WordPress 4.7.4 - Unauthorized Password Reset

WordPress 4.7.4 - Unauthorized Password Reset ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High...

Moxa MXview 2.8 - Private Key Disclosure

Moxa MXview 2.8 - Private Key Disclosure + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt + ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: =========== MXvie...

Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow

Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow ''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a lo...

D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery

D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing ‘admin’ privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-273...

Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free

Apple macOS 10.12 - Double vmdeallocate in Userspace MIG Code Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40954.zip Userspace MIG services often use...

Google Chrome 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T...::Quick­Get­Next Out-of-Bounds Read

Google Chrome 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T...::Quick­Get­Next Out-of-Bounds Read ''' Source: http://blog.skylined.nl/20161219001.html Synopsis A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The...

GNU Wget 1.18 - Access List Bypass Race Condition

GNU Wget 1.18 - Access List Bypass Race Condition ''' ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html - CVE-2016-7098 -...

TP-LINK TDDP - Multiple Vulnerabilities

TP-LINK TDDP - Multiple Vulnerabilities 1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors...

Macro Expert 4.0 - Multiple Privilege Escalations

Macro Expert 4.0 - Multiple Privilege Escalations Exploit Title: Macro Expert 4.0 Multiple Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.macro-expert.com/ Software Link:...

ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.6 3.0.1.5 160622 3.0.1.1...

Claroline 1.7.7 - Arbitrary File Inclusion

Claroline 1.7.7 - Arbitrary File Inclusion Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; e...

Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)

Dream Gallery 1.0 - Cross-Site Request Forgery Add Admin...

Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File

Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // ...

CakePHP Framework 3.2.4 - IP Spoofing

CakePHP Framework 3.2.4 - IP Spoofing ============================================= - Release date: 12.05.2016 - Discovered by: Dawid Golunski - Severity: Medium ============================================= I. VULNERABILITY ------------------------- CakePHP Framework = 3.2.4 IP Spoofing...

Microsoft Windows Media Center - .MCL File Processing Remote Code Execution (MS16-059)

Microsoft Windows Media Center - .MCL File Processing Remote Code Execution MS16-059 Exploit Title: Microsoft Windows Media Center .MCL File Processing Remote Code Execution Vulnerability MS16-059 Date: May 11th, 2016 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com...

NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities

NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities Title: ==== NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-6023, CVE-2015-6024 Date: ====...

Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - snd-usb-audio Crash (PoC)

Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - snd-usb-audio Crash PoC OS-S Security Advisory 2016-17 Linux snd-usb-audio Multiple Free Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat...

McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass

McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass / Security Advisory @ Mediaservice.net Srl 01, 13/04/2016 Data Security Division Title: McAfee VirusScan Enterprise security restrictions bypass Application: McAfee VirusScan Enterprise 8.8 and prior versions Platform: Microsoft Windo...

Crouzet em4 soft 1.1.04 M3 soft 3.1.2.0 - Insecure File Permissions

Crouzet em4 soft 1.1.04 M3 soft 3.1.2.0 - Insecure File Permissions Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions Vendor: Crouzet Automatismes SAS Product web page: http://www.crouzet-automation.com Affected version: em4 soft 1.1.04 and 1.1.03.01 M3 soft 3.1.2.0 Summary:...

Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow

Grassroots DICOM GDCM 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow / Grassroots DICOM GDCM is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming...

AVM FRITZ!Box 6.30 - Remote Buffer Overflow

AVM FRITZ!Box 6.30 - Remote Buffer Overflow Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device...

KiTTY Portable 0.65.0.2p (Windows 8.110) - Local kitty.ini Overflow

KiTTY Portable 0.65.0.2p Windows 8.110 - Local kitty.ini Overflow Exploit Title: KiTTY Portable = 0.65.0.2p Local kitty.ini Overflow Win8.1/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploi...

KiTTY Portable 0.65.0.2p (Windows XP710) - Chat Remote Buffer Overflow (SEH)

KiTTY Portable 0.65.0.2p Windows XP710 - Chat Remote Buffer Overflow SEH Exploit Title: KiTTY Portable = 0.65.0.2p Chat Remote Buffer Overflow SEH WinXP/Win7/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub:...

Grawlix 1.0.3 - Cross-Site Request Forgery

Grawlix 1.0.3 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/20...

TECO SG2 FBD Client 3.51 - .gfb Overwrite Buffer Overflow (SEH) (PoC)

TECO SG2 FBD Client 3.51 - .gfb Overwrite Buffer Overflow SEH PoC TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Download: http://globalsa.teco.com.tw/supportdownload.aspx?KindID=9...

D-Link DIR-818W - Multiple Vulnerabilities

D-Link DIR-818W - Multiple Vulnerabilities Advisory Information Title: DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been...

BMC Track-It! 11.4 - Multiple Vulnerabilities

BMC Track-It! 11.4 - Multiple Vulnerabilities Multiple critical vulnerabilities in BMC Track-It! 11.4 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/07/2016 / Last updated:...

Joomla! Component Helpdesk Pro 1.4.0 - Multiple Vulnerabilities

Joomla! Component Helpdesk Pro 1.4.0 - Multiple Vulnerabilities Document Title ============== Joomla! plugin Helpdesk Pro 1.4.0 Reported By =========== Simon Rawet from Outpost24 Kristian Varnai from Outpost24 Gregor Mynarsky from Outpost24 https://www.outpost24.com/ For full details, see;...

Pimcore CMS Build 3450 - Directory Traversal

Pimcore CMS Build 3450 - Directory Traversal Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version...

xRadio-0.95b-(.xrl)

xRadio is affected by stack-based buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploitation of the vulnerability allows an attacker to execute arbitrary code. Other versions are also affected but have a different trigger...

Nagios-history.cgi-Exec-Code

CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...

ZTE-and-TP-Link-RomPager

Date: 10-05-2014 Server Version: RomPager/4.07 UPnP/1.0 Tested Routers: ZTE ZXV10 W300 TP-Link TD-W8901G TP-Link TD-W8101G TP-Link TD-8840G Firmware: FwVer:3.11.2.175TC3086 HwVer:T14.F75.0 Tested on: Kali Linux x86 !/usr/bin/env python -- coding: utf-8 -- Exploit Title: ZTE and TP-Link RomPager D...

Windows-OLE-Package-Manager

Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Vendor Homepage: microsoft.com Tested on: Win7Sp1 64 bit - Microsoft Offcie 2013 Plus Demo: http://youtu.be/ljjEkhflpv import os import zipfile import sys ''' Very quick and ugly SandWorm...

Wickr Desktop 2.2.1 Windows - Denial of Service

Wickr Desktop 2.2.1 Windows - Denial of Service Document Title: =============== Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1377 Video:...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal

webEdition 6.3.8.0 SVN-Revision: 6985 - Directory Traversal Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical detail...

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - ·...

Microsoft Windows XP SP3 - MQAC.sys Arbitrary Write Privilege Escalation

Microsoft Windows XP SP3 - MQAC.sys Arbitrary Write Privilege Escalation Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-003 Publication Date: 2014.07.18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt 1...

Endeca Latitude 2.2.2 - Cross-Site Request Forgery

Endeca Latitude 2.2.2 - Cross-Site Request Forgery Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the...

Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection

Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection CVE: CVE-2014-2043 Vendor: Procentia Product: IntelliPen Affected version: 1.1.12.1520 Fixed version: 1.1.18.1658 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as an authenticated...

SpagoBI 4.0 - Arbitrary Cross-Site Scripting Arbitrary File Upload

SpagoBI 4.0 - Arbitrary Cross-Site Scripting Arbitrary File Upload 01. Advisory Information Title: XSS File Upload Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE...

Oracle Demantra 12.2.1 - SQL Injection

Oracle Demantra 12.2.1 - SQL Injection Details: Application is vulnerable to SQL injection. Impact: An attacker with access to the vulnerable pages could manipulate the queries being sent to the database, potentially enabling them to: - Extract sensitive information, including but not limited to...

Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities

Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC:...

D-Link DIR-100 - Multiple Vulnerabilities

D-Link DIR-100 - Multiple Vulnerabilities Title: Router D-Link DIR-100 Multiple Vulnerabilities Date: 2013-09-19 Author: Felix Richter Contact: [email protected] Vulnerable Software: ftp://ftp.dlink.de/dir/dir-100/driversoftware/DIR-100fwrevd403b07ALLde20120410.zip Patched Software:...

Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass

Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass Exploit Title: Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass Date: 10/10/2013 Exploit Author: myexploit Vendor Homepage: http://www.ruckuswireless.com/ Version: 2942 Wireless Acce...

WordPress Plugin NOSpamPTI - Blind SQL Injection

WordPress Plugin NOSpamPTI - Blind SQL Injection NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support changes to...

Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056)

Microsoft DirectShow - Arbitrary Memory Overwrite MS13-056 Introduction: The Microsoft DirectShow application programming interface API is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture...

Sosci Survey - Multiple Vulnerabilities

Sosci Survey - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/59278/info Sosci Survey is prone to following security vulnerabilities: 1. An unauthorized-access vulnerability 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. A PHP...

Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities

Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sophos Web Protection Appliance vulnerable version: = 3.7.8.1 fixed...

Google AD Sync Tool - Exposure of Sensitive Information

Google AD Sync Tool - Exposure of Sensitive Information Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versio...