41207 matches found
SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)
SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL:...
SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite
SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description:...
WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities
WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...
Photoshop CC2014 Bridge CC 2014 - .gif Parsing Memory Corruption
Photoshop CC2014 Bridge CC 2014 - .gif Parsing Memory Corruption Application: Adobe Photoshop CC 2014 & Bridge CC 2014 Platforms: Windows Versions: The vulnerability is confirmed in version Photoshop CC 2014 and Bridge CC 2014. Secunia: PRL: 2015-07 Author: Francis Provencher Protek Research Lab’...
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token !/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.se...
OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting
OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE :...
Joomla! Component Spider FAQ - SQL Injection
Joomla! Component Spider FAQ - SQL Injection Exploit Title : Joomla Spider FAQ component SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://demo.web-dorado.com/spider-faq.html Date : 21/03/2015 Discovered at : IndiShell Lab Love to : zero cool,Team...
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385...
Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)
Zabbix 2.0.5 - Cleartext ldapbindPassword Password Disclosure Metasploit This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE:...
LG DVR LE6016D - Remote UsersPasswords Disclosure
LG DVR LE6016D - Remote UsersPasswords Disclosure !/usr/bin/perl LG DVR LE6016D unauthenticated remote users/passwords disclosure exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Digital video recorder DVR surveillance is the use of cameras, often hidden or concealed, that use...
Trend Micro 8.0.1133 (Multiple Products) - Local Privilege Escalation
Trend Micro 8.0.1133 Multiple Products - Local Privilege Escalation / Exploit Title - Trend Micro Multiple Products Arbitrary Write Privilege Escalation Date - 31st January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.trendmicro.co.uk/ Tested Version - 8.0.1133 Driver...
HP Data Protector 8.x - Remote Command Execution
HP Data Protector 8.x - Remote Command Execution !/usr/bin/python Exploit Title: HP-Data-Protector-8.x Remote command execution. Google Dork: - Date: 30/01/2015 Exploit Author: Juttikhun Khamchaiyaphum Vendor Homepage: https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emrna-c04373818...
NPDS CMS REvolution-13 - SQL Injection
NPDS CMS REvolution-13 - SQL Injection Title - NPDS CMS Revolution-13 - SQL Injection Vulnerability Credits & Author: Narendra Bhati R00t Sh3ll www.websecgeeks.com References Source: ==================== http://www.npds.org/viewtopic.php?topic=26233&forum=12...
Dell-iDRAC-IPMI-1.5
Dell iDRAC IPMI v1.5 Implementation contains a flaw that is triggered as session IDs are assigned incrementally rather than randomly, and limit the overall pool. This may allow a remote attacker trivially predict session IDs, hijack a session, and inject arbitrary commands. from time import sleep...
CoolPlayer-2.18-DEP-Bypass
Tested on: Windows XP SP3 running in Virtualbox Uses SetProcessDEPPolicy to disable DEP for the process Thanks to mrme for the encouragement Exploit-DB Notes: May not work on all Win XP SP3 machines windows/exec calc.exe 227 bytes - 240 bytes of shellcode space available shellcode =...
Microsoft Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution PowerShell VirtualAlloc (MS14-064)
Microsoft Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution PowerShell VirtualAlloc MS14-064 |--------------------------------------------------------------------------| | Title: OLE Automation Array Remote Code Execution = Pre IE11 | | Original Exploit: yuange -...
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="...
TeamSpeak Client 3.0.14 - Buffer Overflow
TeamSpeak Client 3.0.14 - Buffer Overflow Title : TeamSpeak Client v3.0.14 - Buffer Overflow Vulnerability Severity : High+/Critical Reporters : SpyEye & Christian Galeone Software Version : 3.0.14 & Previous Versions Software Name : TeamSpeak Client Software Download Link :...
OroCRM - Persistent Cross-Site Scripting
OroCRM - Persistent Cross-Site Scripting Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec...
VTLS Virtua InfoStation.cgi - SQL Injection
VTLS Virtua InfoStation.cgi - SQL Injection =====Alligator Security Team - Security Advisory============================ - VTLS Virtua InfoStation.cgi SQLi - CVE-2014-2081 - Author: José Tozo =====Table of Contents====================================================== 1. Background 2. Detailed...
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var...
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities Date: 05/20/2014 Author: Samandeep Singh - SaMaN @samanL33T Vendor...
WordPress Plugin Twitget 3.3.1 - Multiple Vulnerabilities
WordPress Plugin Twitget 3.3.1 - Multiple Vulnerabilities Details ================ Software: Twitget Version: 3.3.1 Homepage: http://wordpress.org/plugins/twitget/ Advisory ID: dxw-1970-435 CVE: CVE-2014-2559 CVSS: 6.4 Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N Description ================ CSRF/XSS...
ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
ImageMagick 6.8.8-4 - Local Buffer Overflow SEH !/usr/bin/perl Exploit Title: ImageMagick 6.8.8-5 - Local Buffer Overflow SEH Date: 2-13-2014 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ImageMagick all versions prior to 6.8.8-5 Software Link:...
MuPDF 1.3 - xps_parse_color() Stack Buffer Overflow
MuPDF 1.3 - xpsparsecolor Stack Buffer Overflow ============================================================= 0day - MuPDF Stack-based Buffer Overflow in xpsparsecolor ============================================================= Date of discovery: 2013-01-26 Software Links: http://www.mupdf.com/...
Gitlab 6.0 - Persistent Cross-Site Scripting
Gitlab 6.0 - Persistent Cross-Site Scripting Exploit-DB note: Tested commit 10b0b8f1797e6c09b4c063c04a4864ecd31d34f4 Exploit Title: gitlab persistent xss exploit Date: 12/16/2013 Exploit Author: hellok Vendor Homepage: gitlab.org !/bin/sh author hellok for file format ext pwn for gitlab 12/16/201...
Kingsoft Office Writer 2012 8.1.0.3385 - .wps Local Buffer Overflow (SEH)
Kingsoft Office Writer 2012 8.1.0.3385 - .wps Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Kingsoft Office Writer v2012 8.1.0.3385 .wps Buffer Overflow Exploit SEH Version: 2012 8.1.0.3385 Date: 2013-11-27 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Softwar...
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities Date: Sep 17 2013 Exploit Author: xistence Vendor Homepage: www.open-emr.org Tested on: CentOS 5.9 32-bit Affected Version : 4.1.1 Patch 14 and lower Fix: Upgrade to OpenEMR 4.1.2...
Cotonti 0.9.13 - SQL Injection
Cotonti 0.9.13 - SQL Injection Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89...
Fortigate Firewalls - Cross-Site Request Forgery
Fortigate Firewalls - Cross-Site Request Forgery Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version:...
D-Link DIR-615 Rev D3 DIR-300 Rev A - Multiple Vulnerabilities
D-Link DIR-615 Rev D3 DIR-300 Rev A - Multiple Vulnerabilities Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
Joomla! Component comcivicrm 4.2.2 - Remote Code Injection Exploit Title: joomla component comcivicrm remode code injection exploit Google Dork:"Index of /joomla/administrator/components/comcivicrm/civicrm/packages/OpenFlashChart" Date: 20/04/2013 Exploit Author: iskorpitx Vendor Homepage:...
SynConnect Pms - index.php?loginid SQL Injection
SynConnect Pms - index.php?loginid SQL Injection Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ======...
VMware Virtual Machine Communication Interface (VMCI) - vmci.sys
VMware Virtual Machine Communication Interface VMCI - vmci.sys / CVE-2013-1406 exploitation PoC by Artem Shishkin, Positive Research, Positive Technologies, 02-2013 / void stdcall FireShellDWORD dwSomeParam EscalatePrivilegeshProcessToElevate; // Equate the stack and quit the cycle ifndef AMD64 a...
iOS IPMap 2.5 - Arbitrary File Upload
iOS IPMap 2.5 - Arbitrary File Upload Title: ====== IPMap v2.5 iPad iPhone - Arbitrary File Upload Web Vulnerabilities Date: ===== 2013-02-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=866 VL-ID: ===== 866 Common Vulnerability Scoring System:...
Sielco Sistemi Winlog 2.07.16 - Multiple Vulnerabilities
Sielco Sistemi Winlog 2.07.16 - Multiple Vulnerabilities Luigi Auriemma Application: Sielco Sistemi Winlog http://www.sielcosistemi.com/en/products/winlogscadahmi/ Versions: Options-TCP/IP" section of the project we want to run and Runtime.exe will listen on the TCP port...
Symantec pcAnywhere 12.5.0 - Login Password Remote Buffer Overflow
Symantec pcAnywhere 12.5.0 - Login Password Remote Buffer Overflow !/usr/bin/python Exploit Title: Symantec PcAnywhere login and password field buffer overflow Date: 2012.06.27 Author: S2 Crew Hungary Software Link: symantec.com Version: 12.5.0 Tested on: Windows XP SP2 CVE: CVE-2011-3478 EDB Not...
Adobe Photoshop 12.1 - .tiff Parsing Use-After-Free
Adobe Photoshop 12.1 - .tiff Parsing Use-After-Free Application: Adobe Photoshop 12.1 Tiff Parsing Use-After-Free Platforms: Windows PRL: 2012-07 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...
Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass
Apache 2.2.15 modproxy - Reverse Proxy Security Bypass source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about runni...
Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities
Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/51444/info Rockwell Automation FactoryTalk Activation Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues...
DIY-CMS blog mod - SQL Injection
DIY-CMS blog mod - SQL Injection Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG:...
Joomla! Component com_jobprofile - SQL Injection
Joomla! Component comjobprofile - SQL Injection Joomla Component Jobprofile comjobprofile SQL Injection Vulnerability Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id Date : 2 Dec , 2011 Software Information +...
Google Android - content: URI Multiple Information Disclosure Vulnerabilities
Google Android - content: URI Multiple Information Disclosure Vulnerabilities Android Data Stealing Web PageClick: Malicious Link"; // Stage 1: Redirect to Stage 2 which will force a download of the HTML/...
Adobe Reader X 10.0.0 10.0.1 - Atom Type Confusion
Adobe Reader X 10.0.0 10.0.1 - Atom Type Confusion Exploit Title: Adobe Reader X Atom Type Confusion Vulnerability Exploit Date: 7/3/2011 Author: Snake Shahriyar.j gmail Version: Adobe Reader X It work reliably on IE9/FF4 and other browsers. The Arashi : http://abysssec.com/files/TheArashi.pdf...
tmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation
tmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation --------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation...
WordPress Plugin PHP Speedy 0.5.2 - admin_container.php Remote Code Execution
WordPress Plugin PHP Speedy 0.5.2 - admincontainer.php Remote Code Execution -d OPTIONS host: target s...
Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting
Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: " Powered by Icy Phoenix " Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy...
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link:...
Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)
Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...
TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload
TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload ============================================== File Upload Vulnerability Plugins tinymce ============================================== http://tinymce.moxiecode.com/pluginsfilemanager.php Author : Hackeri-AL Contact : h-al at hotmail dot it Gree...