Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow

Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow !/usr/bin/env python Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow Exploit Vendor: Delta Electronics, Inc. Product web page: http://www.delta.com.tw Software link:...

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=589 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 Platform: Windows 8.1, not tested any other OS...

Manage Engine Application Manager 12.5 - Arbitrary Command Execution

Manage Engine Application Manager 12.5 - Arbitrary Command Execution !C:/Python27/python.exe -u Applications Manager 12.5 Arbitrary Command Execution Exploit Vendor: Zoho Corporation Pvt. Ltd. Product web page: https://www.manageengine.com Affected version: 12.5 Summary: ManageEngine Applications...

Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)

Microsoft Windows 8.1 - win32k Local Privilege Escalation MS15-010 Exploit Title: MS15-010/CVE-2015-0057 win32k Local Privilege Escalation Date: 2015-12-17 Exploit Author: Jean-Jamil Khalife Software Link: http://www.microsoft.com Version: Windows 8.1 x64 Tested on: Windows 8.1 x64 CVE :...

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 2.02.0000 Summary: Modular and automated...

D-Link DIR-815 DIR-850L - SSDP Command Injection

D-Link DIR-815 DIR-850L - SSDP Command Injection Advisory Information Title: SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L Vendors contacted: William Brown Dlink Release mode: Released CVE: None Note: All these security issues have been discussed with the...

MakeSFX.exe 1.44 - Local Stack Buffer Overflow

MakeSFX.exe 1.44 - Local Stack Buffer Overflow ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Vendor: ================================ freeextractor.sourceforge.net/FreeExtractor...

Kaseya Virtual System Administrator (VSA) 7.0 9.1 - (Authenticated) Arbitrary File Upload

Kaseya Virtual System Administrator VSA 7.0 9.1 - Authenticated Arbitrary File Upload !/usr/bin/ruby kazPwn.rb - Kaseya VSA v7 to v9.1 authenticated arbitrary file upload CVE-2015-6589 / ZDI-15-450 =================== by Pedro Ribeiro / Agile Information Security Disclosure date: 28/09/2015 Usage...

Mozilla Firefox 39.03 - pdf.js Same Origin Policy

Mozilla Firefox 39.03 - pdf.js Same Origin Policy / Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var...

Endian Firewall 3.0.0 - OS Command Injection (Metasploit)

Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...

Photoshop CC2014 Bridge CC 2014 - .gif Parsing Memory Corruption

Photoshop CC2014 Bridge CC 2014 - .gif Parsing Memory Corruption Application: Adobe Photoshop CC 2014 & Bridge CC 2014 Platforms: Windows Versions: The vulnerability is confirmed in version Photoshop CC 2014 and Bridge CC 2014. Secunia: PRL: 2015-07 Author: Francis Provencher Protek Research Lab’...

FiverrScript - Cross-Site Request Forgery (Add Admin)

FiverrScript - Cross-Site Request Forgery Add Admin Exploit Title: FiverrScript CSRF Vulnerability add New admin Author: Mahmoud Gamal @Zombiehelp54 Google Dork: intext:Powered by FiverrScript Date: 10/06/2015 Exploit Author: Scriptolution Vendor Homepage: http://scriptolution.com Software Link:...

Apport (Ubuntu 14.0414.1015.04) - Race Condition Privilege Escalation

Apport Ubuntu 14.0414.1015.04 - Race Condition Privilege Escalation / Exploit Title: apport/ubuntu local root race condition Date: 2015-05-11 Exploit Author: rebel Version: ubuntu 14.04, 14.10, 15.04 Tested on: ubuntu 14.04, 14.10, 15.04 CVE : CVE-2015-1325 ==============================...

Acunetix 9.5 - OLE Automation Array Remote Code Execution

Acunetix 9.5 - OLE Automation Array Remote Code Execution !/usr/bin/python import BaseHTTPServer, sys, socket Acunetix OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 27 Mar 2015 Version: acunetix.exe Video:...

Joomla! Component Spider FAQ - SQL Injection

Joomla! Component Spider FAQ - SQL Injection Exploit Title : Joomla Spider FAQ component SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://demo.web-dorado.com/spider-faq.html Date : 21/03/2015 Discovered at : IndiShell Lab Love to : zero cool,Team...

Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities

Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385...

Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation

Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation / Exploit Title - Comodo Backup Null Pointer Dereference Privilege Escalation Date - 23rd January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.comodo.com Tested Version - 4.4.0.0 Driver Version -...

ecommerceMajor - SQL Injection Authentication Bypass

ecommerceMajor - SQL Injection Authentication Bypass Exploit Title : ecommercemajor ecommerce CMS SQL Injection and Authentication bypass Author : Manish Kishan Tanwar Home page Link : https://github.com/xlinkerz/ecommerceMajor Date : 22/01/2015 Discovered at : IndiShell Lab Love to : zero...

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness """ For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock =...

Windows-XP-2003-Afd.sys-Escalation

MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli HalDispatchTable+0x4+1 from ctypes import windll, CDLL, Structure, byref, sizeof, POINTER, cchar, cshort, cushort, cint, cuint, culong, cvoidp, clong, ccharp from ctypes.wintypes import HANDLE...

Postfix-SMTP---Shellshock

Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x 4.2.48 !/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bas...

PHPMyRecipes 1.2.2 - browse.php?category SQL Injection

PHPMyRecipes 1.2.2 - browse.php?category SQL Injection Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered...

WebsiteBaker 2.8.3 - Multiple Vulnerabilities

WebsiteBaker 2.8.3 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score...

Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting

Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting Nessus Web UI 2.3.3: Stored XSS ========================================================= CVE number: CVE-2014-7280 Permalink: http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html Vendor advisory:...

dbPowerAmp 2.010.0 - Local Buffer Overflow

dbPowerAmp 2.010.0 - Local Buffer Overflow dbPowerAmp Buffer Overflow Vendor: Illustrate Product: dbPowerAmp Version: = 2.0/10.0 Website: http://www.dbpoweramp.com BID: 11266 CVE: CVE-2004-1569 OSVDB: 10380 11126 11127 SECUNIA: 12684 PACKETSTORM: 34531 Description: Often called the Swiss Army kni...

ALCASAR 2.8.1 - Remote Code Execution

ALCASAR 2.8.1 - Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8.1 Remote Root Code Execution Vulnerability Author: eF Date : 2014-09-12 URL : http://www.alcasar.net/ This is not a responsible disclosure coz' I have no sense of ethics and I don't give a fck. db 88...

OroCRM - Persistent Cross-Site Scripting

OroCRM - Persistent Cross-Site Scripting Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec...

ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution

ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution Arbitrary file upload / remote code execution in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security...

C99Shell (Web Shell) - c99.php Authentication Bypass

C99Shell Web Shell - c99.php Authentication Bypass Exploit Title: C99 Shell Authentication Bypass via Backdoor Google Dork: inurl:c99.php Date: June 23, 2014 Exploit Author: mandatory Matthew Bryant Vendor Homepage: http://ccteam.ru/ Software Link: https://www.google.com/ Version: ", " ",...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var...

vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion

vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in...

pChart 2.1.3 - Multiple Vulnerabilities

pChart 2.1.3 - Multiple Vulnerabilities Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3" Version: 2.1....

PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities

PHPJabbers Event Booking Calendar 2.0 - Multiple Vulnerabilities Event Booking Calendar V2.0 - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

GTX CMS 2013 Optima - SQL Injection

GTX CMS 2013 Optima - SQL Injection Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability Laboratory ID VL-ID:...

XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access

XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access ============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel García Cárdenas - Severity: 6,8/10 CVSS Ba...

Share KM 1.0.19 - Remote Denial of Service

Share KM 1.0.19 - Remote Denial of Service Advisory Information : ====================== Title : Share KM 1.0.19 - Remote Denial Of Service Advisory ID : Cr02013-001 Product : Share KM desktop setup file Vendor : SmartUX Vulnerable Versions : 1.0.19 and probably prior release Tested Version :...

Cotonti 0.9.13 - SQL Injection

Cotonti 0.9.13 - SQL Injection Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89...

Fortigate Firewalls - Cross-Site Request Forgery

Fortigate Firewalls - Cross-Site Request Forgery Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version:...

Microsoft Windows NT200020032008XPVista78 - EPATHOBJ Local Ring

Microsoft Windows NT200020032008XPVista78 - EPATHOBJ Local Ring ifndef WIN32NOSTATUS define WIN32NOSTATUS endif include include include include include ifdef WIN32NOSTATUS undef WIN32NOSTATUS endif include pragma commentlib, "gdi32" pragma commentlib, "kernel32" pragma commentlib, "user32" pragma...

WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities

WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia,...

KindEditor - Multiple Arbitrary File Upload Vulnerabilities

KindEditor - Multiple Arbitrary File Upload Vulnerabilities source: https://www.securityfocus.com/bid/58431/info KindEditor is prone to multiple remote file-upload vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload arbitrary...

Joomla! 3.0.2 - highlight.php PHP Object Injection

Joomla! 3.0.2 - highlight.php PHP Object Injection ------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly...

Linksys WRT160N - Multiple Vulnerabilities

Linksys WRT160N - Multiple Vulnerabilities Device Name: Linksys WRT160Nv2 Vendor: Linksys/Cisco ============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fas...

Kordil EDms 2.2.60rc3 - SQL Injection

Kordil EDms 2.2.60rc3 - SQL Injection Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Date: 12/05/2012 Exploit Author: Woody Hughes Vendor Homepage: http://sourceforge.net/projects/kordiledms/ Software Link: http://sourceforge.net/projects/kordiledms/files/latest/download Versio...

ATutor 1.2 - Multiple Vulnerabilities

ATutor 1.2 - Multiple Vulnerabilities Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authenticatio...

Adobe Photoshop CS6 - .png Parsing Heap Overflow

Adobe Photoshop CS6 - .png Parsing Heap Overflow Application: Adobe Photoshop CS6 PNG Parsing Heap Overflow Platforms: Windows & Macintosh Versions: 13.x Secunia: SA49141 PRL: 2012-27 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter:...

XnView - .ECW Image Processing Heap Overflow

XnView - .ECW Image Processing Heap Overflow Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timelin...

S9Y Serendipity 1.6 - Backend Cross-Site Scripting SQL Injection

S9Y Serendipity 1.6 - Backend Cross-Site Scripting SQL Injection Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-ADV2012-001 Contact: [email protected] Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.6...

libpurple 2.8.10 - OTR Information Disclosure

libpurple 2.8.10 - OTR Information Disclosure source: https://www.securityfocus.com/bid/52175/info libpurple is prone to an information-disclosure vulnerability. Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. The following produc...

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

Apache 2.2.15 modproxy - Reverse Proxy Security Bypass source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about runni...