Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)

Kaseya Virtual System Administrator VSA - Multiple Vulnerabilities 2 Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post...

Centreon 2.6.1 - Multiple Vulnerabilities

Centreon 2.6.1 - Multiple Vulnerabilities Centreon 2.6.1 Command Injection Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for...

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write (PoC)

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-004 Publication Date: 2015.09.01 Publicati...

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL:...

Seagate Central 2014.0410.0026-F - Remote Facebook Access Token

Seagate Central 2014.0410.0026-F - Remote Facebook Access Token !/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.se...

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE :...

NPDS CMS REvolution-13 - SQL Injection

NPDS CMS REvolution-13 - SQL Injection Title - NPDS CMS Revolution-13 - SQL Injection Vulnerability Credits & Author: Narendra Bhati R00t Sh3ll www.websecgeeks.com References Source: ==================== http://www.npds.org/viewtopic.php?topic=26233&forum=12...

Foxit-Reader-4.1.1-EggHunter

Date: 15 Nov 10 Author: dookie at offsec.com App: Foxit Reader 4.1.1 preamble =...

xEpan 1.0.1 - Cross-Site Request Forgery

xEpan 1.0.1 - Cross-Site Request Forgery Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public...

F5 BIG-IP 10.1.0 - Directory Traversal

F5 BIG-IP 10.1.0 - Directory Traversal +------------------------------------------------------+ + F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability + +------------------------------------------------------+ Affected Product : F5 BIG-IP Vendor Homepage : http://www.f5.com/ Version : 10.1.0...

ArticleFR 11.06.2014 - data.php Privilege Escalation

ArticleFR 11.06.2014 - data.php Privilege Escalation Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014...

OXID eShop 4.7.115.0.11 4.8.45.1.4 - Multiple Vulnerabilities

OXID eShop 4.7.115.0.11 4.8.45.1.4 - Multiple Vulnerabilities Exploit Title: OXID eShop v4.7.11/5.0.11 + v4.8.4/5.1.4 Multiple Vulnerabilities Google Dork: - Date: 12/2013 Exploit Author: //sToRm Author mail: [email protected] Vendor Homepage: http://www.oxid-esales.com Software Link: -...

iOS 7 - Kernel Mode Memory Corruption

iOS 7 - Kernel Mode Memory Corruption ...................................... Vulnerability Summary ...................................... Title iOS 7 arbitrary code execution in kernel mode Release Date 14 March 2014 Reference NGS00596 Discoverer Andy Davis Vendor Apple Vendor Reference 600217059...

SpagoBI 4.0 - Persistent Cross-Site Scripting

SpagoBI 4.0 - Persistent Cross-Site Scripting 01. Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Informati...

ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)

ImageMagick 6.8.8-4 - Local Buffer Overflow SEH !/usr/bin/perl Exploit Title: ImageMagick 6.8.8-5 - Local Buffer Overflow SEH Date: 2-13-2014 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ImageMagick all versions prior to 6.8.8-5 Software Link:...

Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass

Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video:...

Zikula CMS 1.3.5 - Multiple Vulnerabilities

Zikula CMS 1.3.5 - Multiple Vulnerabilities Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID:...

HylaFAX+ 5.2.4 5.5.3 - Buffer Overflow

HylaFAX+ 5.2.4 5.5.3 - Buffer Overflow Details =========================================================== Application: "HylaFAX+" Version: 5.2.4 April, 2008 through 5.5.3 August 6, 2013 Type: Daemon that manages a fax server via an FTP-like protocol. Vendor / Maintainer: Lee Howard faxguy at...

PinApp Mail-SeCure 3.70 - Access Control Failure

PinApp Mail-SeCure 3.70 - Access Control Failure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PinApp Mail-SeCure Access Control Failure 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:...

DeWeS 0.4.2 - Directory Traversal

DeWeS 0.4.2 - Directory Traversal Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Travers...

D-Link DIR-615 Rev D3 DIR-300 Rev A - Multiple Vulnerabilities

D-Link DIR-615 Rev D3 DIR-300 Rev A - Multiple Vulnerabilities Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...

VMware Virtual Machine Communication Interface (VMCI) - vmci.sys

VMware Virtual Machine Communication Interface VMCI - vmci.sys / CVE-2013-1406 exploitation PoC by Artem Shishkin, Positive Research, Positive Technologies, 02-2013 / void stdcall FireShellDWORD dwSomeParam EscalatePrivilegeshProcessToElevate; // Equate the stack and quit the cycle ifndef AMD64 a...

Oracle Automated Service Manager 1.3 - Installation Privilege Escalation

Oracle Automated Service Manager 1.3 - Installation Privilege Escalation Oracle Automated Service Manager 1.3 local root during install Larry W. Cashdollar 1/29/2013 @larry0 SUNWsasm-1.3.1-20110815093723 https://updates.oracle.com/Orion/Services/download?type=readme&aru=15864534 From the README:...

Useresponse 1.0.2 - Privilege Escalation Remote Code Execution

Useresponse 1.0.2 - Privilege Escalation Remote Code Execution !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.co...

AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows

AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows Title: ====== AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=492 VL-ID: ===== 492 Introduction: ============= An all-in-one...

Network Instrument Observer - SNMP SetRequest Denial of Service

Network Instrument Observer - SNMP SetRequest Denial of Service Application: Network Instrument Observer SNMP SetRequest Denial of Service Vulnerability Platforms: Windows Secunia: SA47898 PRL: 2012-05 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/...

Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution

Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution Abysssec Public Exploit CVE-2011-2140 This exploit tested on Adobe Flash Player = 10.3.181.34 XP sp3 twitter : @abysssec contact : info at abysssec.com...

Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities

Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/51444/info Rockwell Automation FactoryTalk Activation Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues...

DIY-CMS blog mod - SQL Injection

DIY-CMS blog mod - SQL Injection Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG:...

CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)

CyberLink Multiple Products - File Project Handling Stack Buffer Overflow PoC !/usr/bin/python Exploit Title: CyberLink Multiple Products File Project Handling Stack Buffer Overflow POC by: modpr0beatspenteradotcom @modpr0be Platform: Windows Tested on: Windows XP SP3, Windows 7 SP1 with: CyberLi...

Microsoft Windows XP2003 - afd.sys Local Privilege Escalation (MS11-080)

Microsoft Windows XP2003 - afd.sys Local Privilege Escalation MS11-080 MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping...

Google Android - content: URI Multiple Information Disclosure Vulnerabilities

Google Android - content: URI Multiple Information Disclosure Vulnerabilities Android Data Stealing Web PageClick: Malicious Link"; // Stage 1: Redirect to Stage 2 which will force a download of the HTML/...

Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

Siemens SIMATIC WinCC Flexible Runtime - Multiple Vulnerabilities Luigi Auriemma Application: Siemens SIMATIC WinCC flexible Runtime http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx Versions: 2008 SP2...

GNUBoard 4.33.02 - tp.php?PATH_INFO SQL Injection

GNUBoard 4.33.02 - tp.php?PATHINFO SQL Injection Exploit Title: Gnuboard = 4.33.02 PATHINFO SQL INJECTION Vulnerability Google Dork: inurl:gnuboard4/bbs/board.php Date: 2011-2-14 Author: flyh4t Software Link: http://sir.co.kr/main/gnuboard4/ Version: Gnuboard = 4.33.02 Tested on: linux+apache CVE...

Simple HTTPd 1.42 - PUT Remote Buffer Overflow

Simple HTTPd 1.42 - PUT Remote Buffer Overflow !/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/...

Nibbleblog 3 - Multiple SQL Injections

Nibbleblog 3 - Multiple SQL Injections source: https://www.securityfocus.com/bid/48339/info Nibbleblog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an...

4Images 1.7.9 - Multiple Vulnerabilities

4Images 1.7.9 - Multiple Vulnerabilities ================================ Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07...

Oracle WebLogic - POST Session Fixation

Oracle WebLogic - POST Session Fixation Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researcher Roberto Suggi Liveran...

Linux Kernel 2.6.37-rc2 - TCP_MAXSEG Kernel Panic (Denial of Service) (2)

Linux Kernel 2.6.37-rc2 - TCPMAXSEG Kernel Panic Denial of Service 2 / TCPMAXSEG Kernel Panic DoS for Linux include include include include include int main struct sockaddrin laddr; memset&laddr, 0, sizeofladdr; laddr.sinfamily = AFINET; laddr.sinaddr.saddr = inetaddr"127.0.0.1"; laddr.sinport =...

WonderWare InBatch 9.0sp1 - Buffer Overflow

WonderWare InBatch 9.0sp1 - Buffer Overflow Source: http://aluigi.org/adv/inbatch1-adv.txt Luigi Auriemma Application: Wonderware InBatch http://global.wonderware.com/EN/Pages/WonderwareInBatchSoftware.aspx any other software that uses the lmtcp server called "Raima Database lockmgr" like Foxboro...

Woltlab Burning Board Userlocator 2.5 - SQL Injection

Woltlab Burning Board Userlocator 2.5 - SQL Injection ----------------------------Information------------------------------------------------ +Name : Woltlab Burning Board Userlocator V2.5 Hack = SQL injection Exploit +Autor : Easy Laster +Date : 08.11.2010 +Script : Woltlab Burning Board...

Blue River Mura CMS - Directory Traversal

Blue River Mura CMS - Directory Traversal Sep 24, 2010 Title: Blue River Mura CMS Directory Traversal Version: 1.0 Issue type: Directory Traversal Affected vendor: Blue River Interactive Group Release date: 24/09/2010 Discovered by: Steven Seeley & Rohan Stelling Summary Mura CMS is an open sourc...

U.S.Robotics USR5463 0.06 Firmware - setup_ddns.exe HTML Injection

U.S.Robotics USR5463 0.06 Firmware - setupddns.exe HTML Injection source: https://www.securityfocus.com/bid/40292/info U.S.Robotics USR5463 firmware is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code...

Samba 3.4.73.5.1 - Denial of Service

Samba 3.4.73.5.1 - Denial of Service =============================================================================== stratsec Security Advisory: SS-2010-005 =============================================================================== Title: Samba Multiple DoS Vulnerabilities Version: 1.0 Issue...

Urgent Backup 3.20 ABC Backup Pro 5.20 ABC Backup 5.50 - .zip File (SEH)

Urgent Backup 3.20 ABC Backup Pro 5.20 ABC Backup 5.50 - .zip File SEH !/usr/bin/ruby Software : Urgent Backup 3.20 / ABC Backup Pro 5.20 / ABC Backup 5.50 Author : Lincoln Date : April 27, 2010 Reference : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034 OS : Windows Tested on : XP SP...

WHMCompleteSolution (WHMCS) control (WHMCompleteSolution) - SQL Injection

WHMCompleteSolution WHMCS control WHMCompleteSolution - SQL Injection =Info======================================================================= Software: WHMCS control WHMCompleteSolution Sql Injection Vulnerability: Remote Sql Injection Google Dork: Powered by WHMCompleteSolution - or "...

Virata EmWeb R6.0.1 - Remote Crash

Virata EmWeb R6.0.1 - Remote Crash Exploit Title: Virata EmWeb R6.0.1 Remote Crash Vulnerability Date: 06/04/10 Author: Jobert Abma Online 24 Email: j.abmaatonline24dotnl Version: R6.0.1 Tested on: linux CVE : Code : This was written for educational purpose. Use it at your own risk. Author will b...

Easy-Clanpage 2.2 - Multiple SQL Injections

Easy-Clanpage 2.2 - Multiple SQL Injections ----------------------------Information------------------------------------------------ +Name : Easy-Clanpage 2.2 http://www.easy-clanpage.de /?section=downloads&action=viewdl&id=18 +Price : for free +Language : PHP +Discovered by Easy Laster +Security...

Asp - comersus7F Shopping Cart Software Backup Dump

Asp - comersus7F Shopping Cart Software Backup Dump ======================================================================================== | Title : Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability | Author : indoushka | Home : www.iqs3cur1ty.com | Bug : Database Disclosure...

Interactivefx.ie CMS - SQL Injection

Interactivefx.ie CMS - SQL Injection ================================================ Interactivefx.ie CMS SQL Injection Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ ...