CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution

CMS Made Simple 2.2.5 - Authenticated Remote Code Execution Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link:...

DIGISOL DG-BR4000NG - Cross-Site Scripting

DIGISOL DG-BR4000NG - Cross-Site Scripting Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Date: 2018-06-24 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta...

Clone2GO Video converter 2.8.2 - Buffer Overflow

Clone2GO Video converter 2.8.2 - Buffer Overflow !/usr/bin/python ---------------------------------------------------------------------------------------------------------------------- Exploit Title : Clone 2 GO Video converter 2.8.2 Unicode Buffer Overflow Remote Code Execution Exploit Author :...

CyberArk 10 - Memory Disclosure

CyberArk 10 - Memory Disclosure Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012,...

Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery

Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link:...

Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting

Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting Date: 2018-05-16 Exploit Author: L0RD Vendor Homepage:...

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods !-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, th...

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 - Directory Traversal VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is...

DualDesk 20 - Proxy.exe Denial of Service

DualDesk 20 - Proxy.exe Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DUALDESK-v20-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============== www.dualdesk.com Product: =========== DualDes...

Asterisk chan_pjsip 15.2.0 - SDP fmtp Denial of Service

Asterisk chanpjsip 15.2.0 - SDP fmtp Denial of Service ''' Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-003 - Enable Security Advisory: -...

Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection

Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection Exploit Title: Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://thekrotek.com/ Software Link: https://extensions.joomla.org/extension/smart-shoutbox/ Version: 3.0.0 Category: Webapps...

Netis WF2419 Router - Cross-Site Scripting

Netis WF2419 Router - Cross-Site Scripting Exploit Title: Netis-WF2419 HTML Injection Date: 20/01/2018 Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV :...

CentOS Web Panel 0.9.8.12 - row_id domain SQL Injection

CentOS Web Panel 0.9.8.12 - rowid domain SQL Injection Document Title: =============== CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1833 Release Date: ============= 2018-01-22...

WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection

WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/...

SysGauge Server 3.6.18 - Denial of Service

SysGauge Server 3.6.18 - Denial of Service Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepage:...

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service !/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 ...

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Websit...

vBulletin 5.x - routestring Remote Code Execution

vBulletin 5.x - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that lead...

vBulletin 5 - routestring Remote Code Execution

vBulletin 5 - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads ...

vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion

vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserialization...

WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)

WordPress Plugin Polls 1.2.4 - SQL Injection PoC Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls...

Trend Micro OfficeScan 11.0XG (12.0) - Server Side Request Forgery

Trend Micro OfficeScan 11.0XG 12.0 - Server Side Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ==================...

Mako Web Server 2.5 - Multiple Vulnerabilities

Mako Web Server 2.5 - Multiple Vulnerabilities + SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Jungo DriverWizard WinDriver 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation

Jungo DriverWizard WinDriver 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1:...

Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)

Invoice Manager 3.1 - Cross-Site Request Forgery Add Admin ======================================================== Invoice Manager v3.1 Cross site request forgery Add Admin Description : Invoice Manager v3.1 is vulnerable to CSRF attack No CSRF token in place which if an admin user can be tricke...

QuantaStor Software Defined Storage 4.3.1 - Multiple Vulnerabilities

QuantaStor Software Defined Storage 4.3.1 - Multiple Vulnerabilities 1. --- Advisory details --- Title: QuantaStor Software Define Storage mmultiple vulnerabilities Advisory ID: VVVSEC-2017-6943 Advisory URL: http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Date published:...

NoviFlow NoviWare NW400.2.6 - Multiple Vulnerabilities

NoviFlow NoviWare NW400.2.6 - Multiple Vulnerabilities NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment...

AdvanDate iCupid Dating Software 12.2 - SQL Injection

AdvanDate iCupid Dating Software 12.2 - SQL Injection Exploit Title: iCupid Dating Software 12.2 - SQL Injection Dork: N/A Date: 15.08.2017 Vendor Homepage : https://www.advandate.com/ Software Link: https://www.advandate.com/dating-software-features/ Demo: https://demo.advandate.com/ Version: 12...

libjpeg-turbo 1.5.1 - Denial of Service

libjpeg-turbo 1.5.1 - Denial of Service libjpeg-turbo denial of service vulnerability ====================== Author : qflb.wu CVE : CVE-2017-9614 ====================== Introduction: ============= libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, AVX2, NEON, AltiVec to...

CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation

CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation Exploit Title: Privilege Escalation via CyberArk Viewfinity 8. This will spawn a new CMD prompt. Verify you are now Admin...

360 Total Security - Local Privilege Escalation

360 Total Security - Local Privilege Escalation Vulnerability Summary The following advisory describes an Privileged Escalation vulnerability found in 360 Total Security. 360 Total Security offers your PC complete protection from Viruses, Trojans and other emerging threats. Whether you are shoppi...

Pelco SarixSpectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)

Pelco SarixSpectra Cameras - Cross-Site Request Forgery Enable SSH Root Access Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware:...

NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection

NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage:...

Nuevomailer 6.0 - SQL Injection

Nuevomailer 6.0 - SQL Injection Exploit Title: Nuevo mailer version = 6.0 SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and below Tested on: Linux Vulnerable script: rdr.php Vulnerable...

OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution

OpenText Documentum Content Server - dmbptransition.ebs docbase Method Arbitrary Code Execution ''' CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server all versions Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8...

MobaXterm Personal Edition 9.4 - Directory Traversal

MobaXterm Personal Edition 9.4 - Directory Traversal + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt + ISR: ApparitionSec Vendor: =====================...

Fiyo CMS 2.0.6.1 - Privilege Escalation

Fiyo CMS 2.0.6.1 - Privilege Escalation Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link:...

Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: -...

Microsoft Windows Server 20082012 - LDAP RootDSE Netlogon Denial of Service

Microsoft Windows Server 20082012 - LDAP RootDSE Netlogon Denial of Service !/usr/bin/perl MS Windows Server 2008/2008 R2/ 2012/2012 R2/ AD LDAP RootDSE Netlogon CLDAP "AD Ping" query reflection DoS PoC Copyright 2016 c Todor Donev Varna, Bulgaria [email protected]...

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 - Authentication Bypass InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...

InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities

InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

SAP Adaptive Server Enterprise 16 - Denial of Service

SAP Adaptive Server Enterprise 16 - Denial of Service ''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory:...

Cisco Webex Player T29.10 - .ARF Out-of-Bounds Memory Corruption

Cisco Webex Player T29.10 - .ARF Out-of-Bounds Memory Corruption Application: Cisco Webex Player Platforms: Windows Versions: Cisco Webex Meeting Player version T29.10 Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: August 31, 2016 CVE:...

X-Cart 4.1.3 - Arbitrary Variable Overwrite

X-Cart 4.1.3 - Arbitrary Variable Overwrite X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic quotes gpc settings ...

EyeLock nano NXT 3.5 - Local File Disclosure

EyeLock nano NXT 3.5 - Local File Disclosure EyeLock nano NXT 3.5 Local File Disclosure Vulnerability Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT...

NASdeluxe NDL-2400r 2.01.09 - OS Command Injection

NASdeluxe NDL-2400r 2.01.09 - OS Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-065 Product: NASdeluxe NDL-2400r Vendor: Starline Computer GmbH Affected Versions: 2.01.10 Tested Versions: 2.01.09 Vulnerability Type: OS Command Injection CWE-78 Risk Level:...

PowerFolder Server 10.4.321 - Remote Code Execution

PowerFolder Server 10.4.321 - Remote Code Execution Mogwai Security Advisory MSA-2016-01 ---------------------------------------------------------------------- Title: PowerFolder Remote Code Execution Vulnerability Product: PowerFolder Server Affected versions: 10.4.321 Linux/Windows Other versio...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Merit Lilin IP Cameras - Multiple Vulnerabilities / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the...

Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)

Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read MS15-112 !-- CVE-2015-6086 Out Of Bound Read Vulnerability Address Space Layout Randomization ASLR Bypass Improper handling of new line and white space character caused Out of Bound Read in...

TeamPass 2.1.24 - Multiple Vulnerabilities

TeamPass 2.1.24 - Multiple Vulnerabilities Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: :...