Hitron CGNV4 ModemRouter 4.3.9.9-SIP-UPC - Multiple Vulnerabilities

Hitron CGNV4 ModemRouter 4.3.9.9-SIP-UPC - Multiple Vulnerabilities Hitron CGNV4 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page:...

EMC ViPR SRM - Cross-Site Request Forgery

EMC ViPR SRM - Cross-Site Request Forgery !-- EMC M&R Watch4net lacks Cross-Site Request Forgery protection Abstract It was discovered that EMC M&R Watch4net does not protect against Cross-Site Request Forgery CSRF attacks. A successful CSRF attack can compromise end user data and may allow an...

Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation

Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Source: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/ptchown was used to change ownership of slave pts...

BlackBerry Enterprise Service 12.4 (BES12) Self-Service - Multiple Vulnerabilities

BlackBerry Enterprise Service 12.4 BES12 Self-Service - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. BlackBerry Enterprise Service 12 BES12 Self-Service Affected...

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure

Apache Sling Framework Adobe AEM 2.3.6 - Information Disclosure Document Title: =============== Apache Sling Framework v2.3.6 Adobe AEM CVE-2016-0956 - Information Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1536 Adobe...

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=573 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux Platform: Windows 10, not tested any other OS Class...

WhatsUp Gold 16.3 - Remote Code Execution

WhatsUp Gold 16.3 - Remote Code Execution Exploit Title: WhatsUp Gold v16.3 Unauthenticated Remote Code Execution Date: 2016-01-13 Exploit Author: Matt Buzanowski Vendor Homepage: http://www.ipswitch.com/ Version: 16.3.x Tested on: Windows 7 x86 CVE : CVE-2015-8261 Usage: python...

PHPIPAM 1.1.010 - Multiple Vulnerabilities

PHPIPAM 1.1.010 - Multiple Vulnerabilities Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...

Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File

Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File Title: Microsoft Windows Media Center Library Parsing RCE Vuln aka "self-executing" MCL file CVE-2015-6131 Software Vendor: Microsoft Software version : MS Windows Media Center latest version on any...

Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation

Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation Source: https://code.google.com/p/google-security-research/issues/detail?id=515 NVIDIA: Stereoscopic 3D Driver Service Arbitrary Run Key Creation Platform: Windows, NVIDIA Service Version 7.17.13.5382 Class: Elevation...

Cambium ePMP 1000 - Multiple Vulnerabilities

Cambium ePMP 1000 - Multiple Vulnerabilities July 14, 2015: First contacted Cambium July 14, 2015: Initial vendor response July 16, 2015: Vuln Details reported to Cambium July 31, 2015: Followup on advisory and fix timelines August 03, 2015: Vendor gives mid-Aug as fix v2.5 release timeline. Ceas...

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...

Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities

Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Critical vulnerabilities allow surveillance on...

DeDeCMS 5.7-sp1 - Remote File Inclusion

DeDeCMS 5.7-sp1 - Remote File Inclusion ========================== Exploit Title: Dedecms variable coverage leads to getshell Date: 26-06-2015 Vendor Homepage: http://www.dedecms.com/ Version: dedecms 5.7-sp1 and all old version CVE : CVE-2015-4553 =========================== CVE-2015-4553Dedecms...

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web...

phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection

phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection 0-day Website : http://codecanyon.net/item/phpsfp-schedule-facebook-posts/5177393...

Adobe Flash Player - Arbitrary Code Execution

Adobe Flash Player - Arbitrary Code Execution Source: https://github.com/SecurityObscurity/cve-2015-0313 PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/36491.zip Adobe Flash vulnerability source code cve-2015-0313 from Angler Exploit Kit Reference:...

EMC MR (Watch4net) - Credential Disclosure

EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities

Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385...

LG DVR LE6016D - Remote UsersPasswords Disclosure

LG DVR LE6016D - Remote UsersPasswords Disclosure !/usr/bin/perl LG DVR LE6016D unauthenticated remote users/passwords disclosure exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Digital video recorder DVR surveillance is the use of cameras, often hidden or concealed, that use...

ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery

ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery :8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden" name="newDCAuthUser...

Symantec Encryption Management Server 3.2.0 MP6 - Remote Command Injection

Symantec Encryption Management Server 3.2.0 MP6 - Remote Command Injection Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encrypti...

HP Data Protector 8.x - Remote Command Execution

HP Data Protector 8.x - Remote Command Execution !/usr/bin/python Exploit Title: HP-Data-Protector-8.x Remote command execution. Google Dork: - Date: 30/01/2015 Exploit Author: Juttikhun Khamchaiyaphum Vendor Homepage: https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emrna-c04373818...

Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation

Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation / Exploit Title - Comodo Backup Null Pointer Dereference Privilege Escalation Date - 23rd January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.comodo.com Tested Version - 4.4.0.0 Driver Version -...

IPUX CL5452CL5132 IP Camera - UltraSVCamX.ocx ActiveX Stack Buffer Overflow

IPUX CL5452CL5132 IP Camera - UltraSVCamX.ocx ActiveX Stack Buffer Overflow IPUX CL5452/CL5132 IP Camera UltraSVCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com Affected version:...

WordPress Plugin DukaPress 2.5.2 - Directory Traversal

WordPress Plugin DukaPress 2.5.2 - Directory Traversal Exploit Title: DukaPress 2.5.2 Path Traversal Date: 27-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/dukapress.2.5.2.zip Category: webapps CVE: CVE-2014-8799 1...

Microsoft Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution PowerShell VirtualAlloc (MS14-064)

Microsoft Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution PowerShell VirtualAlloc MS14-064 |--------------------------------------------------------------------------| | Title: OLE Automation Array Remote Code Execution = Pre IE11 | | Original Exploit: yuange -...

OSSEC 2.8 - hosts.deny Local Privilege Escalation

OSSEC 2.8 - hosts.deny Local Privilege Escalation !/usr/bin/python Exploit Title: ossec 2.8 Insecure Temporary File Creation Vulnerability Privilege Escalation Date: 14-11-14 Exploit Author: skynet-13 Vendor Homepage: www.ossec.net/ Software Link:...

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="...

VTLS Virtua InfoStation.cgi - SQL Injection

VTLS Virtua InfoStation.cgi - SQL Injection =====Alligator Security Team - Security Advisory============================ - VTLS Virtua InfoStation.cgi SQLi - CVE-2014-2081 - Author: José Tozo =====Table of Contents====================================================== 1. Background 2. Detailed...

TORQUE Resource Manager 2.5.x 2.5.13 - Stack Buffer Overflow Stub

TORQUE Resource Manager 2.5.x 2.5.13 - Stack Buffer Overflow Stub !/usr/bin/env python Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub Date: 27 May 2014 Exploit Author: bwall - @botnethunter Vulnerability discovered by: MWR Labs CVE: CVE-2014-0749 Vendor...

Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities

Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities Date: 05/20/2014 Author: Samandeep Singh - SaMaN @samanL33T Vendor...

Skybox Security 6.3.x 6.4.x - Multiple Denial of Service Vulnerabilities

Skybox Security 6.3.x 6.4.x - Multiple Denial of Service Vulnerabilities Exploit Title: SKYBOX Security - DDOS Date: 22-Jan-2014 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.skyboxsecurity.com Version: Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54,...

HP Data Protector - EXEC_BAR Remote Command Execution

HP Data Protector - EXECBAR Remote Command Execution import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Test...

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting Exploit Title: CTERA Project Folders - Stored XSS Date: 11-Mar-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.ctera.com Version: 3.2.29.0 and 3.2.42.0 Tested on: ctera os CVE : CVE-2013-2639 OVERVIEW Standard Ctera User...

MuPDF 1.3 - xps_parse_color() Stack Buffer Overflow

MuPDF 1.3 - xpsparsecolor Stack Buffer Overflow ============================================================= 0day - MuPDF Stack-based Buffer Overflow in xpsparsecolor ============================================================= Date of discovery: 2013-01-26 Software Links: http://www.mupdf.com/...

QuickHeal AntiVirus 7.0.0.1 - Local Stack Overflow

QuickHeal AntiVirus 7.0.0.1 - Local Stack Overflow Document Title: =============== QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1171 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-67...

Gitlab 6.0 - Persistent Cross-Site Scripting

Gitlab 6.0 - Persistent Cross-Site Scripting Exploit-DB note: Tested commit 10b0b8f1797e6c09b4c063c04a4864ecd31d34f4 Exploit Title: gitlab persistent xss exploit Date: 12/16/2013 Exploit Author: hellok Vendor Homepage: gitlab.org !/bin/sh author hellok for file format ext pwn for gitlab 12/16/201...

Microsoft Windows - NDPROXY SYSTEM Privilege Escalation (MS14-002)

Microsoft Windows - NDPROXY SYSTEM Privilege Escalation MS14-002 NDPROXY Local SYSTEM privilege escalation http://www.offensive-security.com Tested on Windows XP SP3 http://www.offensive-security.com/vulndev/ndproxy-local-system-exploit-cve-2013-5065/ Original crash ... null pointer dereference...

Zikula CMS 1.3.5 - Multiple Vulnerabilities

Zikula CMS 1.3.5 - Multiple Vulnerabilities Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID:...

Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities

Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities Title: ====== Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=791 VL-ID: ===== 791 Common...

Intelligent Platform Management Interface - Information Disclosure

Intelligent Platform Management Interface - Information Disclosure source: https://www.securityfocus.com/bid/61076/info Intelligent Platform Management Interface is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid...

Top Games Script 1.2 - play.php?gid SQL Injection

Top Games Script 1.2 - play.php?gid SQL Injection TopGamesScript-v1.2 play.php Sql Injection Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home :...

MobileIron Virtual Smartphone Platform - Privilege Escalation

MobileIron Virtual Smartphone Platform - Privilege Escalation MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...

WPS Office - Wpsio.dll Stack Buffer Overflow

WPS Office - Wpsio.dll Stack Buffer Overflow WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/25140.tgz 1 Summary CVE number: CVE-2012-4886 Impact: High Vendor homepage: http://www.wps.cn Credit:...

VMware Virtual Machine Communication Interface (VMCI) - vmci.sys

VMware Virtual Machine Communication Interface VMCI - vmci.sys / CVE-2013-1406 exploitation PoC by Artem Shishkin, Positive Research, Positive Technologies, 02-2013 / void stdcall FireShellDWORD dwSomeParam EscalatePrivilegeshProcessToElevate; // Equate the stack and quit the cycle ifndef AMD64 a...

iOS IPMap 2.5 - Arbitrary File Upload

iOS IPMap 2.5 - Arbitrary File Upload Title: ====== IPMap v2.5 iPad iPhone - Arbitrary File Upload Web Vulnerabilities Date: ===== 2013-02-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=866 VL-ID: ===== 866 Common Vulnerability Scoring System:...

ImageCMS 4.0.0b - Multiple Vulnerabilities

ImageCMS 4.0.0b - Multiple Vulnerabilities Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability...