Linux Kernel 2.6.32-5 (Debian 6.0.5) - devptmx Key Stroke Timing Local Disclosure

Linux Kernel 2.6.32-5 Debian 6.0.5 - devptmx Key Stroke Timing Local Disclosure !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs "su -". Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for...

PrestaShop 1.5.1 - Persistent Cross-Site Scripting

PrestaShop 1.5.1 - Persistent Cross-Site Scripting PrestaShop or embed src='data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc 3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9y...

TestLink 1.9.3 - Cross-Site Request Forgery

TestLink 1.9.3 - Cross-Site Request Forgery Advisory ID: HTB23088 Product: TestLink Vendor: teamst.org Vulnerable Versions: 1.9.3 and probably prior Tested Version: 1.9.3 Vendor Notification: April 18, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-35...

Group Office Calendar - calendarjson.php SQL Injection

Group Office Calendar - calendarjson.php SQL Injection /-------------------------------------\ | Group-Office Calendar SQL Injection | -------------------------------------/ Summary ======= Versions of Group-Office a web app for online collaboration prior to 4.0.90 are subject to a SQL injection...

Siemens Simatic S7-1200 - CPU STARTSTOP Module (Metasploit)

Siemens Simatic S7-1200 - CPU STARTSTOP Module Metasploit Exploit Title: Siemens Simatic S7 1200 CPU command module Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3...

Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution

Tiki Wiki CMS Groupware 8.3 - Unserialize PHP Code Execution ?php / ----------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.3 "unserialize" PHP Code Execution ----------------------------------------------------------------- author...........: Egidio Romano a...

MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution

MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to...

newscoop 3.5.3 - Multiple Vulnerabilities

newscoop 3.5.3 - Multiple Vulnerabilities Advisory ID: HTB23084 Product: Newscoop Vendor: Sourcefabric o.p.s. Vulnerable Versions: 3.5.3 and probably prior, partially 4.0 RC3 Tested Version: 3.5.3 Vendor Notification: 28 March 2012 Vendor Patch: 5 April 2012 Public Disclosure: 18 April 2012...

sit! support incident tracker 3.64 - Multiple Vulnerabilities

sit! support incident tracker 3.64 - Multiple Vulnerabilities Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery...

PolicyKit polkit-1 0.101 - Local Privilege Escalation

PolicyKit polkit-1 0.101 - Local Privilege Escalation / polkit-pwnage.c ============================== = PolicyKit Pwnage = = by zx2c4 = = Sept 2, 2011 = ============================== Howdy folks, This exploits CVE-2011-1485, a race condition in PolicyKit. davidz25 explains: --begin-- Briefly, t...

NETGEAR Wireless Cable Modem Gateway - Authentication Bypass Cross-Site Request Forgery

NETGEAR Wireless Cable Modem Gateway - Authentication Bypass Cross-Site Request Forgery Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardwa...

Excel - SLYK Format Parsing Buffer Overrun (PoC)

Excel - SLYK Format Parsing Buffer Overrun PoC Exploit Title: Excel SLYK Format Parsing Buffer Overrun Vulnerability PoC Date: date Author: webDEViL Software Link: download link if available Version: app version Tested on: ALL CVE : CVE-2011-1276 w3bd3vilatgmaildotcom twitter.com/w3bd3vil open...

Nibbleblog 3 - Multiple SQL Injections

Nibbleblog 3 - Multiple SQL Injections source: https://www.securityfocus.com/bid/48339/info Nibbleblog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an...

Adobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)

Adobe Flash Player 10.1.53.64 - Action Script Type Confusion ASLR + DEP Bypass Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/ Adobe Flash player Action script type confusion exploit DEP+ASLR bypass advisory text : Here is another reliable windows 7 exploi...

Microsoft ASP.NET - Padding Oracle File Download (MS10-070)

Microsoft ASP.NET - Padding Oracle File Download MS10-070 !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using Vaudenay's...

SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow

SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow -------------------------- NSOADV-2010-005 --------------------------- SonicWALL E-Class SSL-VPN ActiveX Control format string overflow 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 1110110...

ActiTime 2.0-MA - Cross-Site Request Forgery

ActiTime 2.0-MA - Cross-Site Request Forgery |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...

GOM Player 2.1.21.4846 - .wav Buffer Overflow

GOM Player 2.1.21.4846 - .wav Buffer Overflow !/usr/bin/perl GOM Player 2.1.21.4846 .wav Buffer Overflow Exploit Homepage: http://www.gomlab.com/ Exploit Coded by: cr4wl3r From: Gorontalo - Indonesia WARNING - WARNING - WARNING - WARNING Disclaimer: The author published the information under the...

MobPartner Counter - Arbitrary File Upload

MobPartner Counter - Arbitrary File Upload MobPartner Counter Remote File Upload Vulnerability + Author : wlhaan hacker + Email : [email protected] + Site : www.sa-hacker.com/vb + team wlhaan Hacker + Dork : "MobPartner Counter" "upload files" The exploit : http://localhost/path/upload.php edit she...

Milonic News - viewnews SQL Injection

Milonic News - viewnews SQL Injection ============================================================================= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----------------------------------------------------------------------------- + Title : Milonic News...

ImageVue 2.0 - Remote Admin Login

ImageVue 2.0 - Remote Admin Login Author: Sora Software Link: http://www.imagevuex.com/ Version: 2.0 Tested on: Windows and Linux --------------------------------- / ImageVue 2.0 Remote Admin Login Exploit Created by Sora Contact: vhr95zw at hotmail.com / + Google Dork: "inurl:/admin/" "ImageVue"...

weenCompany - SQL Injection

weenCompany - SQL Injection weenCompany SQL Injection Vulnerability Vendor: http://www.weentech.com/ Author: Gamoscu Site: www.1923turk.biz Site: http://gamoscu.wordpress.com/ Dork:"Created by weenCompany" Exploit: http://server/index.php?moduleid=m2newsSQL-inj&articleid=1 Greetz: Manas58 Baybora...

Oracle Database 10.1.0.5 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow

Oracle Database 10.1.0.5 10.2.0.4 - AUTHSESSKEY Length Validation Remote Buffer Overflow include include include include include include void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send -...

SharePoint 2007 - Team Services Source Code Disclosure

SharePoint 2007 - Team Services Source Code Disclosure ======= Summary ======= Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin Vendor: Microsoft Systems Affected: SharePoint 2007 12.0.0.6219,...

ZaoCMS - user_id SQL Injection

ZaoCMS - userid SQL Injection || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: ZaoCMS - SQL Injection Vulnerability =INFO: http://zaocms.com/ =BUY: http://zaocms.com/ =DORK: --...

Chance-i DiViS DVR System Web-Server - Directory Traversal

Chance-i DiViS DVR System Web-Server - Directory Traversal Digital Security Research Group DSecRG Advisory DSECRG-09-036 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html Application: Chance-i DiViS DVR System web-server Versions Affected: 2.0 Vendor URL: http://www.chance-i.com/...

Microsoft-Excel-Record

Microsoft Excel is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. This version add support for Microsoft Office 2007...

CUPS 1.3.8-4 - Local Privilege Escalation

CUPS 1.3.8-4 - Local Privilege Escalation / cve-2008-5377.c CUPS http://jon.oberheide.org Usage: $ gcc cve-2008-5377.c -o cve-2008-5377.c $ ./cve-2008-5377 $ id uid=0root gid=1000vm ... Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5377 pstopdf in CUPS 1.3.8 allows local use...

Joomla! Component mydyngallery 1.4.2 - SQL Injection

Joomla! Component mydyngallery 1.4.2 - SQL Injection Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...

Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)

Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

E-Store Kit-1 2 PayPal Edition - pid SQL Injection

E-Store Kit-1 2 PayPal Edition - pid SQL Injection Viva IslaM Viva IslaM Remote SQL Injection Vulnerability E-Store Kit-1 viewdetails.php pid E-Store Kit-2 viewdetails.php pid E-Store Kit-1 Pro PayPal Edition viewdetails.php pid E-Store Kit-2 PayPal Edition viewdetails.php pid www.magicscripts.co...

GreenCart PHP Shopping Cart - id SQL Injection

GreenCart PHP Shopping Cart - id SQL Injection || | | GreenCart PHP Shopping Cart id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...

Joomla! Component EasyBook 1.1 - gbid SQL Injection

Joomla! Component EasyBook 1.1 - gbid SQL Injection !/usr/bin/perl use IO::Socket; use strict; INFO Example: Host: xxx.lu &md: 0f8ab366793a0d1da85c6f5a8d4fb576 print "-+-- Joomla Component EasyBook 1.1 SQL Injection Exploit--+-\n"; print "-+-- --+-\n"; print "-+-- Author: ZAMUT --+-\n"; print "-+...

Quick Classifieds 1.0 - index.php3?DOCUMENT_ROOT Remote File Inclusion

Quick Classifieds 1.0 - index.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an...

xeCMS 1.x - view.php Remote File Disclosure

xeCMS 1.x - view.php Remote File Disclosure -------------------------------------------------------------- xeCMS 1.x.x Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://xecms.sunsite.dk/ author : p4imi0 contact : [email protected]...

FreeWebShop 2.2.1 - Blind SQL Injection

FreeWebShop 2.2.1 - Blind SQL Injection !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ FreeWebshop version 2.2.1 - Multiple Remote SQL Injection Vulnerabilities Waktu : Dec 16 2007 01:50AM Software : FreeWebshop version 2.2.1 Vendor :...

TotalCalendar 2.402 - view_event.php SQL Injection

TotalCalendar 2.402 - viewevent.php SQL Injection --==+================================================================================+==-- --==+ TotalCalendar 2.402 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHO...

SunShop Shopping Cart 3.5 - abs_path Remote File Inclusion

SunShop Shopping Cart 3.5 - abspath Remote File Inclusion sunshop 4 index.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- scripts : SunShop v3.5 Discovered By : irvian scripts site :...

Man Command - -H Flag Local Buffer Overflow

Man Command - -H Flag Local Buffer Overflow // source: https://www.securityfocus.com/bid/23355/info The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. NOTE: Presumably, this...

WebCalendar 0.9.45 - includedir Remote File Inclusion

WebCalendar 0.9.45 - includedir Remote File Inclusion |-------------------------------------------------------------------------------| | | | WebCalendar v0.9.45 13 Dec 2004 login.php Remote File include | | | | Script : WebCalendar | | Version : v0.9.45 13 Dec 2004 | | Authord : Drackanz | |...

Linux Omnikey Cardman 4040 Driver - Local Buffer Overflow (PoC)

Linux Omnikey Cardman 4040 Driver - Local Buffer Overflow PoC / Linux Omnikey Cardman 4040 driver buffer overflow CVE-2007-0005 Copyright C Daniel Roethlisberger Compass Security Network Computing AG, Rapperswil, Switzerland. All rights reserved. http://www.csnc.ch/ / include include include...

Mozilla Firefox 2.0.0.1 - location.hostname Cross-Domain

Mozilla Firefox 2.0.0.1 - location.hostname Cross-Domain Options - Privacy - Show Cookies for login.live.com Gorn, gorn.supportgmailcom 2007-02-19 16:00 -- var mydomain = '127.0.0.1'; var varcook = 'MSPPre=firefoxvulnerabilitytest'; var domcook = 'login.live.com'; if location.hostna...

Multiple Printer Providers (Spooler Service) - Local Privilege Escalation

Multiple Printer Providers Spooler Service - Local Privilege Escalation /Private exploit- internal use only Title: Universal exploit for vulnerable printer providers spooler service. Vulnerability: Insecure EnumPrintersW calls Author: Andres Tarasco Acuña - [email protected] Website:...

Sun Microsystems Java - .GIF File Parsing Memory Corruption

Sun Microsystems Java - .GIF File Parsing Memory Corruption / FileName: JvmGifVulPoc.java Date: 2007-01-21 Description: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit Environment: Only successfully tested on Sun Jre 1.5 Author: luoluo Contact:...

Oracle 9i10g - extproc LocalRemote Command Execution

Oracle 9i10g - extproc LocalRemote Command Execution -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allo...

PHP Easy Downloader 1.5 - save.php Remote Code Execution

PHP Easy Downloader 1.5 - save.php Remote Code Execution !/usr/bin/perl +------------------------------------------------------------------------------------------- + PHP Easy Download +------------------------------------------------------------------------------------------- + Details: + PHP Ea...

Exhibit Engine 1.5 RC 4 - photo_comment.php File Inclusion

Exhibit Engine 1.5 RC 4 - photocomment.php File Inclusion ' ' EXPLOIT coded by Kacper in Visual Basic ;- ' '::::::::: :::::::::: ::: ::: ::::::::::: ::: ':+: :+: :+: :+: :+: :+: :+: '+:+ +:+ +:+ +:+ +:+ +:+ +:+ '++ +:+ +++:++ ++ +:+ ++ ++ '++ ++ ++ ++ ++ ++ ++ '+ + + +++ + + ' ':::::::::::...

VWar 1.5 - war.php?vwar_root Remote File Inclusion

VWar 1.5 - war.php?vwarroot Remote File Inclusion source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary...

Microsoft Windows - Color Management Module Overflow (MS05-036) (2)

Microsoft Windows - Color Management Module Overflow MS05-036 2 / \ MS05-036 ICC Stack Overflow Exploit / by Darkeagle \ / GreetZ: all unl0ckerz, ed, f0st, uf0, sowhat, str0ke, black, redsand \ / \ special tnx to snooq for his PoC. / \ / xploit was tested on WinXP SP1 RUS with explorer.exe \ /...

SPIP 1.81.9 - index.php3 Cross-Site Scripting

SPIP 1.81.9 - index.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/16461/info SPIP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...