41207 matches found
SIPve 0.0.2-R19 - SQL Injection
SIPve 0.0.2-R19 - SQL Injection Exploit Title: SIPve 0.0.2-R19 - SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/sipve/ Software Link: https://datapacket.dl.sourceforge.net/project/sipve/sipve-v0.0.2-R19.tar.gz Version:...
Apple iOSmacOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOSmacOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport / IOHIDResourceQueue inherits from IOSharedDataQueue and adds its own ::enqueueReport method, which seems to be mostly copy-pasted from IOSharedDataQueue and IODataQueue's ::enqueue methods. I...
Advanced HRM 1.6 - Remote Code Execution
Advanced HRM 1.6 - Remote Code Execution Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Date: 2018-10-06 Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1....
D-Link Routers - Plaintext Password
D-Link Routers - Plaintext Password Password stored in plaintext CVE: CVE-2018-10824 Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com...
WebKit - WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free
WebKit - WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free ::selection, input:focus, .class0, ul::first-letter -webkit-column-count: 85; float: left; function jsfuzzer var fuzzervars = ; try / / var00034 = document.getSelection; catche try...
TP-Link TL-WR840N - Denial of Service
TP-Link TL-WR840N - Denial of Service Exploit Title:- TP-Link Wireless N Router WR840N - Buffer Overflow Date:- 2018-07-16 Vendor Homepage:- https://www.tp-link.com/ Hardware Link:- https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version:- TP-Link Wireless N Router...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160...
Online Trade - Information Disclosure
Online Trade - Information Disclosure Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on...
CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
CMS Made Simple 2.2.5 - Authenticated Remote Code Execution Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link:...
HPE VAN SDN 2.7.18.0503 - Remote Root
HPE VAN SDN 2.7.18.0503 - Remote Root ''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...
Brother HL Series Printers 1.15 - Cross-Site Scripting
Brother HL Series Printers 1.15 - Cross-Site Scripting Exploit Title: XSS at Brother HL series printers Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: Brother HL series printers. Tested on: Mozilla FireFox Reflected XSS Payload...
WhatsApp 2.18.31 - Memory Corruption
WhatsApp 2.18.31 - Memory Corruption !/usr/bin/env python -- coding: utf-8 -- Exploit Author: Juan Sacco at Exploit Pack - http://www.exploitpack.com This vulnerability has been discovered and exploited using Exploit Pack - Framework Tested on: iPhone 5/6s/X iOS 10 and 11.3 Latest release of iOS ...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage:...
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
VideoFlow Digital Video Protection DVP 2.10 - Directory Traversal VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is...
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow SWAMI KARUPASAMI THUNAI Exploit Title: Allok soft WMV to AVI MPEG DVD WMV Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech...
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload', 'Description' = %q...
uWSGI 2.0.17 - Directory Traversal
uWSGI 2.0.17 - Directory Traversal Exploit Title: uWSGI PHP Plugin Directory Traversal Date: 01-03-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin...
Microsoft Windows 8.12012 R2 - SMBv3 Null Pointer Dereference Denial of Service
Microsoft Windows 8.12012 R2 - SMBv3 Null Pointer Dereference Denial of Service Exploit Title: Microsoft Windows SMB Client Null Pointer Dereference Denial of Service Date: 26/02/2018 Exploit Author: Nabeel Ahmed Version: SMBv3 Tested on: Windows 8.1 x86, Windows Server 2012 R2 x64 CVE :...
CMS Made Simple 2.1.6 - Remote Code Execution
CMS Made Simple 2.1.6 - Remote Code Execution Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2. 1.6-install.zip Version: 2.1....
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Exploit Title: Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.christianwebministries.org/ Software Link:...
RAVPower 2.000.056 - Root Remote Code Execution
RAVPower 2.000.056 - Root Remote Code Execution """ Exploit Title: RAVPower - remote root Date: 23/01/2018 Exploit Authors: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5997 """ import...
Shopware 5.2.55.3 - Cross-Site Scripting
Shopware 5.2.55.3 - Cross-Site Scripting Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Updat...
D-Link DNS-343 ShareCenter 1.05 - Command Injection
D-Link DNS-343 ShareCenter 1.05 - Command Injection D-Link DNS-343 ShareCenter Remote Root Vendor: D-Link Product: D-Link DNS-343 ShareCenter Version: = 1.05 Website: http://sharecenter.dlink.com/products/DNS-343 / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,///...
Disk Pulse Enterprise 10.1.18 - Remote Buffer Overflow
Disk Pulse Enterprise 10.1.18 - Remote Buffer Overflow Exploit Title: Disk Pulse Enterprise Server v10.1.18 - Buffer Overflow Exploit Author: Ahmad Mahfouz Description: Disk Pule Enterprise Server Unauthenticated Remote Buffer Overflow SEH Contact: http://twitter.com/eln1x Date: 12/01/2018 CVE:...
ALLMediaServer 0.95 - Remote Buffer Overflow
ALLMediaServer 0.95 - Remote Buffer Overflow !/usr/bin/python Exploit Title: Stack Buffer Overflow in ALLMediaServer 0.95 Exploit Author: Mario Kartone Ciccarelli Contact: https://twitter.com/Kartone CVE: CVE-2017-17932 Date: 09-01-2018 Thanks to PoC: https://www.exploit-db.com/exploits/43406/...
Vitek - Remote Command Execution Information Disclosure (PoC)
Vitek - Remote Command Execution Information Disclosure PoC STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22,...
Multiple OEM - nsd Remote Stack Format String (PoC)
Multiple OEM - nsd Remote Stack Format String PoC STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full...
vBulletin 5 - routestring Remote Code Execution
vBulletin 5 - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads ...
osCommerce 2.3.4.1 - Arbitrary File Upload
osCommerce 2.3.4.1 - Arbitrary File Upload Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link:...
PHP Melody 2.7.3 - Multiple Vulnerabilities
PHP Melody 2.7.3 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages...
ZKTime Web Software 2.0 - Cross-Site Request Forgery
ZKTime Web Software 2.0 - Cross-Site Request Forgery Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category:...
Nitro Pro PDF - Multiple Vulnerabilities
Nitro Pro PDF - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you chan...
Microsoft Windows Kernel - IOCTL 0x120007 NsiGetParameter nsiproxynetio Pool Memory Disclosure
Microsoft Windows Kernel - IOCTL 0x120007 NsiGetParameter nsiproxynetio Pool Memory Disclosure / We have discovered that the handler of the 0x120007 IOCTL in nsiproxy.sys \.\Nsi device discloses portions of uninitialized pool memory to user-mode clients, likely due to output structure alignment...
360 Total Security - Local Privilege Escalation
360 Total Security - Local Privilege Escalation Vulnerability Summary The following advisory describes an Privileged Escalation vulnerability found in 360 Total Security. 360 Total Security offers your PC complete protection from Viruses, Trojans and other emerging threats. Whether you are shoppi...
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1...
Pelco SarixSpectra Cameras - Remote Code Execution
Pelco SarixSpectra Cameras - Remote Code Execution Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model:...
KBVault MySQL 0.16a - Arbitrary File Upload
KBVault MySQL 0.16a - Arbitrary File Upload Exploit Title: KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code Google Dork: inurl:"FileExplorer/Explorer.aspx" Date: 2017-06-14 Exploit Author: Fatih Emiral Vendor Homepage: http://kbvaultmysql.codeplex.com/ Software Link:...
Robert 0.5 - Multiple Vulnerabilities
Robert 0.5 - Multiple Vulnerabilities Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link :...
OV3 Online Administration 3.0 - SQL Injection
OV3 Online Administration 3.0 - SQL Injection OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for...
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT...
SAP SAPCAR 721.510 - Heap Buffer Overflow
SAP SAPCAR 721.510 - Heap Buffer Overflow ''' Source: https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability 1. Advisory Information Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability Advisory ID: CORE-2017-0001 Advisory URL:...
I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting
I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities CVE-2017-6086 Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source...
Moxa MXview 2.8 - Private Key Disclosure
Moxa MXview 2.8 - Private Key Disclosure + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt + ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: =========== MXvie...
D-Link DCS Series Cameras - Insecure Crossdomain
D-Link DCS Series Cameras - Insecure Crossdomain Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on...
Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free
Apple macOS 10.12 - Double vmdeallocate in Userspace MIG Code Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40954.zip Userspace MIG services often use...
TP-LINK TDDP - Multiple Vulnerabilities
TP-LINK TDDP - Multiple Vulnerabilities 1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors...
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date:...
Claroline 1.7.7 - Arbitrary File Inclusion
Claroline 1.7.7 - Arbitrary File Inclusion Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; e...