41207 matches found
REDDOXX Appliance Build 2032 2.0.625 - Remote Command Execution
REDDOXX Appliance Build 2032 2.0.625 - Remote Command Execution Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root...
Pelco SarixSpectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
Pelco SarixSpectra Cameras - Cross-Site Request Forgery Enable SSH Root Access Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware:...
Nuevomailer 6.0 - SQL Injection
Nuevomailer 6.0 - SQL Injection Exploit Title: Nuevo mailer version = 6.0 SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and below Tested on: Linux Vulnerable script: rdr.php Vulnerable...
Linux Kernel 4.10.13 - keyctl_set_reqkey_keyring Local Denial of Service
Linux Kernel 4.10.13 - keyctlsetreqkeykeyring Local Denial of Service / Source: https://bugzilla.novell.com/showbug.cgi?id=1034862 QA REPRODUCER: gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils ./CVE-2017-7472 will run the kernel out of memory / include include int main for ;;...
PuTTY 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption
PuTTY 0.68 - sshagentchanneldata Integer Overflow Heap Corruption Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a...
Sungard eTRAKiT3 3.2.1.17 - SQL Injection
Sungard eTRAKiT3 3.2.1.17 - SQL Injection Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticat...
dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting
dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...
Microsoft Edge (Windows 10) - chakra.dll Information Leak Type Confusion Remote Code Execution
Microsoft Edge Windows 10 - chakra.dll Information Leak Type Confusion Remote Code Execution Source: https://github.com/theori-io/chakra-2016-11 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40990.zip chakra.dll Info Leak + Type Confusion fo...
Google Chrome 31.0.1650.48 - HTTP 1xx base::StringTokenizerT...::QuickGetNext Out-of-Bounds Read
Google Chrome 31.0.1650.48 - HTTP 1xx base::StringTokenizerT...::QuickGetNext Out-of-Bounds Read ''' Source: http://blog.skylined.nl/20161219001.html Synopsis A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The...
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free (MS15-018)
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free MS15-018 // This PoC attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new RegExp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g";...
Microsoft Windows Server 20082012 - LDAP RootDSE Netlogon Denial of Service
Microsoft Windows Server 20082012 - LDAP RootDSE Netlogon Denial of Service !/usr/bin/perl MS Windows Server 2008/2008 R2/ 2012/2012 R2/ AD LDAP RootDSE Netlogon CLDAP "AD Ping" query reflection DoS PoC Copyright 2016 c Todor Donev Varna, Bulgaria [email protected]...
InfraPower PPS-02-S Q213V1 - Authentication Bypass
InfraPower PPS-02-S Q213V1 - Authentication Bypass InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...
Oracle BI Publisher 11.1.1.6.011.1.1.7.011.1.1.9.012.2.1.0.0 - XML External Entity Injection
Oracle BI Publisher 11.1.1.6.011.1.1.7.011.1.1.9.012.2.1.0.0 - XML External Entity Injection Exploit Title: Oracle BI Publisher formerly XML Publisher - XML External Entity Injection w/o authentication Date: 20\10\2016 Exploit Author: Jakub Palaczynski CVE : CVE-2016-3473 Vendor Homepage:...
SAP Adaptive Server Enterprise 16 - Denial of Service
SAP Adaptive Server Enterprise 16 - Denial of Service ''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory:...
ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.6 3.0.1.5 160622 3.0.1.1...
X-Cart 4.1.3 - Arbitrary Variable Overwrite
X-Cart 4.1.3 - Arbitrary Variable Overwrite X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic quotes gpc settings ...
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
Open Upload 0.4.2 - Cross-Site Request Forgery Add Admin ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...
Ktools Photostore 4.7.5 - Blind SQL Injection
Ktools Photostore 4.7.5 - Blind SQL Injection Title : Ktools Photostore = 4.7.5 Pre-Authentication Blind SQL Injection CVE-ID : CVE-2016-4337 Google Dork: inurl:mgr.login.php Product : Photostore Affected : Versions prior to 4.7.5 Impact : Critical Remote : Yes Website link: http://www.ktools.net...
Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)
Dream Gallery 1.0 - Cross-Site Request Forgery Add Admin...
CakePHP Framework 3.2.4 - IP Spoofing
CakePHP Framework 3.2.4 - IP Spoofing ============================================= - Release date: 12.05.2016 - Discovered by: Dawid Golunski - Severity: Medium ============================================= I. VULNERABILITY ------------------------- CakePHP Framework = 3.2.4 IP Spoofing...
Merit Lilin IP Cameras - Multiple Vulnerabilities
Merit Lilin IP Cameras - Multiple Vulnerabilities / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the...
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation MS16-048 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=692 Windows: CSRSS BaseSrvCheckVDM Session 0 Process Creation EoP Platform: Windows 8.1, not tested on Windows 10 or 7 Class:...
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-06 www.orwelllabs.com Twitter:@orwelllabs mantra: ...not affect a product that is in...
McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass / Security Advisory @ Mediaservice.net Srl 01, 13/04/2016 Data Security Division Title: McAfee VirusScan Enterprise security restrictions bypass Application: McAfee VirusScan Enterprise 8.8 and prior versions Platform: Microsoft Windo...
WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities
WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI:...
Crouzet em4 soft 1.1.04 M3 soft 3.1.2.0 - Insecure File Permissions
Crouzet em4 soft 1.1.04 M3 soft 3.1.2.0 - Insecure File Permissions Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions Vendor: Crouzet Automatismes SAS Product web page: http://www.crouzet-automation.com Affected version: em4 soft 1.1.04 and 1.1.03.01 M3 soft 3.1.2.0 Summary:...
BlackBerry Enterprise Service 12.4 (BES12) Self-Service - Multiple Vulnerabilities
BlackBerry Enterprise Service 12.4 BES12 Self-Service - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. BlackBerry Enterprise Service 12 BES12 Self-Service Affected...
Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting
Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed...
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=573 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux Platform: Windows 10, not tested any other OS Class...
AVM FRITZ!Box 6.30 - Remote Buffer Overflow
AVM FRITZ!Box 6.30 - Remote Buffer Overflow Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device...
KiTTY Portable 0.65.0.2p (Windows XP710) - Chat Remote Buffer Overflow (SEH)
KiTTY Portable 0.65.0.2p Windows XP710 - Chat Remote Buffer Overflow SEH Exploit Title: KiTTY Portable = 0.65.0.2p Chat Remote Buffer Overflow SEH WinXP/Win7/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub:...
KiTTY Portable 0.65.0.2p (Windows 8.110) - Local kitty.ini Overflow
KiTTY Portable 0.65.0.2p Windows 8.110 - Local kitty.ini Overflow Exploit Title: KiTTY Portable = 0.65.0.2p Local kitty.ini Overflow Win8.1/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploi...
Grawlix 1.0.3 - Cross-Site Request Forgery
Grawlix 1.0.3 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/20...
Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions
Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions Title: Ovidentia Module bulletindoc 2.9 Multiple Remote File Inclusion Vulnerabilities Author: bd0rk eMail: bd0rkathackermail.com Twitter: twitter.com/bd0rk Tested on: Ubuntu-Linux Download:...
MakeSFX.exe 1.44 - Local Stack Buffer Overflow
MakeSFX.exe 1.44 - Local Stack Buffer Overflow ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Vendor: ================================ freeextractor.sourceforge.net/FreeExtractor...
Joomla! Component Helpdesk Pro 1.4.0 - Multiple Vulnerabilities
Joomla! Component Helpdesk Pro 1.4.0 - Multiple Vulnerabilities Document Title ============== Joomla! plugin Helpdesk Pro 1.4.0 Reported By =========== Simon Rawet from Outpost24 Kristian Varnai from Outpost24 Gregor Mynarsky from Outpost24 https://www.outpost24.com/ For full details, see;...
Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting
Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting =============================================================================== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script...
WordPress Plugin WP Symposium 15.1 - show SQL Injection
WordPress Plugin WP Symposium 15.1 - show SQL Injection ======================================================================= title: SQL Injection product: WordPress WP Symposium Plugin vulnerable version: 15.1 and probably below fixed version: 15.4 CVE number: CVE-2015-3325 impact: CVSS Base...
ArcSight Logger - Arbitrary File Upload Code Execution
ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385...
NPDS CMS REvolution-13 - SQL Injection
NPDS CMS REvolution-13 - SQL Injection Title - NPDS CMS Revolution-13 - SQL Injection Vulnerability Credits & Author: Narendra Bhati R00t Sh3ll www.websecgeeks.com References Source: ==================== http://www.npds.org/viewtopic.php?topic=26233&forum=12...
IceCream Ebook Reader 1.41 - Crash (PoC)
IceCream Ebook Reader 1.41 - Crash PoC Exploit Title: Icecream Ebook Reader v1.41 .mobi/.prc Denial of Service Date: 23/01/2015 Exploit Author: Kapil Soni Twitter: @Haxinos Vendor Homepage: http://icecreamapps.com/ Version: Icecream Ebook Reader v1.41 Tested on: Windows XP SP2 Technical Details &...
Nagios-history.cgi-Exec-Code
CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...
Elipse E3 - HTTP Denial of Service
Elipse E3 - HTTP Denial of Service // Exploit Http DoS Request for SCADA ATTACK Elipse 3 // Mauro Risonho de Paula Assumpção aka firebits // [email protected] // 29-10-2013 11:42 // Vendor Homepage: http://www.elipse.com.br/port/index.aspx // Software Link:...
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="...
webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal
webEdition 6.3.8.0 SVN-Revision: 6985 - Directory Traversal Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical detail...
iOS 7 - Kernel Mode Memory Corruption
iOS 7 - Kernel Mode Memory Corruption ...................................... Vulnerability Summary ...................................... Title iOS 7 arbitrary code execution in kernel mode Release Date 14 March 2014 Reference NGS00596 Discoverer Andy Davis Vendor Apple Vendor Reference 600217059...
Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection
Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection CVE: CVE-2014-2043 Vendor: Procentia Product: IntelliPen Affected version: 1.1.12.1520 Fixed version: 1.1.18.1658 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as an authenticated...
Oracle Demantra 12.2.1 - SQL Injection
Oracle Demantra 12.2.1 - SQL Injection Details: Application is vulnerable to SQL injection. Impact: An attacker with access to the vulnerable pages could manipulate the queries being sent to the database, potentially enabling them to: - Extract sensitive information, including but not limited to...
ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
ImageMagick 6.8.8-4 - Local Buffer Overflow SEH !/usr/bin/perl Exploit Title: ImageMagick 6.8.8-5 - Local Buffer Overflow SEH Date: 2-13-2014 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ImageMagick all versions prior to 6.8.8-5 Software Link:...