Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2...

WebsiteBaker 2.8.3 - Multiple Vulnerabilities

WebsiteBaker 2.8.3 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score...

TeamSpeak Client 3.0.14 - Buffer Overflow

TeamSpeak Client 3.0.14 - Buffer Overflow Title : TeamSpeak Client v3.0.14 - Buffer Overflow Vulnerability Severity : High+/Critical Reporters : SpyEye & Christian Galeone Software Version : 3.0.14 & Previous Versions Software Name : TeamSpeak Client Software Download Link :...

Cart Engine 3.0 - Multiple Vulnerabilities

Cart Engine 3.0 - Multiple Vulnerabilities === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially...

ZeroCMS 1.0 - zero_transact_article.php SQL Injection

ZeroCMS 1.0 - zerotransactarticle.php SQL Injection ZeroCMS v1.0 SQL Injection Vulnerability zerotransactarticle.php articleid POST parameter Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: High CWE: 89 -...

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV0; Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL Google Dork: n/a Date: 4/22/14 Exploit Author:...

Catia V5-6R2013 - CATV5_AllApplications Stack Buffer Overflow (PoC)

Catia V5-6R2013 - CATV5AllApplications Stack Buffer Overflow PoC ''' Exploit Title: Dassault Systemes Catia V5-6R2013 "CATV5AllApplications" Stack Buffer Overflow Date: 2-18-2014 Exploit Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...

CA 2E Web Option 8.1.2 - Authentication Bypass

CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially...

Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities

Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities Document Title: =============== Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1166 Release Date: ============= 2013-12-10...

Kingsoft Office Writer 2012 8.1.0.3385 - .wps Local Buffer Overflow (SEH)

Kingsoft Office Writer 2012 8.1.0.3385 - .wps Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Kingsoft Office Writer v2012 8.1.0.3385 .wps Buffer Overflow Exploit SEH Version: 2012 8.1.0.3385 Date: 2013-11-27 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Softwar...

Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2)

Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery 2 Exploit Title : CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free,...

FlashChat 6.0.2 6.0.8 - Arbitrary File Upload

FlashChat 6.0.2 6.0.8 - Arbitrary File Upload Exploit Title: FlashChat File Upload Vulnerability Google Dork: intitle:FlashChat v6.0.8 Date: 02.10.2013 Exploit Author: x-hayben21 Vendor Homepage: www.punish3r.com Software Link: http://www.tufat.com/script2.htm Version: v6.0.8, v6.0.2, v6.0.4,...

OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities

OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities Date: Sep 17 2013 Exploit Author: xistence Vendor Homepage: www.open-emr.org Tested on: CentOS 5.9 32-bit Affected Version : 4.1.1 Patch 14 and lower Fix: Upgrade to OpenEMR 4.1.2...

Bitbot (C2 Web Panel) - gate2.php Multiple Vulnerabilities

Bitbot C2 Web Panel - gate2.php Multiple Vulnerabilities Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested...

Dell Kace 1000 SMA 5.4.70402 - Persistent Cross-Site Scripting

Dell Kace 1000 SMA 5.4.70402 - Persistent Cross-Site Scripting Title: ====== Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=833 VL-ID: ===== 833 Common Vulnerability Scoring System:...

GLPI 0.83.8 - Multiple Vulnerabilities

GLPI 0.83.8 - Multiple Vulnerabilities GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 and 0.83.8 Summary: GLPI, an initialism for Gestionnaire libre de parc informatique Free...

WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities

WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia,...

b2evolution 4.1.6 - Multiple Vulnerabilities

b2evolution 4.1.6 - Multiple Vulnerabilities Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type:...

Hornbill Supportworks ITSM 1.0.0 - SQL Injection

Hornbill Supportworks ITSM 1.0.0 - SQL Injection Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been...

NETGEAR WNR1000 - Authentication Bypass

NETGEAR WNR1000 - Authentication Bypass Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter:...

Konftel 300IP SIP-based Conference Phone 2.1.2 - Remote Bypass Reboot

Konftel 300IP SIP-based Conference Phone 2.1.2 - Remote Bypass Reboot !/bin/bash Konftel 300IP SIP-based Conference phone = 2.1.2 remote bypass reboot exploit by Todor Donev / 03.2013 / Sofia,Bulgaria email: todor dot donev at gmail com type: hardware The Konftel 300IP is a flexible SIP-based...

SynConnect Pms - index.php?loginid SQL Injection

SynConnect Pms - index.php?loginid SQL Injection Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ======...

TP-Link TL-WR740N Wireless Router - Denial of Service

TP-Link TL-WR740N Wireless Router - Denial of Service !/usr/local/bin/perl TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.16.4 Build 130205 Rel.63875n...

Remote File Manager 1.2 iOS - Multiple Vulnerabilities

Remote File Manager 1.2 iOS - Multiple Vulnerabilities Title: ====== Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=882 VL-ID: ===== 882 Common Vulnerability Scoring System:...

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Achievo 1.4.5 - Multiple Vulnerabilities 2 Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89,...

FirePass SSL VPN - Local File Inclusion

FirePass SSL VPN - Local File Inclusion SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7...

Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)

Zoner Photo Studio 15 b3 - Buffer Overflow PoC Title: ====== Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Date: ===== 2012-11-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=759 VL-ID: ===== 759 Common Vulnerability Scoring System:...

Cyme ChartFX Client Server - ActiveX Control Array Indexing

Cyme ChartFX Client Server - ActiveX Control Array Indexing Application: CYME Power Engineering Software Platforms: Windows Version: CYME version 5.0.12.663. Secunia: SA48430 PRL: 2012-29 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter:...

Novell Groupwise 8.0.2 HP3 and 2012 - Integer Overflow

Novell Groupwise 8.0.2 HP3 and 2012 - Integer Overflow Application: Novell Groupwise Platforms: Windows Version: 8.0.2 HP3 and 2012 Secunia: SA50622 PRL: 2012-28 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2...

Splunk 4.3.3 - Arbitrary File Read

Splunk 4.3.3 - Arbitrary File Read Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...

Joomla! Component com_fireboard - SQL Injection

Joomla! Component comfireboard - SQL Injection Title: ====== Joomla comfireboard - SQL Injection Vulnerability Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=655 VL-ID: ===== 655 Common Vulnerability Scoring System:...

Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities

Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities Title: ====== Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities Date: ===== 2012-06-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=617 VL-ID: ===== 617 Common Vulnerability Scoring System:...

Zend Framework 2.0.0 beta4 1.12 RC1 1.11.11 - Local File Disclosure

Zend Framework 2.0.0 beta4 1.12 RC1 1.11.11 - Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1...

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash Denial of Service PoC Title: Qutecom Cross-platform, open source softphone Heap Overflow DoS/Crash Proof of Concept Date: 14th June 2012 Exploit Author: Debasish Mandal Author's Blog : http://www.debasish.in/ Vendor Homepage: http://qutecom.org/...

Apple iTunes 10.6.1.7 - .m3u Walking Heap Buffer Overflow (PoC)

Apple iTunes 10.6.1.7 - .m3u Walking Heap Buffer Overflow PoC !/usr/bin/perl Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow Vendor: Apple Inc. Product web page: http://www.apple.com Affected version: 10.6.1.7 and 10.6.0.40 Summary: iTunes is a free application for your Mac o...

WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload

WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload Exploit Title: Wordpress Pica Photo Gallery 1.0 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/pica-photo-gallery/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.apptha.com Software Link:...

WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload

WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload Exploit Title: Wordpress Omni-secure-files 0.1.13 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/omni-secure-files/ Date: 07/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://omni-secure.com/ Software Link...

SocialEngine 4.2.2 - Multiple Vulnerabilities

SocialEngine 4.2.2 - Multiple Vulnerabilities Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered...

Genium CMS 2012Q2 - Multiple Vulnerabilities

Genium CMS 2012Q2 - Multiple Vulnerabilities Title: ====== Genium CMS 2012|Q2 - Multiple Web Vulnerabilities Date: ===== 2012-05-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=517 VL-ID: ===== 517 Introduction: ============= Durch den Einsatz von Genium CMS können S...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage:...

Joomla! Component com_jobprofile - SQL Injection

Joomla! Component comjobprofile - SQL Injection Joomla Component Jobprofile comjobprofile SQL Injection Vulnerability Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id Date : 2 Dec , 2011 Software Information +...

optima apiftp server 1.5.2.13 - Multiple Vulnerabilities

optima apiftp server 1.5.2.13 - Multiple Vulnerabilities Luigi Auriemma Application: Optima APIFTP Server http://www.optimalog.com/home.html Versions: = 1.5.2.13 Platforms: Windows Bugs: A NULL pointer B endless loop Exploitation: remote Date: 13 Nov 2011 Author: Luigi Auriemma e-mail:...

CoDeSyS-SCADA-Server

CoDeSyS SCADA Exploit. Vulnerability occurs while parsing long HTTP requests in webserver. import string, sys import socket, httplib import telnetlib Target = sys.argv1 Port = intsys.argv2 ShellcodeType = sys.argv3 def howtousage: print "Sorry, required arguments: Host Port" sys.exit-1 def run:...

Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities

Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities Title: ------ Adobe Photoshop Elements 8.0 Multiple Arbitrary Code Execution Vulnerabilities Vendor: ------- Adobe Systems Inc. http://www.adobe.com Product web page: -----------------...

cFTP 0.1 - r80 Arbitrary File Upload

cFTP 0.1 - r80 Arbitrary File Upload Software Link: https://code.google.com/p/clients-oriented-ftp/downloads/list Version: 0.1 Tested on: linux // Vulnerable URL $url = 'http://url domain/cFTP/'; // The file to upload $filename = dirnameFILE.'/info.php'; $failext = array'php', 'pl'; $username =...

HP Network Automation 9.10 - SQL Injection

HP Network Automation 9.10 - SQL Injection source: https://www.securityfocus.com/bid/48924/info HP Network Automation is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...

FLVPlayer4Free 2.9 - .fp4f Remote Buffer Overflow

FLVPlayer4Free 2.9 - .fp4f Remote Buffer Overflow source: https://www.securityfocus.com/bid/47045/info FLVPlayer4Free is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to...

Monkeys Audio - .ape Remote Buffer Overflow

Monkeys Audio - .ape Remote Buffer Overflow source: https://www.securityfocus.com/bid/46887/info Monkeyâ??s Audio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue...

Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection

Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection source: https://www.securityfocus.com/bid/46423/info Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP...

Multiple Vendor Calendar Manager - Remote Code Execution

Multiple Vendor Calendar Manager - Remote Code Execution / Rodrigo Rubira Branco BSDaemon - http://www.kernelhacking.com/rodrigo http://www.risesecurity.org / include include include include include define CMSDPROG 100068 define CMSDVERS 4 define CMSDINSERT 6 define CMSDUNKN 10 struct cmsend char...