41207 matches found
Ruby 1.8.61.9 (WEBick HTTPd 1.3.1) - Directory Traversal
Ruby 1.8.61.9 WEBick HTTPd 1.3.1 - Directory Traversal ------------------------------------------------------------------------------------ Digital Security Research Group DSecRG Advisory DSECRG-08-018 Application: Ruby 1.8.6 WEBrick Web server Toolkit and applications that used WEBrick, like...
Joomla! Component Rapid Recipe 1.6.5 - SQL Injection
Joomla! Component Rapid Recipe 1.6.5 - SQL Injection joomla SQL Injectioncomrapidrecipe AUTHOR : S@BUN HOME : http://www.hackturkiye.com MAİL : [email protected] DORK 1 : allinurl: "comrapidrecipe"userid DORK 2 : allinurl: "comrapidrecipe" categoryid EXPLOIT : after userid or...
Man Command - -H Flag Local Buffer Overflow
Man Command - -H Flag Local Buffer Overflow // source: https://www.securityfocus.com/bid/23355/info The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. NOTE: Presumably, this...
XOOPS Module Zmagazine 1.0 - print.php SQL Injection
XOOPS Module Zmagazine 1.0 - print.php SQL Injection !/usr/bin/perl Script Name: XOOPS Module Zmagazine 1.0 print.php Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : "inurl:/modules/zmagazine/" Result:20.800 Example S. :...
XOOPS Module Camportail 1.1 - camid SQL Injection
XOOPS Module Camportail 1.1 - camid SQL Injection !/usr/bin/perl Script Name: XOOPS Module Camportail : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id;...
TikiWiki 1.9.5 Sirius - sort_mode Information Disclosure
TikiWiki 1.9.5 Sirius - sortmode Information Disclosure /==========================================/ //tikiwiki version 1.9.5 CVS -Sirius- PoC // Product: Tikiwiki // URL: http://tikiwiki.org/ // RISK: critical /==========================================/ there's a critical security bug in tikiwi...
Chipmunk Guestbook 1.3 - index.php SQL Injection
Chipmunk Guestbook 1.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/17483/info Chipmunk Guestbook is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
Mambo 4.5.2 - Globals Overwrite Remote Command Execution
Mambo 4.5.2 - Globals Overwrite Remote Command Execution Mambo body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img background-color: F...
MetaCart E-Shop V-8 - StrCatalog_NAME SQL Injection
MetaCart E-Shop V-8 - StrCatalogNAME SQL Injection source: https://www.securityfocus.com/bid/13377/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An...
Operator Shell (osh) 1.7-12 - Local Privilege Escalation
Operator Shell osh 1.7-12 - Local Privilege Escalation !/usr/bin/perl Tested and working uid=50str0ke gid=100users euid=0root groups=100users /str0ke OSH 1.7 Exploit EDUCATIONAL purposes only.... :- by Charles Stevenson core Description: The Operator Shell Osh is a setuid root, security enhanced,...
Linux Kernel 2.6.7-rc3 (Slackware 9.1 Debian 3.0) - sys_chown() Group Ownership Alteration Privilege Escalation
Linux Kernel 2.6.7-rc3 Slackware 9.1 Debian 3.0 - syschown Group Ownership Alteration Privilege Escalation / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorchown.c - syschown missing DAC controls on Linux Copyright c 2004 Marco Ivaldi Unknown vulnerability in Linux kernel 2.x may...
Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote (PoC)
Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote PoC / source: https://www.securityfocus.com/bid/11488/info It is reported that an integer underflow vulnerability is present in the iptables logging rules of the Linux kernel 2.6 branch. A remote attacker may exploit this...
Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing
Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing source: https://www.securityfocus.com/bid/6334/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. Under some circumstances, it ma...
Solaris 8.0 LPD - Command Execution (Metasploit)
Solaris 8.0 LPD - Command Execution Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
ISC BIND 8.2.x - TSIG Remote Stack Overflow (1)
ISC BIND 8.2.x - TSIG Remote Stack Overflow 1 / tsig0wn.c Copyright Field Marshal August Wilhelm Anton Count Neithardt von Gneisenau [email protected] The author is not and will not be held responsible for the action of other people using this code. provided for informational purposes only sin...
Yamaha MidiPlug 1.1 b-j MidiPlug - Local Buffer Overflow
Yamaha MidiPlug 1.1 b-j MidiPlug - Local Buffer Overflow // source: https://www.securityfocus.com/bid/760/info There is a buffer overflow in the MidiPlug that may allow arbitrary code to be executed on the local host. This overflow occurs if a long "Text" variable is specified within an EMBED tag...
SprintWork 2.3.1 - Local Privilege Escalation
SprintWork 2.3.1 - Local Privilege Escalation Exploit Title: SprintWork 2.3.1 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-13 Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/spx/exe/SprintWork-Setup.exe Version: 2.3.1 Tested On: Windows 10 32-bi...
MyVideoConverter Pro 3.14 - Output Folder Buffer Overflow
MyVideoConverter Pro 3.14 - Output Folder Buffer Overflow Exploit Title: MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-11 Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce...
Online Book Store 1.0 - bookisbn SQL Injection
Online Book Store 1.0 - bookisbn SQL Injection Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection Google Dork: N/A Date: 2020-01-15 Exploit Author: AmirHadi Yazdani Ertebat Gostar Co. Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-ph...
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Exploit: AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62...
Anviz CrossChex 4.3.12 - Local Buffer Overflow
Anviz CrossChex 4.3.12 - Local Buffer Overflow Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 ...
Open Proficy HMI-SCADA 5.0.0.25920 - Password Denial of Service (PoC)
Open Proficy HMI-SCADA 5.0.0.25920 - Password Denial of Service PoC Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-16 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: Ap...
iSmartViewPro 1.3.34 - Denial of Service (PoC)
iSmartViewPro 1.3.34 - Denial of Service PoC Exploit Title: iSmartViewPro 1.3.34 - Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019 -11-16 Vendor Homepage: http://www.smarteyegroup.com/ Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071 Tested Version:...
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
nipper-ng 0.11.10 - Remote Buffer Overflow PoC Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link:...
Technicolor TC7300.B0 - hostname Persistent Cross-Site Scripting
Technicolor TC7300.B0 - hostname Persistent Cross-Site Scripting Exploit Title: Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-11-11 Exploit Author: Luis Stefan Vendor Homepage: https://www.technicolor.com/ Software Link: N/A Version: TC7300.B0 -...
Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass
Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540...
DESKTOP-NQLQSKD
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Zabbix 4.2 - Authentication Bypass
Zabbix 4.2 - Authentication Bypass Exploit Title: Zabbix 4.2 - Authentication Bypass Date: 2019-10-06 Exploit Author: Milad Khoshdel Software Link: https://www.zabbix.com/download Version: Zabbix 2.x , 3.x , 4.x Tested on latest version Zabbix 4.2 Tested on: Linux Apache/2 PHP/7.2 Google Dork:...
V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery
V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on...
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...
google.com.ar
Pentest notes for: google.com.ar Exploit Pack Nmap 7.80 scan initiated Fri Sep 13 16:38:25 2019 as: "C:\Program Files x86\Nmap\nmap.exe" -sV -A -oA log/google.com.ar google.com.ar Nmap scan report for google.com.ar 173.194.222.94 Host is up 0.015s latency. rDNS record for 173.194.222.94:...
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link...
MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)
MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow EggHunter Exploit Title: MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow EggHunter Author: sasaga92 Discovery Date: 2019-07-18 Vendor Homepage: www.computerlab.com Software Link:...
WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting
WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link:...
Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
FaceSentry Access Control System 6.4.8 - Remote Root Exploit !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 5...
BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description...
Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery
Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" uplo...
eLabFTW 1.8.5 - Arbitrary File Upload Remote Code Execution
eLabFTW 1.8.5 - Arbitrary File Upload Remote Code Execution !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version ...
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal Remote Code Execution
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal Remote Code Execution !/usr/bin/python """ Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability Steven Seeley mrme of Source Incite - 2019 SRC: SRC-2019-0034 CV...
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service !/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD...
gnutls 3.6.6 - verify_crt() Use-After-Free
gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of...
BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link:...
Coship Wireless Router 4.0.0.48 4.0.0.40 5.0.0.54 5.0.0.55 10.0.0.49 - Unauthenticated Admin Password Reset
Coship Wireless Router 4.0.0.48 4.0.0.40 5.0.0.54 5.0.0.55 10.0.0.49 - Unauthenticated Admin Password Reset history.pushState'', '', '/'...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
ZTE MF65 BDHDV6MF65V1.0.0B05 - Cross-Site Scripting Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...
CyberArk 9.7 - Memory Disclosure
CyberArk 9.7 - Memory Disclosure Exploit Title: CyberArk 9.7 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 200...
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Exploit Title: Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 2018-11-19 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...
Maitra Mail Tracking System 1.7.2 - SQL Injection Database File Download
Maitra Mail Tracking System 1.7.2 - SQL Injection Database File Download Exploit Title: Maitra - Mail Tracking System 1.7.2 - SQL Injection / Database File Download Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://salzertechnologies.com/ Software Link:...