiple Vulnerabilities
Geeklog 1.4.0 - Multiple Vulnerabilities Geeklog Multiple Vulnerabilities Vendor: Geeklog Product: Geeklog Version: = 1.4.0 Website: http://www.geeklog.net/ BID: 16755 CVE: CVE-2006-0823 OSVDB: 23348 23349 SECUNIA: 18920 PACKETSTORM: 44070 Description: Geeklog is one of the most popular content...
X2Engine 4.2 - Cross-Site Request Forgery
X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...
refbase 0.9.6 - Multiple Vulnerabilities
refbase 0.9.6 - Multiple Vulnerabilities Exploit Title: Refbase 5 /rss.php?where='nonexistent'+union+allselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat'version:',@@version,'',34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50-- - /rs...
Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation (MS15-076)
Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation MS15-076 Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory...
Pimcore CMS Build 3450 - Directory Traversal
Pimcore CMS Build 3450 - Directory Traversal Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...
Havij - OLE Automation Array Remote Code Execution
Havij - OLE Automation Array Remote Code Execution !/usr/bin/php ?php Title : Havij OLE Automation Array Remote Code Execution Affected Versions: All Version Founder : ITSecTeam Tested on Windows 7 / Server 2008 Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail ...
Apache Spark Cluster 1.3.x - Arbitrary Code Execution
Apache Spark Cluster 1.3.x - Arbitrary Code Execution Exploit Title: Arbitary Code Execution in Apache Spark Cluster Date: 23/03/2015 Exploit Author: AkhlD AkhilDas CodeBreach.in Vendor Homepage: https://spark.apache.org/ Software Link: https://spark.apache.org/downloads.html Version: All 0.0.x,...
Pandora FMS 5.1 SP1 - SQL Injection
Pandora FMS 5.1 SP1 - SQL Injection Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID:...
Microweber CMS 0.95 - SQL Injection
Microweber CMS 0.95 - SQL Injection Exploit Title: SQL Injection in Microweber CMS 0.95 Google Dork: N/A Date: 12/16/2014 Exploit Author: Pham Kien Cuong [email protected] and ITAS Team www.itas.vn Vendor Homepage: Microweber https://microweber.com/ Software Link:...
MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass Reflected Cross-Site Scripting Persistent Cross-Site Scripting
MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass Reflected Cross-Site Scripting Persistent Cross-Site Scripting Advisory ID: 92152 Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.0.02.2.14 Tested Version: 2.2.14 Advisory Publication: 16 July, 2014 without technical details Vendor...
Linux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation
Linux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation / FUSE-based exploit for CVE-2014-5207 Copyright c 2014 Andy Lutomirski Based on code that is: Copyright C 2001-2007 Miklos Szeredi This program can be distributed under the terms of the GNU GPL. See the file COPYING. gcc -Wall...
TestLink 1.9.11 - Multiple SQL Injections
TestLink 1.9.11 - Multiple SQL Injections Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...
ZYXEL Prestig P-660HNU-T1 - ISP Credentials Disclosure
ZYXEL Prestig P-660HNU-T1 - ISP Credentials Disclosure !/usr/bin/perl Exploit Author: Sebastián Magof Hardware: ZyXEL Prestig P-660HNU-T1 Vulnerable file: wzADSL.asp location: http://gateway/cgi-bin/wzADSL.asp Bug: ISP usr+pwd disclosure Type: Local Date: 22/09/2014 Vendor Homepage:...
Endeca Latitude 2.2.2 - Cross-Site Request Forgery
Endeca Latitude 2.2.2 - Cross-Site Request Forgery Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the...
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances ------------------------- Affected vendors:...
AFCommerce - controlheader.php Remote File Inclusion
AFCommerce - controlheader.php Remote File Inclusion source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
TVT TD-2308SS-B DVR - Directory Traversal
TVT TD-2308SS-B DVR - Directory Traversal Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P...
FlashChat 6.0.2 6.0.8 - Arbitrary File Upload
FlashChat 6.0.2 6.0.8 - Arbitrary File Upload Exploit Title: FlashChat File Upload Vulnerability Google Dork: intitle:FlashChat v6.0.8 Date: 02.10.2013 Exploit Author: x-hayben21 Vendor Homepage: www.punish3r.com Software Link: http://www.tufat.com/script2.htm Version: v6.0.8, v6.0.2, v6.0.4,...
HylaFAX+ 5.2.4 5.5.3 - Buffer Overflow
HylaFAX+ 5.2.4 5.5.3 - Buffer Overflow Details =========================================================== Application: "HylaFAX+" Version: 5.2.4 April, 2008 through 5.5.3 August 6, 2013 Type: Daemon that manages a fax server via an FTP-like protocol. Vendor / Maintainer: Lee Howard faxguy at...
Oracle Java lookUpByteBI - Heap Buffer Overflow
Oracle Java lookUpByteBI - Heap Buffer Overflow Exploit Title: Oracle Java lookupByteBI function heap buffer overflow Google Dork: Date: 2013-09-03 Exploit Author: GuHe Vendor Homepage: http://www.oracle.com/ Software Link: http://www.oracle.com/technetwork/java/javase/downloads/index.html Versio...
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS...
Open-Xchange Server 6 - Multiple Vulnerabilities
Open-Xchange Server 6 - Multiple Vulnerabilities Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof...
TagScanner 5.1 - Stack Buffer Overflow (PoC)
TagScanner 5.1 - Stack Buffer Overflow PoC Title: ====== TagScanner v5.1 - Stack Buffer Overflow Vulnerability Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=831 VL-ID: ===== 831 Introduction: ============= TagScanner is a multifunction program f...
SonicWALL OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities
SonicWALL OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities Title: ====== Sonicwall OEM Scrutinizer v9.5.2 - Multiple Web Vulnerabilities Date: ===== 2013-02-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=786 VL-ID: ===== 786 Common Vulnerability Scoring System:...