41207 matches found
h5ai 0.25.0 - Unrestricted Arbitrary File Upload
h5ai 0.25.0 - Unrestricted Arbitrary File Upload !/usr/bin/env python Exploit Title: h5ai 0.25.0 Unrestricted File Upload Date: 21 September 2015 Exploit Author: rTheory Vendor Homepage: https://larsjung.de/h5ai/ Vulnerable Software Link:...
VBox Satellite Express 2.3.17.3 - Arbitrary Write
VBox Satellite Express 2.3.17.3 - Arbitrary Write KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation Title: VBox Satellite Express Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-005 Publication Date: 2015.09.16 Publication URL:...
XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write (PoC)
XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-004 Publication Date: 2015.09.01 Publicati...
WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload
WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload Vulnerability title: Wordpress plugin Simple Ads Manager - Arbitrary File Upload Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 Download lin...
EMC MR (Watch4net) - Credential Disclosure
EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...
ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery
ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery :8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden" name="newDCAuthUser...
Ansible Tower 2.0.2 - Multiple Vulnerabilities
Ansible Tower 2.0.2 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.5 impact: high homepage...
ZTE-and-TP-Link-RomPager
Date: 10-05-2014 Server Version: RomPager/4.07 UPnP/1.0 Tested Routers: ZTE ZXV10 W300 TP-Link TD-W8901G TP-Link TD-W8101G TP-Link TD-8840G Firmware: FwVer:3.11.2.175TC3086 HwVer:T14.F75.0 Tested on: Kali Linux x86 !/usr/bin/env python -- coding: utf-8 -- Exploit Title: ZTE and TP-Link RomPager D...
Kolibri-Webserver-2.0
This exploit will bypass all protections in EMET 5.0 and 4.1 but DEP. Date: September 30th 2014 Author: tekwizz123 Vendor Homepage: http://www.senkas.com Software Download: http://www.senkas.com/kolibri/download.php Version: 2.0 Tested on: Windows 7 32 bit, Windows 7 64 bit, Windows XP SP3 CVE-ID...
Windows-OLE-Package-Manager
Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Vendor Homepage: microsoft.com Tested on: Win7Sp1 64 bit - Microsoft Offcie 2013 Plus Demo: http://youtu.be/ljjEkhflpv import os import zipfile import sys ''' Very quick and ugly SandWorm...
e107 2 Bootstrap CMS - Cross-Site Scripting
e107 2 Bootstrap CMS - Cross-Site Scripting | | | || / | |/' | | || | / / | /| \ / /\ | / / \ |/ / alertString.fromCharCode88, 83, 83 or "alertdocument.cookie ======== Credits: ======== Vulnerability found and advisory written by Ahmet Agar. =========== References: =========== http://www.0x97.inf...
xEpan 1.0.1 - Cross-Site Request Forgery
xEpan 1.0.1 - Cross-Site Request Forgery Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public...
ZTE ZXHN H108L - Authentication Bypass (1)
ZTE ZXHN H108L - Authentication Bypass 1 Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-84...
OSSEC 2.8 - hosts.deny Local Privilege Escalation
OSSEC 2.8 - hosts.deny Local Privilege Escalation !/usr/bin/python Exploit Title: ossec 2.8 Insecure Temporary File Creation Vulnerability Privilege Escalation Date: 14-11-14 Exploit Author: skynet-13 Vendor Homepage: www.ossec.net/ Software Link:...
F5 BIG-IP 10.1.0 - Directory Traversal
F5 BIG-IP 10.1.0 - Directory Traversal +------------------------------------------------------+ + F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability + +------------------------------------------------------+ Affected Product : F5 BIG-IP Vendor Homepage : http://www.f5.com/ Version : 10.1.0...
Microsoft Windows XP SP3 - MQAC.sys Arbitrary Write Privilege Escalation
Microsoft Windows XP SP3 - MQAC.sys Arbitrary Write Privilege Escalation Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-003 Publication Date: 2014.07.18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt 1...
Endeca Latitude 2.2.2 - Cross-Site Request Forgery
Endeca Latitude 2.2.2 - Cross-Site Request Forgery Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the...
Symantec Endpoint Protection Manager 11.012.012.1 - Remote Command Execution
Symantec Endpoint Protection Manager 11.012.012.1 - Remote Command Execution import argparse import httplib """ Exploit Title: Symantec Endpoint Protection Manager Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-5014, CVE-2013-5015 Date: February 22, 2014 Vendor...
DS3 Authentication Server - Multiple Vulnerabilities
DS3 Authentication Server - Multiple Vulnerabilities Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues...
Dovecot with Exim - sender_address Remote Command Execution
Dovecot with Exim - senderaddress Remote Command Execution Advisory: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the...
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
Remote File Manager 1.2 iOS - Multiple Vulnerabilities Title: ====== Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=882 VL-ID: ===== 882 Common Vulnerability Scoring System:...
glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities
glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities Advisory ID: HTB23142 Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure:...
SonicWALL OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities
SonicWALL OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities Title: ====== Sonicwall OEM Scrutinizer v9.5.2 - Multiple Web Vulnerabilities Date: ===== 2013-02-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=786 VL-ID: ===== 786 Common Vulnerability Scoring System:...
Movable Type Pro 5.13en - Persistent Cross-Site Scripting
Movable Type Pro 5.13en - Persistent Cross-Site Scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive,...
TestLink 1.9.3 - Cross-Site Request Forgery
TestLink 1.9.3 - Cross-Site Request Forgery Advisory ID: HTB23088 Product: TestLink Vendor: teamst.org Vulnerable Versions: 1.9.3 and probably prior Tested Version: 1.9.3 Vendor Notification: April 18, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-35...
Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass
Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Airlock WAF overlong UTF-8 sequence bypass product: Airlock vulnerable version: = 4.2.4 without hotfix HF4213 fixed...
S9Y Serendipity 1.6 - Backend Cross-Site Scripting SQL Injection
S9Y Serendipity 1.6 - Backend Cross-Site Scripting SQL Injection Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-ADV2012-001 Contact: [email protected] Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.6...
Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload
Open Journal Systems OJS 2.3.6 - Multiple Script Arbitrary File Upload source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletion...
Microsoft Windows XP2003 - afd.sys Local Privilege Escalation (MS11-080)
Microsoft Windows XP2003 - afd.sys Local Privilege Escalation MS11-080 MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping...
GNUBoard 4.33.02 - tp.php?PATH_INFO SQL Injection
GNUBoard 4.33.02 - tp.php?PATHINFO SQL Injection Exploit Title: Gnuboard = 4.33.02 PATHINFO SQL INJECTION Vulnerability Google Dork: inurl:gnuboard4/bbs/board.php Date: 2011-2-14 Author: flyh4t Software Link: http://sir.co.kr/main/gnuboard4/ Version: Gnuboard = 4.33.02 Tested on: linux+apache CVE...
Citrix XenApp XenDesktop XML Service - Heap Corruption
Citrix XenApp XenDesktop XML Service - Heap Corruption n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.002 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability:...
Willscript Recipes Website Script Silver Edition - viewRecipe.php SQL Injection
Willscript Recipes Website Script Silver Edition - viewRecipe.php SQL Injection source: https://www.securityfocus.com/bid/48878/info Willscript Recipes website Script Silver Edition is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before usin...
phpMyAdmin 3.x - Swekey Remote Code Injection
phpMyAdmin 3.x - Swekey Remote Code Injection ':'';? . , \ . . ,/ , / , \ \ // / / / \ | | \ / | |\ /| | | | | | | | / | | | | / | | | || | | | | | \ \ | | | || | \ \ | | | | | | | | | | | | / / | | | | | | | | | | | | | | | |// || || | |// || || ||| | || ||| || | ||...
Cisco Unified Operations Manager - Multiple Vulnerabilities
Cisco Unified Operations Manager - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-11-006 Release Date. 18-May-2011 Last Update. - Vendor Notification Date. 28-Feb-2011 Product. Cisco Unified Operations Manager Common Services Framework Help Servlet Common Services Device...
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion ASLR + DEP Bypass Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/ Adobe Flash player Action script type confusion exploit DEP+ASLR bypass advisory text : Here is another reliable windows 7 exploi...
Log1 CMS 2.0 - Multiple Vulnerabilities
Log1 CMS 2.0 - Multiple Vulnerabilities +---------------------------------------+ | Log1 CMS 2.0 Multiple Vulnerabilities | +---------------------------------------+ Vulnerable Web-App : Log1 CMS 2.0 Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cherian Email :...
Panda Global Protection 2010 - Local Denial of Service (unfiltered wcscpy())
Panda Global Protection 2010 - Local Denial of Service unfiltered wcscpy include include include include define SystemModuleInfo 11 / Program : Panda Global Protection 2010 3.01.00 Homepage : http://www.pandasecurity.com Discovery : 2010/04/09 Author Contacted : 2010/07/15 Status of vuln : Patche...
Microsoft ASP.NET - Padding Oracle File Download (MS10-070)
Microsoft ASP.NET - Padding Oracle File Download MS10-070 !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using Vaudenay's...
Chipmunk Board 1.3 - index.php?forumID SQL Injection
Chipmunk Board 1.3 - index.php?forumID SQL Injection Exploit Title: Chipmunk Board index.php?forumID Remote SQL Injection Vulnerability Date: October, 01 st 2010 Author: Shamus Software Link: http://www.chipmunk-scripts.com/board/board.zip Version: Chipmunk Forums Version 1.3 Tested on: windows C...
Microsoft Movie Maker - Remote Code Execution (MS10-016)
Microsoft Movie Maker - Remote Code Execution MS10-016 ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 4 | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/movie-maker-remote-code-execution-ms10-016/...
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC Exploit Title: Computer Associates Advantage Ingres 2.6 Multiple Buffer Overflow Vulnerabilities PoC Date: 2010-08-14 Author: @fdiskyou e-mail: rui at deniable.org Version: 2.6 Tested on: Windows 2003 Server SP1 en CVE:...
sNews - index.php SQL Injection
sNews - index.php SQL Injection Exploit Title:sNews index.php SQL Injection Vulnerability Date: 2010-07-24 Author: MajoR Software Link: http://snews.awddesign.co.uk Version: N/A Tested on: Wnidows xp SP2 CVE : N/A ====================================================sNews index.php SQL Injection...
Joomla! Component Gamesbox 1.0.2 - id SQL Injection
Joomla! Component Gamesbox 1.0.2 - id SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044)
Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly MS03-044 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly ---------------------------------------------------------------------------- Help and Support Centre is the default application...
Adobe Flash Reader - Live Malware
Adobe Flash Reader - Live Malware Exploit-DB Note - Live POC originally found at http://qoop.org/security/poc/cve-2010-1297/ File is malicious! Taken from the wild! Beware! To decrypt the file: openssl aes-256-cbc -d -a -in adobe-0day-2010-1297.tar.enc -out adobe-0day-2010-1297.tar Password is...
VMware View Portal 3.1 - Cross-Site Scripting
VMware View Portal 3.1 - Cross-Site Scripting DSECRG-09-058 Vmware View - XSS vulnerability Source:http://www.dsecrg.com/pages/vul/show.php?id=158 Linked XSS in VMware Portal Digital Security Research Group DSecRG Advisory DSECRG-09-058 Application: VMware View Portal Versions Affected:...
Milonic News - viewnews SQL Injection
Milonic News - viewnews SQL Injection ============================================================================= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----------------------------------------------------------------------------- + Title : Milonic News...
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
Autodesk SoftImage Scene TOC - Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage...
SharePoint 2007 - Team Services Source Code Disclosure
SharePoint 2007 - Team Services Source Code Disclosure ======= Summary ======= Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin Vendor: Microsoft Systems Affected: SharePoint 2007 12.0.0.6219,...
Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow
Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow !/usr/bin/python FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit Author: Dominic Chell Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016. As of September 2009 there are no public exploits for this vulnerability...