41207 matches found
McAfee Security Scan Plus - Remote Command Execution
McAfee Security Scan Plus - Remote Command Execution Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing...
PuTTY 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption
PuTTY 0.68 - sshagentchanneldata Integer Overflow Heap Corruption Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a...
HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution
HPE Intelligent Management Center iMC 7.2 E0403P10 - Code Execution Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 E0403P10 Enterprise, this vulnerability leads to an exploitable remote code...
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting Remote Code Execution Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster...
Microsoft-Windows---'SrvOs2FeaToNt'-SMB-Remote-Code-Execution-(MS17-010)-
Description: SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. Srv.sys process SrvOs2FeaListSizeToNt and when the logic is not correct it leads to a cross-border copy. The vulnerabili...
I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting
I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
OpenText Documentum Content Server - dmbptransition.ebs docbase Method Arbitrary Code Execution ''' CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server all versions Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8...
MobaXterm Personal Edition 9.4 - Directory Traversal
MobaXterm Personal Edition 9.4 - Directory Traversal + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt + ISR: ApparitionSec Vendor: =====================...
EasyCom For PHP 4.0.0 - Denial of Service
EasyCom For PHP 4.0.0 - Denial of Service + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product: =========== SQL iPl...
Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities
Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities Multiple vulnerabilities in TrueOnline / ZyXEL / Billion routers Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 26/12/2016 /...
Nagios 4.2.4 - Local Privilege Escalation
Nagios 4.2.4 - Local Privilege Escalation !/bin/bash Source: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html Nagios Core 4.2.4 Root Privilege Escalation PoC Exploit nagios-root-privesc.sh ver. 1.0 CVE-2016-9566 Discovered and coded by: Dawid Golunski...
Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read MS16-104 // This PoC attempts to exploit a memory disclosure bug in Microsoft Internet // Explorer 11. On x64 systems, this should cause an access violation when // run with page-heap...
InfraPower PPS-02-S Q213V1 - Remote Command Execution
InfraPower PPS-02-S Q213V1 - Remote Command Execution InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...
SAP NetWeaver KERNEL 7.0 7.5 - Denial of Service
SAP NetWeaver KERNEL 7.0 7.5 - Denial of Service ''' Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference...
JCraftJSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal
JCraftJSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 Version: 0.3 Date: Aug 31st, 2016 Complete Proof of Concept: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725...
BuilderEngine 3.5.0 - Arbitrary File Upload
BuilderEngine 3.5.0 - Arbitrary File Upload...
BelliniSupercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
BelliniSupercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities ''' Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities Reported By: ================================== James McLean - Primary: james dot mclean at gmail dot com Secondary: labs at juicedigital dot net Device Overview:...
SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection
SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP...
Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File
Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // ...
Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)
Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read MS15-112 !-- CVE-2015-6086 Out Of Bound Read Vulnerability Address Space Layout Randomization ASLR Bypass Improper handling of new line and white space character caused Out of Bound Read in...
CubeCart 6.0.10 - Multiple Vulnerabilities
CubeCart 6.0.10 - Multiple Vulnerabilities Advisory ID: HTB23298 Product: CubeCart Vendor: CubeCart Limited Vulnerable Versions: 6.0.10 and probably prior Tested Version: 6.0.10 Advisory Publication: March 2, 2016 without technical details Vendor Notification: March 2, 2016 Vendor Patch: March 16...
FreeBSD 10.2 (x64) - amd64_set_ldt Heap Overflow
FreeBSD 10.2 x64 - amd64setldt Heap Overflow / 1. Advisory Information Title: FreeBSD Kernel amd64setldt Heap Overflow Advisory ID: CORE-2016-0005 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64setldt-heap-overflow Date published: 2016-03-16 Date of last update: 2016-03-14...
Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - snd-usb-audio Crash (PoC)
Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - snd-usb-audio Crash PoC OS-S Security Advisory 2016-17 Linux snd-usb-audio Multiple Free Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat...
ADOdb 4.71 - Cross Site Scripting
ADOdb 4.71 - Cross Site Scripting ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this...
D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities
D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been...
ElasticSearch 1.6.0 - Arbitrary File Download
ElasticSearch 1.6.0 - Arbitrary File Download elasticpwn Script for ElasticSearch url path traversal vuln. CVE-2015-5531 crg@fogheaven elasticpwn$ python CVE-2015-5531.py exploitlab.int /etc/hosts !dSR script for CVE-2015-5531 127.0.0.1 localhost The following lines are desirable for IPv6 capable...
Dell Netvault Backup 10.0.1.24 - Denial of Service
Dell Netvault Backup 10.0.1.24 - Denial of Service """ Product: Dell Netvault Backup Link: http://software.dell.com/products/netvault-backup/ Vendor: Dell Vulnerable Versions: 10.0.1.24 and probably prior Tested Version: Version 10.0.1.24 Advisory Publication: July 30, 2015 Vendor Notification:...
WordPress Plugin WP Symposium 15.1 - show SQL Injection
WordPress Plugin WP Symposium 15.1 - show SQL Injection ======================================================================= title: SQL Injection product: WordPress WP Symposium Plugin vulnerable version: 15.1 and probably below fixed version: 15.4 CVE number: CVE-2015-3325 impact: CVSS Base...
WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery
WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery ================================================================ CSRF/Stored XSS Vulnerability in Ad Inserter Plugin ================================================================ . contents:: Table Of Content Overview ======== Tit...
Moodle 2.5.92.6.82.7.52.8.3 - Block Title Handler Cross-Site Scripting
Moodle 2.5.92.6.82.7.52.8.3 - Block Title Handler Cross-Site Scripting Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform...
Smart PHP Poll - Authentication Bypass
Smart PHP Poll - Authentication Bypass Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright � Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : [email protected] Download Script...
Codiad 2.5.3 - Local File Inclusion
Codiad 2.5.3 - Local File Inclusion +Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP...
jQuery - jui_filter_rules PHP Code Execution
jQuery - juifilterrules PHP Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 PHP Code Execution in juifilterrules Parsing Library ====================================================== Researcher: Timo Schmid Description =========== juifilterrules1 is a jQuery plugin which allows...
IBM Endpoint Manager - Persistent Cross-Site Scripting
IBM Endpoint Manager - Persistent Cross-Site Scripting Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScri...
Ansible Tower 2.0.2 - Multiple Vulnerabilities
Ansible Tower 2.0.2 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.5 impact: high homepage...
ZTE-and-TP-Link-RomPager
Date: 10-05-2014 Server Version: RomPager/4.07 UPnP/1.0 Tested Routers: ZTE ZXV10 W300 TP-Link TD-W8901G TP-Link TD-W8101G TP-Link TD-8840G Firmware: FwVer:3.11.2.175TC3086 HwVer:T14.F75.0 Tested on: Kali Linux x86 !/usr/bin/env python -- coding: utf-8 -- Exploit Title: ZTE and TP-Link RomPager D...
Free Article Submissions 1.0 - SQL Injection
Free Article Submissions 1.0 - SQL Injection Exploit Title: Free Article Submissions SQL Injection Vulnerability Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal" inurl:/category.php?id=2 "Arts & Entertainment" Date: 07/12/2014 Exploit Author: BarrabravaZ Vendor Homepage:...
EntryPass N5200 - Credentials Exposure
EntryPass N5200 - Credentials Exposure Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password. Details ======= Product: EntryPass N5200 Activ...
ZTE ZXHN H108L - Authentication Bypass (1)
ZTE ZXHN H108L - Authentication Bypass 1 Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-84...
F5 BIG-IP 10.1.0 - Directory Traversal
F5 BIG-IP 10.1.0 - Directory Traversal +------------------------------------------------------+ + F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability + +------------------------------------------------------+ Affected Product : F5 BIG-IP Vendor Homepage : http://www.f5.com/ Version : 10.1.0...
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...
IBM AIX 6.1.8 - libodm Arbitrary File Write
IBM AIX 6.1.8 - libodm Arbitrary File Write Vulnerability title: Privilege Escalation in IBM AIX CVE: CVE-2014-3977 Vendor: IBM Product: AIX Affected version: 6.1.8 and later Fixed version: N/A Reported by: Tim Brown Details: It has been identified that libodm allows privilege escalation via...
Collabtive 1.2 - SQL Injection
Collabtive 1.2 - SQL Injection Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by:...
ownCloud 4.0.x4.5.x - upload.php?Filename Remote Code Execution
ownCloud 4.0.x4.5.x - upload.php?Filename Remote Code Execution Vulnerability title: Remote Code Execution in ownCloud CVE: CVE-2014-2044 Vendor: ownCloud Product: ownCloud Affected version: 4.0.x & 4.5.x Fixed version: 5.0 Reported by: Alejo Murillo Moya Details: A remote code execution has been...
SpagoBI 4.0 - Arbitrary Cross-Site Scripting Arbitrary File Upload
SpagoBI 4.0 - Arbitrary Cross-Site Scripting Arbitrary File Upload 01. Advisory Information Title: XSS File Upload Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE...
Webuzo 2.1.3 - Multiple Vulnerabilities
Webuzo 2.1.3 - Multiple Vulnerabilities Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2...
Microsoft Windows - NDPROXY SYSTEM Privilege Escalation (MS14-002)
Microsoft Windows - NDPROXY SYSTEM Privilege Escalation MS14-002 NDPROXY Local SYSTEM privilege escalation http://www.offensive-security.com Tested on Windows XP SP3 http://www.offensive-security.com/vulndev/ndproxy-local-system-exploit-cve-2013-5065/ Original crash ... null pointer dereference...
ProjectOr RIA 3.4.0 - objectDetail.php?objectId SQL Injection
ProjectOr RIA 3.4.0 - objectDetail.php?objectId SQL Injection ============================================= INTERNET SECURITY AUDITORS ALERT 2013-017 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 6.8/10 CVSSv2 Base Scor...
appRain 3.0.2 - Blind SQL Injection
appRain 3.0.2 - Blind SQL Injection Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013...
Sybase EAServer 6.3.1 - Multiple Vulnerabilities
Sybase EAServer 6.3.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version...