41207 matches found
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow ''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL:...
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1204 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos function,...
iBall Baton iB-WRA150N - DNS Change
iBall Baton iB-WRA150N - DNS Change !/bin/bash iBall Baton iB-WRA150N Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is accessible...
Sungard eTRAKiT3 3.2.1.17 - SQL Injection
Sungard eTRAKiT3 3.2.1.17 - SQL Injection Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticat...
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Microsoft Windows - Running Object Table Register ROTFLAGSALLOWANYCLIENT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGSALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or Window...
WordPress 4.7.4 - Unauthorized Password Reset
WordPress 4.7.4 - Unauthorized Password Reset ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High...
Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow
Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow ''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a lo...
D-Link DCS-936L Network Camera - Cross-Site Request Forgery
D-Link DCS-936L Network Camera - Cross-Site Request Forgery Exploit Title: D-Link DCS-936L network camera incomplete/weak CSRF protection vulnerability Date: 26/03/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: -...
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgerycrosssitescriptingincontactformmanagerwordpressplugin.html Abstract It was discovered that Contact Form Manager does not protect against...
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing ‘admin’ privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-273...
Sawmill Enterprise 8.7.9 - Authentication Bypass
Sawmill Enterprise 8.7.9 - Authentication Bypass + Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt + ISR: ApparitionSec Vendor: =============== www.sawmill.net Product:...
Mozilla Firefox 50.1.0 - Use-After-Free
Mozilla Firefox 50.1.0 - Use-After-Free -- body background-color:lime; font-color:red; ; / Mozilla Firefox 50.1.0 Use-After-Free POC Author: Marcin Ressel Date: 13.01.2017 Vendor Homepage: www.mozilla.org Software Link: https://ftp.mozilla.org/pub/firefox/releases/50.0.2/ Version: 50.1.0 Tested o...
Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free
Apple macOS 10.12 - Double vmdeallocate in Userspace MIG Code Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40954.zip Userspace MIG services often use...
Google Chrome 31.0.1650.48 - HTTP 1xx base::StringTokenizerT...::QuickGetNext Out-of-Bounds Read
Google Chrome 31.0.1650.48 - HTTP 1xx base::StringTokenizerT...::QuickGetNext Out-of-Bounds Read ''' Source: http://blog.skylined.nl/20161219001.html Synopsis A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The...
GNU Wget 1.18 - Access List Bypass Race Condition
GNU Wget 1.18 - Access List Bypass Race Condition ''' ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html - CVE-2016-7098 -...
SAP Adaptive Server Enterprise 16 - Denial of Service
SAP Adaptive Server Enterprise 16 - Denial of Service ''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory:...
EyeLock nano NXT 3.5 - Remote Code Execution
EyeLock nano NXT 3.5 - Remote Code Execution !/usr/bin/env python EyeLock nano NXT 3.5 Remote Root Exploit Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT...
PHP File Vault 0.9 - Directory Traversal
PHP File Vault 0.9 - Directory Traversal PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description...
Ubee EVW3226 ModemRouter 1.0.20 - Multiple Vulnerabilities
Ubee EVW3226 ModemRouter 1.0.20 - Multiple Vulnerabilities ''' Ubee EVW3226 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Ubee EVW3226, 1.0.20 - Product page: http://www.ubeeinteractive.com/products/cable/evw322...
Hitron CGNV4 ModemRouter 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
Hitron CGNV4 ModemRouter 4.3.9.9-SIP-UPC - Multiple Vulnerabilities Hitron CGNV4 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page:...
iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting
iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you...
PowerFolder Server 10.4.321 - Remote Code Execution
PowerFolder Server 10.4.321 - Remote Code Execution Mogwai Security Advisory MSA-2016-01 ---------------------------------------------------------------------- Title: PowerFolder Remote Code Execution Vulnerability Product: PowerFolder Server Affected versions: 10.4.321 Linux/Windows Other versio...
Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)
Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read MS15-112 !-- CVE-2015-6086 Out Of Bound Read Vulnerability Address Space Layout Randomization ASLR Bypass Improper handling of new line and white space character caused Out of Bound Read in...
Trend Micro Deep Discovery Inspector 3.83.7 - Cross-Site Request Forgery
Trend Micro Deep Discovery Inspector 3.83.7 - Cross-Site Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt Vendor: ==================== www.trendmicro.com Product:...
libotr 4.1.0 - Memory Corruption
libotr 4.1.0 - Memory Corruption ''' X41 D-Sec GmbH Security Advisory: X41-2016-001 Memory Corruption Vulnerability in "libotr" =========================================== Overview -------- Severity Rating: high Confirmed Affected Version: 4.1.0 and below Confirmed Patched Version: libotr 4.1.1...
BlackBerry Enterprise Service 12.4 (BES12) Self-Service - Multiple Vulnerabilities
BlackBerry Enterprise Service 12.4 BES12 Self-Service - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. BlackBerry Enterprise Service 12 BES12 Self-Service Affected...
KiTTY Portable 0.65.0.2p (Windows 8.110) - Local kitty.ini Overflow
KiTTY Portable 0.65.0.2p Windows 8.110 - Local kitty.ini Overflow Exploit Title: KiTTY Portable = 0.65.0.2p Local kitty.ini Overflow Win8.1/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploi...
TECO SG2 FBD Client 3.51 - .gfb Overwrite Buffer Overflow (SEH) (PoC)
TECO SG2 FBD Client 3.51 - .gfb Overwrite Buffer Overflow SEH PoC TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Download: http://globalsa.teco.com.tw/supportdownload.aspx?KindID=9...
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
Kaseya Virtual System Administrator VSA - Multiple Vulnerabilities 2 Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post...
Kaseya Virtual System Administrator (VSA) 7.0 9.1 - (Authenticated) Arbitrary File Upload
Kaseya Virtual System Administrator VSA 7.0 9.1 - Authenticated Arbitrary File Upload !/usr/bin/ruby kazPwn.rb - Kaseya VSA v7 to v9.1 authenticated arbitrary file upload CVE-2015-6589 / ZDI-15-450 =================== by Pedro Ribeiro / Agile Information Security Disclosure date: 28/09/2015 Usage...
Mozilla Firefox 39.03 - pdf.js Same Origin Policy
Mozilla Firefox 39.03 - pdf.js Same Origin Policy / Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var...
4 TOTOLINK Router Models - Cross-Site Request Forgery Cross-Site Scripting
4 TOTOLINK Router Models - Cross-Site Request Forgery Cross-Site Scripting Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...
Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery
Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web...
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities Document Title: =============== SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1314 Release Date: ============= 2015-03-23 Vulnerability Laboratory I...
Adobe Flash Player - Arbitrary Code Execution
Adobe Flash Player - Arbitrary Code Execution Source: https://github.com/SecurityObscurity/cve-2015-0313 PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/36491.zip Adobe Flash vulnerability source code cve-2015-0313 from Angler Exploit Kit Reference:...
Dell-iDRAC-IPMI-1.5
Dell iDRAC IPMI v1.5 Implementation contains a flaw that is triggered as session IDs are assigned incrementally rather than randomly, and limit the overall pool. This may allow a remote attacker trivially predict session IDs, hijack a session, and inject arbitrary commands. from time import sleep...
Foxit-Reader-4.1.1-EggHunter
Date: 15 Nov 10 Author: dookie at offsec.com App: Foxit Reader 4.1.1 preamble =...
Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure
Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version...
xRadio-0.95b-(.xrl)
xRadio is affected by stack-based buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploitation of the vulnerability allows an attacker to execute arbitrary code. Other versions are also affected but have a different trigger...
Wickr Desktop 2.2.1 Windows - Denial of Service
Wickr Desktop 2.2.1 Windows - Denial of Service Document Title: =============== Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1377 Video:...
F5 BIG-IP 10.1.0 - Directory Traversal
F5 BIG-IP 10.1.0 - Directory Traversal +------------------------------------------------------+ + F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability + +------------------------------------------------------+ Affected Product : F5 BIG-IP Vendor Homepage : http://www.f5.com/ Version : 10.1.0...
Konke Smart Plug K - Authentication Bypass
Konke Smart Plug K - Authentication Bypass ----------------------------------------------------------------------- Konke Smart Plug Authentication Bypass Vulnerability ----------------------------------------------------------------------- Author : gamehacker&zixian Mail : gh&zixian Date : Oct,...
WS10 Data Server - SCADA Overflow (PoC)
WS10 Data Server - SCADA Overflow PoC Exploit Title: WS10 Data Server SCADA Exploit Overflow PoC Date: 09/23/2014 Author: Pedro Sánchez Version: 1.83 English Tested on: Windows 7 embedded. Notified the vendor, vendor never responded. In the new version this PoC stops working Vendor: Novus...
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - ·...
ArticleFR 11.06.2014 - data.php Privilege Escalation
ArticleFR 11.06.2014 - data.php Privilege Escalation Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014...
EagleGet 1.1.8.1 - Denial of Service
EagleGet 1.1.8.1 - Denial of Service Exploit Title: EagleGet 1.1.8.1 DoS Exploit Date: 03 April 2014 Exploit Author: Interference Security Vendor Homepage: http://www.eagleget.com/ Software Link: http://www.eagleget.com/download/ Version: 1.1.8.1 Tested on: Microsoft Windows XP SP3 print " Crash...
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC:...
HP Data Protector - EXEC_BAR Remote Command Execution
HP Data Protector - EXECBAR Remote Command Execution import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Test...
Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2)
Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery 2 Exploit Title : CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free,...