41207 matches found
Kaspersky 17.0.0 - Local CA Root Incorrectly Protected
Kaspersky 17.0.0 - Local CA Root Incorrectly Protected / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=989 When Kaspersky generate a private key for the local root, they store the private key in %ProgramData%. Obviously this file cannot be shared, because it's the private key...
APT - Repository Signing Bypass via Memory Allocation Failure
APT - Repository Signing Bypass via Memory Allocation Failure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease...
ScriptCase 8.1.053 - Multiple Vulnerabilities
ScriptCase 8.1.053 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product:...
SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution
SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? /textarea...
Rumba FTP Client 4.x - Remote Stack Buffer Overflow (SEH)
Rumba FTP Client 4.x - Remote Stack Buffer Overflow SEH Exploit Title: Rumba FTP 4.x Client Stackoverflow SEH Date: 29-10-2016 Exploit Author: Umit Aksu Vendor Homepage: http://community.microfocus.com/microfocus/mainframesolutions/rumba/w/knowledgebase/28731.rumba-ftp-4-x-security-update.aspx...
InfraPower PPS-02-S Q213V1 - Local File Disclosure
InfraPower PPS-02-S Q213V1 - Local File Disclosure InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...
InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials
InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03...
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI...
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation MS16-118 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=879 Windows: Edge/IE Isolated Private Namespace Insecure DACL EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not...
PHP Telephone Directory - Multiple Vulnerabilities
PHP Telephone Directory - Multiple Vulnerabilities Exploit Title: PHP Telephone Directory - Multiple Vulnerabilities Date: 2016-10-16 Exploit Author: larrycompress Contact: [email protected] Type: webapps Platform: PHP Vendor Homepage: http://www.pagereactions.com/product.php?pku=2 Software...
Advance MLM Script - SQL Injection
Advance MLM Script - SQL Injection x========================================================================================================================================x | Title : Advance MLM Script SQL Vulnerabilities | Software : Advance MLM Script | Vendor : http://www.i-netsolution.com/ |...
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion Title: Cisco Firepower Threat Management Console Local File Inclusion Advisory ID: KL-001-2016-006 Publication Date: 2016.10.05 Publication URL:...
Mambo 4.5.4 - SQL Injection
Mambo 4.5.4 - SQL Injection Mambo SQL Injection Vendor: Miro International Pty Ltd Product: Mambo Version: = 4.5.4 Website: http://www.mamboserver.com/ BID: 20366 OSVDB: 50002 Description: Mambo is a popular Open Source Content Management System released under the GNU General Public license GNU...
WIN-911 7.17.00 - Multiple Vulnerabilities
WIN-911 7.17.00 - Multiple Vulnerabilities Title: WIN-911 - Insecure File Permissions EoP CWE Class: CWE-276: Incorrect Default Permissions Date: 05/09/2016 Vendor: Win911 Product: WIN-911 Type: Alarm Notification Software Version: V7.17.00 Download URL: through Rockwell Automation downloads:...
Sony Playstation 4 (PS4) 3.15 3.55 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 3.15 3.55 - WebKit Code Execution PoC PS4 3.55 Unsigned Code Execution ============== This GitHub Repository contains all the necessary tools for getting PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55. This Exploit, is based-off Henkaku'...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL...
SquirrelMail 1.4.7 - Arbitrary Variable Overwrite
SquirrelMail 1.4.7 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: SquirrelMail Product: SquirrelMail Version: = 1.4.7 Website: http://www.squirrelmail.org BID: 19486 CVE: CVE-2006-4019 OSVDB: 27917 SECUNIA: 21354 Description: SquirrelMail is a standards-based...
Getsimple CMS 3.3.10 - Arbitrary File Upload
Getsimple CMS 3.3.10 - Arbitrary File Upload Exploit Title: Getsimple CMS 2. An attacker login to the admin page and uploading the backdoor 3. The uploaded file will be under the "/data/uploads/" folder Report Timeline ======================== 2016-06-23 : Vulnerability reported to...
Linux Kernel - ecryptfs proc$pidenviron Local Privilege Escalation
Linux Kernel - ecryptfs proc$pidenviron Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836 Stacking filesystems, including ecryptfs, protect themselves against deep nesting, which would lead to kernel stack overflow, by tracking the recursion depth of...
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
Operation Technology ETAP 14.1.0 - Local Privilege Escalation Operation Technology ETAP 14.1.0 Local Privilege Escalation Vendor: Operation Technology, Inc. Product web page: http://www.etap.com Affected version: 14.1.0.0 Summary: Enterprise Software Solution for Electrical Power Systems. ETAP is...
PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow
PHP 7.0.5 - ZipArchive::getFrom Integer Overflow Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex and getFromName methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/phpzip.c ,---- | 2679 static void...
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation MS16-048 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=692 Windows: CSRSS BaseSrvCheckVDM Session 0 Process Creation EoP Platform: Windows 8.1, not tested on Windows 10 or 7 Class:...
Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload
Oracle Application Testing Suite ATS 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload Exploit Title: Oracle Application Testing Suite Authentication Bypass and Arbitrary File Upload Remote Exploit Exploit Author: Zhou Yu Vendor Homepage: http://www.oracle.com/ Software Link:...
Axis Network Cameras - Multiple Vulnerabilities
Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...
Chamilo LMS IDOR - messageId Delete POST Injection
Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...
ADOdb 4.71 - Cross Site Scripting
ADOdb 4.71 - Cross Site Scripting ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this...
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions
iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 6.30.04 Build 6300400 Summary: Modular and automated...
OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities
OpenMRS 2.3 1.11.4 - Multiple Cross-Site Scripting Vulnerabilities OpenMRS 2.3 1.11.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB...
PHP Utility Belt - Remote Code Execution
PHP Utility Belt - Remote Code Execution Exploit Title : PHP utility belt Remote Code Execution vulnerability Author : WICS Date : 8/12/2015 Software Link : https://github.com/mboynes/php-utility-belt Overview: PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible...
Acunetix WVS 10 - Local Privilege Escalation
Acunetix WVS 10 - Local Privilege Escalation ''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege...
RHEL 7.07.1 - abrtsosreport Local Privilege Escalation
RHEL 7.07.1 - abrtsosreport Local Privilege Escalation !/usr/bin/python CVE-2015-5287 ? abrt/sosreport RHEL 7.0/7.1 local root rebel 09/2015 user@localhost $ python sosreport-rhel7.py crashing pid 19143 waiting for dump directory dump directory: /var/tmp/abrt/ccpp-2015-11-30-19:41:13-19143 waitin...
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting Cross-Site Request Forgery
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting Cross-Site Request Forgery Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client...
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities Exploit Title: PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: No process to handle vuln reports Vendor Homepage:...
Tenda N3 Wireless N150 Router - Authentication Bypass
Tenda N3 Wireless N150 Router - Authentication Bypass Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers Date: 03-09-2015 Software Link: http://tendacn.com/en/product/N150.html Exploit Author: Mandeep Jadon Contact: http://twitter.com/1337tr0lls Website:...
Wolf CMS - Arbitrary File Upload Execution
Wolf CMS - Arbitrary File Upload Execution Exploit Title : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution Reported Date : 05-May-2015 Fixed Date : 10-August-2015 Exploit Author : Narendra Bhati CVE ID : CVE-2015-6567 , CVE-2015-6568 Contact: Facebook :...
Magento eCommerce - Remote Code Execution
Magento eCommerce - Remote Code Execution Exploit Title : Magento Shoplift exploit SUPEE-5344 Author : Manish Kishan Tanwar AKA error1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Debugged At : Indishell Laboriginally develop...
4 TOTOLINK Router Models - Backdoor Credentials
4 TOTOLINK Router Models - Backdoor Credentials Advisory Information Title: Backdoor credentials found in 4 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt Blog URL:...
Watchguard XCS 10.0 - Multiple Vulnerabilities
Watchguard XCS 10.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Watchguard XCS Multiple Vulnerabilities Affected versions: Watchguard XCS =10.0 PDF:...
Photoshop CC2014 Bridge CC 2014 - .png Parsing Memory Corruption
Photoshop CC2014 Bridge CC 2014 - .png Parsing Memory Corruption Application: Adobe Photoshop CC 2014 & Bridge CC 2014 Platforms: Windows Versions: The vulnerability is confirmed in version Photoshop CC 2014 and Bridge CC 2014. Secunia: PRL: 2015-08 Author: Francis Provencher Protek Research Lab’...
WordPress Plugin WP Symposium 15.1 - show SQL Injection
WordPress Plugin WP Symposium 15.1 - show SQL Injection ======================================================================= title: SQL Injection product: WordPress WP Symposium Plugin vulnerable version: 15.1 and probably below fixed version: 15.4 CVE number: CVE-2015-3325 impact: CVSS Base...
Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC)
Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-3631poc.c The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel...
Piwigo 2.7.3 - SQL Injection
Piwigo 2.7.3 - SQL Injection CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link:...
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation / Exploit Title - AVG Internet Security 2015 Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.avg.com/ Tested Version - 2015.0.5315 Driver...
NPDS CMS REvolution-13 - SQL Injection
NPDS CMS REvolution-13 - SQL Injection Title - NPDS CMS Revolution-13 - SQL Injection Vulnerability Credits & Author: Narendra Bhati R00t Sh3ll www.websecgeeks.com References Source: ==================== http://www.npds.org/viewtopic.php?topic=26233&forum=12...
Dell-iDRAC-IPMI-1.5
Dell iDRAC IPMI v1.5 Implementation contains a flaw that is triggered as session IDs are assigned incrementally rather than randomly, and limit the overall pool. This may allow a remote attacker trivially predict session IDs, hijack a session, and inject arbitrary commands. from time import sleep...
VideoSpirit-Pro-1.68
"VideoSpirit Pro is the most easily used Video Converter/Editor tools. For acting as a Video Editor, various slide effect/title/subtitle can be added to a video clip. Also, the video clip can be rotated, resized and warped. Multiple video/audio clips can be joined together. Converting speed is fa...
CoolPlayer-2.18-DEP-Bypass
Tested on: Windows XP SP3 running in Virtualbox Uses SetProcessDEPPolicy to disable DEP for the process Thanks to mrme for the encouragement Exploit-DB Notes: May not work on all Win XP SP3 machines windows/exec calc.exe 227 bytes - 240 bytes of shellcode space available shellcode =...
WordPress Plugin Cart66 Lite eCommerce 1.5.1.17 - Blind SQL Injection
WordPress Plugin Cart66 Lite eCommerce 1.5.1.17 - Blind SQL Injection Exploit Title: Cart66 Lite WordPress Ecommerce 1.5.1.17 Blind SQL Injection Date: 29-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link:...
Elipse E3 - HTTP Denial of Service
Elipse E3 - HTTP Denial of Service // Exploit Http DoS Request for SCADA ATTACK Elipse 3 // Mauro Risonho de Paula Assumpção aka firebits // [email protected] // 29-10-2013 11:42 // Vendor Homepage: http://www.elipse.com.br/port/index.aspx // Software Link:...