41207 matches found
SugarCRM 6.5.26 - Cross-Site Scripting
SugarCRM 6.5.26 - Cross-Site Scripting Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...
PHP File Browser Script 1 - Directory Traversal
PHP File Browser Script 1 - Directory Traversal Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software...
Microsoft DirectX SDK - Xact.exe Remote Code Execution
Microsoft DirectX SDK - Xact.exe Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DIRECTX-SDK-XACT.EXE-TROJAN-FILE-CODE-EXECUTION.txt + ISR: Apparition Security Greetz: indoushka | Eduardo...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...
Clone2GO Video converter 2.8.2 - Buffer Overflow
Clone2GO Video converter 2.8.2 - Buffer Overflow !/usr/bin/python ---------------------------------------------------------------------------------------------------------------------- Exploit Title : Clone 2 GO Video converter 2.8.2 Unicode Buffer Overflow Remote Code Execution Exploit Author :...
Linux Kernel 4.16.11 - ext4_read_inline_data() Memory Corruption
Linux Kernel 4.16.11 - ext4readinlinedata Memory Corruption ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in...
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery Add Admin Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE :...
Dolibarr ERPCRM 7.0.0 - (Authenticated) SQL Injection
Dolibarr ERPCRM 7.0.0 - Authenticated SQL Injection CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
SearchBlox 8.6.6 - Cross-Site Request Forgery
SearchBlox 8.6.6 - Cross-Site Request Forgery Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windo...
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting Date: 2018-05-16 Exploit Author: L0RD Vendor Homepage:...
2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service
2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service Exploit Title: BSOD by IOCTL 0x002220e0 in 2345BdPcSafe.sys of 2345 Security Guard 3.7 Date: 20180509 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe...
WebKit - WebCore::jsElementScrollHeightGetter Use-After-Free
WebKit - WebCore::jsElementScrollHeightGetter Use-After-Free input:enabled content: urlfoo; padding-top: 0vmin .class4 -webkit-transform: scale1, 255; function jsfuzzer document.head.appendChildkg; var test = input.scrollHeight; ::ptr const...
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...
Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow
Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow ''' Off-by-one heap overflow in Kamailio - Authors: - Alfred Farrugia - Sandro Gauci - Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7 - References: no CVE assigned yet - Enable Security Advisory: - Tested vulnerable versions: 5.1.1, 5.1.0,...
DualDesk 20 - Proxy.exe Denial of Service
DualDesk 20 - Proxy.exe Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DUALDESK-v20-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============== www.dualdesk.com Product: =========== DualDes...
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service !/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 ...
Piwigo 2.9.1 - cat_true cat_false SQL Injection
Piwigo 2.9.1 - cattrue catfalse SQL Injection Exploit Title: Piwigo = 2.9.1 - 'cattrue'/'catfalse' SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://piwigo.org/ Software Link: http://piwigo.org/basics/downloads Version: = 2.9.1 Category: Webapps Tested on: WiN7x64/WIN10X64 CVE:...
vBulletin 5.x - routestring Remote Code Execution
vBulletin 5.x - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that lead...
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1418 Windows Defender: Controlled Folder Bypass through UNC Path Platform: Windows 10 1709 + Antimalware client version 4.12.16299.15 Class: Security Feature...
WebKit - WebCore::RenderText::localCaretRect Out-of-Bounds Read
WebKit - WebCore::RenderText::localCaretRect Out-of-Bounds Read / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1348 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC:...
WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)
WordPress Plugin Polls 1.2.4 - SQL Injection PoC Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls...
TP-Link TL-MR3220 - Cross-Site Scripting
TP-Link TL-MR3220 - Cross-Site Scripting Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220 Date: 12/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: http://www.tp-link.com.br Version: TL-MR3220 Tested on: Windows 10 CVE : CVE-2017-15291 Vulnerabilty: Cross-site scripting XSS in TP-LI...
Trend Micro OfficeScan 11.0XG (12.0) - Server Side Request Forgery
Trend Micro OfficeScan 11.0XG 12.0 - Server Side Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ==================...
DiskBoss Enterprise 8.4.16 - Import Command Local Buffer Overflow
DiskBoss Enterprise 8.4.16 - Import Command Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 "Import Command"...
Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation
Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor C...
Sitefinity CMS 9.2 - Cross-Site Scripting
Sitefinity CMS 9.2 - Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description...
QuantaStor Software Defined Storage 4.3.1 - Multiple Vulnerabilities
QuantaStor Software Defined Storage 4.3.1 - Multiple Vulnerabilities 1. --- Advisory details --- Title: QuantaStor Software Define Storage mmultiple vulnerabilities Advisory ID: VVVSEC-2017-6943 Advisory URL: http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Date published:...
AdvanDate iCupid Dating Software 12.2 - SQL Injection
AdvanDate iCupid Dating Software 12.2 - SQL Injection Exploit Title: iCupid Dating Software 12.2 - SQL Injection Dork: N/A Date: 15.08.2017 Vendor Homepage : https://www.advandate.com/ Software Link: https://www.advandate.com/dating-software-features/ Demo: https://demo.advandate.com/ Version: 12...
Unitrends UEB 9.1 - Privilege Escalation
Unitrends UEB 9.1 - Privilege Escalation Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage:...
Horde Groupware 5.2.21 - Unauthorized File Download
Horde Groupware 5.2.21 - Unauthorized File Download Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users ca...
libao 1.2.0 - Denial of Service
libao 1.2.0 - Denial of Service libao memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= Libao is a cross-platform audio library that allows programs to output audio using a simple API on a wide variety of platforms. Affected version: ===...
FortiOS 5.6.0 - Cross-Site Scripting
FortiOS 5.6.0 - Cross-Site Scripting Title: FortiOS = 5.6.0 Multiple XSS Vulnerabilities Vendor: Fortinet www.fortinet.com CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 Date: 28.07.2016 Author: Patryk Bogdan @patrykbogdan Affected FortiNet products: CVE-2017-3131 : FortiOS versions 5.4.0 to...
CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation
CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation Exploit Title: Privilege Escalation via CyberArk Viewfinity 8. This will spawn a new CMD prompt. Verify you are now Admin...
NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection
NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage:...
Apple iOS 10.3.2 - Notifications API Denial of Service
Apple iOS 10.3.2 - Notifications API Denial of Service Exploit Title: Apple iOS 10.3.2 - Notifications API Denial of Service Date: 05-15-2017 Exploit Author: Sem Voigtländer @OxFEEDFACE, Vincent Desmurs @vincedes3 and Joseph Shenton Vendor Homepage: https://apple.com Software Link:...
Microsoft Windows Server 2008 R2 (x64) - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows Server 2008 R2 x64 - SrvOs2FeaToNt SMB Remote Code Execution MS17-010 Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: May, 9 2017 - 13:00PM Found this and more exploits on my open source security project: http://www.exploitpack.com...
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1086 There is a vulnerability in VirtualBox that permits an attacker with root privileges in a virtual machine with a NAT network...
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request...
Sophos Web Appliance 4.3.1.1 - Session Fixation
Sophos Web Appliance 4.3.1.1 - Session Fixation Exploit Title: Sophos Secure Web Appliance Session Fixation Vulnerability Date: 28/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: https://www.sophos.com/en-us/products/secure-web-gateway.aspx Version: Tested on Sophos W...
Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056)
Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow MS14-056 Security Settings - Choose a zone - Scripting should prevent websites from programmatically copy/pasting an image. Disabling execution of scripts on web-pages altogether will have the same...
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free (MS15-018)
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free MS15-018 // This PoC attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new RegExp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g";...
Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting
Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the...
LifeSize Room 5.0.9 - Multiple Vulnerabilities
LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...
Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)
Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow PoC Exploit Title: Micro Focus Rumba function vuln // 272 Junk Data // 272 + "\x43\x43\x43\x43" = EDX = 43434343 // // If we change the edx to an address that point to a valid address // We will have control over EIP // 0x20302228 // Overwrite...
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free...
IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation
IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation Exploit Title: IObit Advanced SystemCare Unquoted Service Path Privilege Escalation Date: 19/10/2016 Author: Ashiyane Digital Security Team Vendor Homepage: http://www.iobit.com/en/index.php Software Link:...
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation MS16-125 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=887 Windows: Diagnostics Hub DLL Load EoP Platform: Windows 10 10586, not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The fix...
Cisco Webex Player T29.10 - .WRF Use-After-Free Memory Corruption
Cisco Webex Player T29.10 - .WRF Use-After-Free Memory Corruption Application: Cisco Webex Player Platforms: Windows Versions: Cisco Webex Meeting Player version T29.10 Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: August 31, 2016 CVE:...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL...