41207 matches found
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC Exploit Title: Computer Associates Advantage Ingres 2.6 Multiple Buffer Overflow Vulnerabilities PoC Date: 2010-08-14 Author: @fdiskyou e-mail: rui at deniable.org Version: 2.6 Tested on: Windows 2003 Server SP1 en CVE:...
Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044)
Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly MS03-044 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly ---------------------------------------------------------------------------- Help and Support Centre is the default application...
Palo Alto Network Vulnerability - Cross-Site Scripting
Palo Alto Network Vulnerability - Cross-Site Scripting Palo Alto Network Vulnerability - Cross-Site Scripting XSS ------------------------------ Class: Cross-Site Scripting XSS Vulnerability CVE: CVE-2010-0475 Remote: Yes Local: Yes Published: May 11, 2010 08:30AM Timeline:Submission to MITRE:...
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Apache OFBiz 1. Advisory Information Title: Multiple XSS in Apache OFBiz Advisory ID: BONSAI-2010-0103 Advisory URL:...
Torrent Hoster - Remount Upload
Torrent Hoster - Remount Upload ======================================================================================== | Title : Torrent Hoster Remont Upload Exploit | Author : El-Kahina | Home : www.h4kz.com | | Script : Powered by Torrent Hoster. | Tested on: windows SP2 Franais V.Pnx2 2.0 +...
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
Autodesk SoftImage Scene TOC - Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage...
Xpdf 3.01 - Local Heap Overflow Null Pointer Dereference
Xpdf 3.01 - Local Heap Overflow Null Pointer Dereference Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce Author: Adam Zabrocki / HISPASEC or Date: July 06, 2009 Issue: Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow...
Achievo 1.3.4 - SQL Injection
Achievo 1.3.4 - SQL Injection Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow (PoC)
ISC DHCP dhclient 3.1.2p1 - Remote Buffer Overflow PoC / cve-2009-0692.c ISC DHCP dhclient http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 Stack-based buffer overflow in the scriptwriteparams method in client/dhclient.c in ISC DHCP dhclient 4.1...
URA 3.0 - cat SQL Injection
URA 3.0 - cat SQL Injection --------------------------------------------------- URA 3.0 cat remote SQL injection Vulnerability --------------------------------------------------- + Author : Chip D3 Bi0s + Email : chipdebiosalt+64gmail.com + Group : LatinHackTeam + Vulnerability : SQL injection...
NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities
NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities NOKIA Siemens FlexiISN GGSN Multiple Authentication bypass Vulnerability: NOKIA Siemens FlexiISN Remote: Yes Local: No Class: Input Validation Error Critical: Moderately critical OS : FlexiISN GGSN FISN 3.1 URL 1 for...
eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)
eZip Wizard 3.0 - Local Stack Buffer Overflow PoC SEH /ezip wizard Local Stack Buffer Overflow SEH POC SEH chain of main thread Address SE handler 0012FC60 58585858 0012FC60 41414141 AAAA Pointer to next SEH record Old bug ,still not fixed by vendors ,this kind of file can cause problems to a lot...
DMXReady News Manager 1.1 - Arbitrary Category Change
DMXReady News Manager 1.1 - Arbitrary Category Change Title : DMXReady News Manager http://target/path//applications/NewsManager/incnewsmanager.asp Edit - http://target/path//dmin/NewsManager/CategoryManager/updatecategory.asp?cid=x Update Category Name : milw0rm.com 2009-01-13...
CMS Ortus 1.13 - SQL Injection
CMS Ortus 1.13 - SQL Injection Author: otmorozok428, http://forum.antichat.ru Products: CMS Ortus 1.12, CMS Ortus 1.13 Vendor: http://ortus.nirn.ru Download: http://ortus.nirn.ru/files/ortus1-12.zip, http://ortus.nirn.ru/files/ortus1-13.zip Dork for ALL Versions of CMS Ortus:...
Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities
Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV101$2008 ----------------------------------------------------------------------------------------- ECHOADV101$2008 Attachmax Dolphin = 2.1.0 Multiple...
Vastal I-Tech Dating Zone - fage SQL Injection
Vastal I-Tech Dating Zone - fage SQL Injection ZoRLu - - - yildirimordulari.org - - - z0rlu.blogspot.com Vastal I-Tech Dating Zone fage SQL Injection Vulnerability author: ZoRLu home: yildirimordulari.org - - - z0rlu.blogspot.com - - - r00tsecurity.org contact: [email protected] & [email protected]...
Anzio Web Print Object 3.2.30 - ActiveX Buffer Overflow
Anzio Web Print Object 3.2.30 - ActiveX Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Anzio Web Print Object Buffer Overflow Advisory Information Title: Anzio Web Print Object Buffer Overflow...
deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities
deeemm CMS dmcms 0.7.4 - Multiple Vulnerabilities DeeEmm CMS Sql Injection/Rfi AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download :...
PHP-Fusion Mod Kroax 4.42 - category SQL Injection
PHP-Fusion Mod Kroax 4.42 - category SQL Injection ========================================================== The kroax phpfusion Remote SQL-injection. ========================================================== Author : boom3rang Contact : [email protected] webpage : www.khg-crew.ws ---...
@lex Guestbook 4.0.5 - setup.php?language_setup Cross-Site Scripting
@lex Guestbook 4.0.5 - setup.php?languagesetup Cross-Site Scripting source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure
Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry...
WordPress 1.5.1.1 2.2.2 - Multiple Vulnerabilities
WordPress 1.5.1.1 2.2.2 - Multiple Vulnerabilities !/usr/bin/env ruby .---. .---. : : o : happy antiblogging, dear kids! ..-: 0 : :-.. / .-'' ' ---' ---' " -. Copyright c Lance M. Havok .' " ' " . " . ' " . : '.---.,,.,...,.,.,.,..---. ' ; . " . .' " .' ----- All rights reserved. . '. .-/|||||||-...
LiveCMS 3.4 - categoria.php?cid SQL Injection
LiveCMS 3.4 - categoria.php?cid SQL Injection !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title LiveCMS = 3.4 SQL Injection, Absolute Path Disclosure, XSS Injection, Arbitrary File...
XOOPS module Articles 1.02 - print.php?id SQL Injection
XOOPS module Articles 1.02 - print.php?id SQL Injection !/usr/bin/perl -w Xoops All Version -Articles- Print.PHP ID Blind SQL Injection Exploit And PoC Type : SQL Injection Release Date : 2007-03-26 Product / Vendor : http://support.sirium.net/ Bug :...
IMGallery 2.5 - Create Uploader Script
IMGallery 2.5 - Create Uploader Script DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
TikiWiki 1.9.5 Sirius - sort_mode Information Disclosure
TikiWiki 1.9.5 Sirius - sortmode Information Disclosure /==========================================/ //tikiwiki version 1.9.5 CVS -Sirius- PoC // Product: Tikiwiki // URL: http://tikiwiki.org/ // RISK: critical /==========================================/ there's a critical security bug in tikiwi...
Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation
Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...
Microsoft Windows Media Player 10 - Plugin Overflow (MS06-006)
Microsoft Windows Media Player 10 - Plugin Overflow MS06-006 WMP Plugin EMBED Exploit // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for //...
CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution
CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution this works regardless of magicquotesgpc settings Sun-Tzu: "Thus it may be known that the leader of armies is the arbiter of the people's fate, the man on whom it depends whether the nation shall be in peace or in peril." / a short explaination:...
gpsdrive 2.09 (PPC) - friendsd2 Remote Format String
gpsdrive 2.09 PPC - friendsd2 Remote Format String !/usr/bin/perl -w Heh - Code by KF kflistsatdigitalmunitiondotcom - Shellcode by Charles Stevenson http://www.digitalmunition.com FrSIRT 24/24 & 7/7 - Centre de Recherche on Donkey Testicles. Free 14 day Testicle licking trial available! IIIIIIII...
Easy Message Board - Remote Command Execution
Easy Message Board - Remote Command Execution source: https://www.securityfocus.com/bid/13555/info Easy Message Board is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input...
Subversion 0.3.71.0.0 - Remote Buffer Overflow
Subversion 0.3.71.0.0 - Remote Buffer Overflow / hoagiesubversion.c Remote exploit against Subversion-Servers. Author: greuff Tested on Subversion 1.0.0 and 0.37 Algorithm: This is a two-stage exploit. The first stage overflows a buffer on the stack and leaves us 60 bytes of machine code to be...
SimpGB 1.0 - Guestbook.php SQL Injection
SimpGB 1.0 - Guestbook.php SQL Injection source: https://www.securityfocus.com/bid/12801/info SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it...
Virtual Programming VP-ASP 4.005.00 - shopdisplayproducts.asp SQL Injection
Virtual Programming VP-ASP 4.005.00 - shopdisplayproducts.asp SQL Injection source: https://www.securityfocus.com/bid/9134/info It has been reported that VP-ASP may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL co...
Microsoft Windows XP2000 - RPC Remote Non Exec Memory
Microsoft Windows XP2000 - RPC Remote Non Exec Memory / have you recently bought one of those expensive new windows security products on the market? do you think you now have strong protection? Look again: rpc!exec by ins1der trixterjack yahoo com windows remote return into libc exploit! remote r...
ProFTPd 1.2.9 rc2 - .ASCII File Remote Code Execution (1)
ProFTPd 1.2.9 rc2 - .ASCII File Remote Code Execution 1 / proftpd 1.2.7/1.2.9rc2 remote root exploit by bkbll bkbllcnhonker.net, 2003/10/1 for FTPProFTPDTranslateOverflow found by X-force happy birthday, China. this code is dirty, there are more beautiful exploits of proftpd for this vuln in the...
Valve Software Half-Life Server 1.1.1.03.1.1.1c14.1.1.1a - Multiplayer Request Buffer Overflow
Valve Software Half-Life Server 1.1.1.03.1.1.1c14.1.1.1a - Multiplayer Request Buffer Overflow // source: https://www.securityfocus.com/bid/8300/info // Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the softwa...
Phusion WebServer 1.0 - Directory Traversal (1)
Phusion WebServer 1.0 - Directory Traversal 1 source: https://www.securityfocus.com/bid/4117/info Phusion Webserver is a commercial HTTP server that runs on Microsoft Windows 9x/NT/2000 operating systems. Phusion Webserver is prone to directory traversal attacks. It is possible to break out of...
Linux Kernel 2.02.1 (Digital UNIX 4.0 D FreeBSD 2.2.4 HP HP-UX 10.2011.0 IBM AIX 3.2.5 NetBSD 1.2 Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.02.1 Digital UNIX 4.0 D FreeBSD 2.2.4 HP HP-UX 10.2011.0 IBM AIX 3.2.5 NetBSD 1.2 Solaris 2.5.1 - Smurf Denial of Service / source: https://www.securityfocus.com/bid/147/info The "Smurf" denial of service exploits the existance, and forwarding of, packets sent to IP broadcast...
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution Exploit Title: PixelStor 5000 - Remote Code Execution Product: PixelStor 5000 Vendor: Rasilient Date: 2020-01-08 Exploit Author: .:UND3R:. Vendor Homepage: http://rasilient.com Version: K:4.0.1580-20150629 KDI Version Tested on:...
Cisco WLC 2504 8.9 - Denial of Service (PoC)
Cisco WLC 2504 8.9 - Denial of Service PoC Exploit Title: Cisco WLC 2504 8.9 - Denial of Service PoC Google Dork: N/A Date: 2019-11-25 Exploit Author: SecuNinja Vendor Homepage: cisco.com Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-do...
Microsoft Excel 2016 1901 - XML External Entity Injection
Microsoft Excel 2016 1901 - XML External Entity Injection Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...
macOS 10.14.6 - root-kernel Privilege Escalation via update_dyld_shared_cache
macOS 10.14.6 - root-kernel Privilege Escalation via updatedyldsharedcache Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature;...
TemaTres 3.0 - value Persistent Cross-site Scripting
TemaTres 3.0 - value Persistent Cross-site Scripting Exploit Title: TemaTres 3.0 - 'value' Persistent Cross-site Scripting Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
Optergy 2.3.0a - Remote Code Execution
Optergy 2.3.0a - Remote Code Execution Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...
eMerge E3 1.00-06 - layout Reflected Cross-Site Scripting
eMerge E3 1.00-06 - layout Reflected Cross-Site Scripting Exploit Title: eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...
ClamAV 0.102.0 - bytecode_vm Code Execution
ClamAV 0.102.0 - bytecodevm Code Execution !/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...
XNU - Remote Double-Free via Data Race in IPComp Input Path
XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...
Foscam Video Management System 1.1.6.6 - UID Denial of Service (PoC)
Foscam Video Management System 1.1.6.6 - UID Denial of Service PoC Exploit Title: Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service PoC Author: Alessandro Magnosi Date: 2019-10-09 Vendor Homepage: https://www.foscam.com/ Software Link :...
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
Microsoft DirectWrite - Out-of-Bounds Read in sfacGetSbitBitmap While Processing TTF Fonts Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs suc...