41207 matches found
Top Games Script 1.2 - play.php?gid SQL Injection
Top Games Script 1.2 - play.php?gid SQL Injection TopGamesScript-v1.2 play.php Sql Injection Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home :...
MobileIron Virtual Smartphone Platform - Privilege Escalation
MobileIron Virtual Smartphone Platform - Privilege Escalation MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven...
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia,...
VMware Virtual Machine Communication Interface (VMCI) - vmci.sys
VMware Virtual Machine Communication Interface VMCI - vmci.sys / CVE-2013-1406 exploitation PoC by Artem Shishkin, Positive Research, Positive Technologies, 02-2013 / void stdcall FireShellDWORD dwSomeParam EscalatePrivilegeshProcessToElevate; // Equate the stack and quit the cycle ifndef AMD64 a...
Linux Kernel 2.6.32-5 (Debian 6.0.5) - devptmx Key Stroke Timing Local Disclosure
Linux Kernel 2.6.32-5 Debian 6.0.5 - devptmx Key Stroke Timing Local Disclosure !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs "su -". Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for...
ImageCMS 4.0.0b - Multiple Vulnerabilities
ImageCMS 4.0.0b - Multiple Vulnerabilities Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability...
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service Privilege Escalation Source: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ Introduction Problem description: The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from...
Splunk 4.3.3 - Arbitrary File Read
Splunk 4.3.3 - Arbitrary File Read Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...
Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution
Tiki Wiki CMS Groupware 8.3 - Unserialize PHP Code Execution ?php / ----------------------------------------------------------------- Tiki Wiki CMS Groupware = 8.3 "unserialize" PHP Code Execution ----------------------------------------------------------------- author...........: Egidio Romano a...
QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities
QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-12-006 Release Date. 13-Jun-2012 Last Update. - Vendor Notification Date. 12-Mar-2012 Product. QNAP Platform. Turbo NAS verified and possibly others Affected versions. Firmware Version: 3.6.1...
Useresponse 1.0.2 - Privilege Escalation Remote Code Execution
Useresponse 1.0.2 - Privilege Escalation Remote Code Execution !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.co...
MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution
MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to...
piwigo 2.3.3 - Multiple Vulnerabilities
piwigo 2.3.3 - Multiple Vulnerabilities Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path...
newscoop 3.5.3 - Multiple Vulnerabilities
newscoop 3.5.3 - Multiple Vulnerabilities Advisory ID: HTB23084 Product: Newscoop Vendor: Sourcefabric o.p.s. Vulnerable Versions: 3.5.3 and probably prior, partially 4.0 RC3 Tested Version: 3.5.3 Vendor Notification: 28 March 2012 Vendor Patch: 5 April 2012 Public Disclosure: 18 April 2012...
AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows
AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows Title: ====== AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=492 VL-ID: ===== 492 Introduction: ============= An all-in-one...
Network Instrument Observer - SNMP SetRequest Denial of Service
Network Instrument Observer - SNMP SetRequest Denial of Service Application: Network Instrument Observer SNMP SetRequest Denial of Service Vulnerability Platforms: Windows Secunia: SA47898 PRL: 2012-05 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/...
DIY-CMS blog mod - SQL Injection
DIY-CMS blog mod - SQL Injection Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG:...
CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)
CyberLink Multiple Products - File Project Handling Stack Buffer Overflow PoC !/usr/bin/python Exploit Title: CyberLink Multiple Products File Project Handling Stack Buffer Overflow POC by: modpr0beatspenteradotcom @modpr0be Platform: Windows Tested on: Windows XP SP3, Windows 7 SP1 with: CyberLi...
SMF 2.0.1 - SQL Injection Privilege Escalation
SMF 2.0.1 - SQL Injection Privilege Escalation !/usr/bin/python -- coding: iso-8859-15 -- Exploit Title: Smf = 2.0.1 Sql injection Vulnerability Author: The:Paradox Disclosure date: 06/12/2011 Software Link: http://download.simplemachines.org/ , http://www.php.net/releases/ Smf = 2.0.1 Sql...
Simple HTTPd 1.42 - PUT Remote Buffer Overflow
Simple HTTPd 1.42 - PUT Remote Buffer Overflow !/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Date: 2011-08-02 Author: nion Software: http://code.google.com/p/mongoose/...
Nibbleblog 3 - Multiple SQL Injections
Nibbleblog 3 - Multiple SQL Injections source: https://www.securityfocus.com/bid/48339/info Nibbleblog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an...
4Images 1.7.9 - Multiple Vulnerabilities
4Images 1.7.9 - Multiple Vulnerabilities ================================ Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07...
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)
Adobe Flash Player 10.1.53.64 - Action Script Type Confusion ASLR + DEP Bypass Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/ Adobe Flash player Action script type confusion exploit DEP+ASLR bypass advisory text : Here is another reliable windows 7 exploi...
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeMafletClose.mafService?RENDER_MAFLET Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeMafletClose.mafService?RENDERMAFLET Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these...
Linux Kernel 2.6.37-rc2 - TCP_MAXSEG Kernel Panic (Denial of Service) (2)
Linux Kernel 2.6.37-rc2 - TCPMAXSEG Kernel Panic Denial of Service 2 / TCPMAXSEG Kernel Panic DoS for Linux include include include include include int main struct sockaddrin laddr; memset&laddr, 0, sizeofladdr; laddr.sinfamily = AFINET; laddr.sinaddr.saddr = inetaddr"127.0.0.1"; laddr.sinport =...
Linux Kernel 2.6.37 - Local Kernel Denial of Service (1)
Linux Kernel 2.6.37 - Local Kernel Denial of Service 1 / Linux Kernel include include include include include int main int optval, optlen, ret, sd, sd2, pid; char host = "localhost"; struct sockaddrin locAddr; struct sockaddrin servAddr; struct sockaddrin dstAddr; printf" Linux Kernel...
glfusion CMS 1.2.1 - img Persistent Cross-Site Scripting
glfusion CMS 1.2.1 - img Persistent Cross-Site Scripting Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easi...
Citrix Access Gateway - Command Injection
Citrix Access Gateway - Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Citrix Access Gateway Command Injection Vulnerability Release...
WonderWare InBatch 9.0sp1 - Buffer Overflow
WonderWare InBatch 9.0sp1 - Buffer Overflow Source: http://aluigi.org/adv/inbatch1-adv.txt Luigi Auriemma Application: Wonderware InBatch http://global.wonderware.com/EN/Pages/WonderwareInBatchSoftware.aspx any other software that uses the lmtcp server called "Raima Database lockmgr" like Foxboro...
Camtron CMNC-200 IP Camera - Undocumented Default Accounts
Camtron CMNC-200 IP Camera - Undocumented Default Accounts Finding 4: Undocumented Default Accounts CVE: CVE-2010-4233 The CMNC-200 IP Camera has undocumented default accounts on its Linux operating system. These accounts can be used to login via the cameras telnet interface, which cannot be...
SmarterMail 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail 7.2.3925 - Persistent Cross-Site Scripting Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home :...
Mozilla Firefox CSS - font-face Remote Code Execution
Mozilla Firefox CSS - font-face Remote Code Execution ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moabu-15-mozilla-firefox-css-font-face-remote-code-execution-vulnerability/...
Zendesk - Multiple Vulnerabilities
Zendesk - Multiple Vulnerabilities /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Zendesk Multiple Vulnerabilities : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ Luis Santana of the HackTalk Security team has found multiple vulnerabilities in Zendesk. Product Information ¯¯¯¯¯¯¯¯¯¯...
big.asp - SQL Injection
big.asp - SQL Injection Author : Ra3cH Price : N/A Title : big.asp SQL Injection Vulnerability Site : www.dz4all.com/cc Dork : inurl:enq/big.asp?id= Risk : High Vulnerable script: enq/big.asp?id= SQL-injection ---------------------------------------------------------...
WHMCompleteSolution (WHMCS) control (WHMCompleteSolution) - SQL Injection
WHMCompleteSolution WHMCS control WHMCompleteSolution - SQL Injection =Info======================================================================= Software: WHMCS control WHMCompleteSolution Sql Injection Vulnerability: Remote Sql Injection Google Dork: Powered by WHMCompleteSolution - or "...
Interactivefx.ie CMS - SQL Injection
Interactivefx.ie CMS - SQL Injection ================================================ Interactivefx.ie CMS SQL Injection Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ ...
XOOPS Module dictionary 2.0.18 - detail.php SQL Injection
XOOPS Module dictionary 2.0.18 - detail.php SQL Injection XOOPS Module dictionary 2.0.18 detail.php SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ AUTHOR : Palyo34 HOME : http://www.1923turk.biz DORK : allinurl: "modules/dictionary/detail.php?id"...
weenCompany - SQL Injection
weenCompany - SQL Injection weenCompany SQL Injection Vulnerability Vendor: http://www.weentech.com/ Author: Gamoscu Site: www.1923turk.biz Site: http://gamoscu.wordpress.com/ Dork:"Created by weenCompany" Exploit: http://server/index.php?moduleid=m2newsSQL-inj&articleid=1 Greetz: Manas58 Baybora...
Invision Power Board 2.3.63.0.4 - Local File Inclusion SQL Injection
Invision Power Board 2.3.63.0.4 - Local File Inclusion SQL Injection ============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL...
DAZ Studio - Arbitrary Command Execution
DAZ Studio - Arbitrary Command Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DAZ Studio Arbitrary Command Execution 1. Advisory Information Title: DAZ Studio Arbitrary Command Execution Advisory Id:...
Adobe Reader Acrobat - .U3D File Invalid Array Index Overflow
Adobe Reader Acrobat - .U3D File Invalid Array Index Overflow Felipe Andres Manzano [email protected] http://twitter/feliam doc=''' Title: U3D CLODProgressiveMeshContinuation Split Position Index arbitrary dereference. Product: Adobe Acrobat Reader Version: =8.1.6, =9.1.3 Product...
Multiple HTTP Server - slowloris.pl Low Bandwidth Denial of Service
Multiple HTTP Server - slowloris.pl Low Bandwidth Denial of Service !/usr/bin/perl -w use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG'PIPE' = 'IGNORE'; Ignore broken pipe errors print EOTEXT;...
Joomla! Component com_rsgallery2 1.14.x2.x - Remote Backdoor Access
Joomla! Component comrsgallery2 1.14.x2.x - Remote Backdoor Access Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal...
ZaoCMS - user_id SQL Injection
ZaoCMS - userid SQL Injection || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: ZaoCMS - SQL Injection Vulnerability =INFO: http://zaocms.com/ =BUY: http://zaocms.com/ =DORK: --...
Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener (PoC)
Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener PoC TNS Listener Oracle RDBMS exploit, cause trap in Listener process more precisely: in function memcpy called from ncrfintn function which is located in oranro11.dll Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32...
Chance-i DiViS DVR System Web-Server - Directory Traversal
Chance-i DiViS DVR System Web-Server - Directory Traversal Digital Security Research Group DSecRG Advisory DSECRG-09-036 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html Application: Chance-i DiViS DVR System web-server Versions Affected: 2.0 Vendor URL: http://www.chance-i.com/...
powermovielist 0.14b - SQL Injection Cross-Site Scripting
powermovielist 0.14b - SQL Injection Cross-Site Scripting =============================================================================================== Found : brainpillow Dork : "PowerMovieList 0.14 Beta Copyright" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail :...
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow PoC !/usr/bin/perl Microsoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object Buffer Overflow CVE-2008-4255 PoC You'll need Debugging Tools for Windows http://www.microsoft.com/whdc/devtools/debugging/default.mspx /...
Vinagre 2.24.2 - show_error() Remote Format String (PoC)
Vinagre 2.24.2 - showerror Remote Format String PoC -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Vinagre showerror format string vulnerability 1. Advisory Information Title: Vinagre showerror format string...
E-Store Kit-1 2 PayPal Edition - pid SQL Injection
E-Store Kit-1 2 PayPal Edition - pid SQL Injection Viva IslaM Viva IslaM Remote SQL Injection Vulnerability E-Store Kit-1 viewdetails.php pid E-Store Kit-2 viewdetails.php pid E-Store Kit-1 Pro PayPal Edition viewdetails.php pid E-Store Kit-2 PayPal Edition viewdetails.php pid www.magicscripts.co...