41207 matches found
PHP Telephone Directory - Multiple Vulnerabilities
PHP Telephone Directory - Multiple Vulnerabilities Exploit Title: PHP Telephone Directory - Multiple Vulnerabilities Date: 2016-10-16 Exploit Author: larrycompress Contact: [email protected] Type: webapps Platform: PHP Vendor Homepage: http://www.pagereactions.com/product.php?pku=2 Software...
Cisco Webex Player T29.10 - .WRF Use-After-Free Memory Corruption
Cisco Webex Player T29.10 - .WRF Use-After-Free Memory Corruption Application: Cisco Webex Player Platforms: Windows Versions: Cisco Webex Meeting Player version T29.10 Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: August 31, 2016 CVE:...
Subversion 1.6.61.6.12 - Code Execution
Subversion 1.6.61.6.12 - Code Execution This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne [email protected] Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available, subversion serv...
Sony Playstation 4 (PS4) 3.15 3.55 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 3.15 3.55 - WebKit Code Execution PoC PS4 3.55 Unsigned Code Execution ============== This GitHub Repository contains all the necessary tools for getting PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55. This Exploit, is based-off Henkaku'...
Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities
Advanced Webhost Billing System AWBS 2.9.6 - Multiple Vulnerabilities AWBS v2.9.6 Multiple Remote Vulnerabilities Vendor: Total Online Solutions, Inc. Product web page: http://www.awbs.com Affected version: 2.9.6 Platform: PHP Summary: Whether starting new or looking to expand your existing web...
Linux Kernel - ecryptfs proc$pidenviron Local Privilege Escalation
Linux Kernel - ecryptfs proc$pidenviron Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836 Stacking filesystems, including ecryptfs, protect themselves against deep nesting, which would lead to kernel stack overflow, by tracking the recursion depth of...
JVC HDRs Net (Multiple Cameras) - Multiple Vulnerabilities
JVC HDRs Net Multiple Cameras - Multiple Vulnerabilities | | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video +...
PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow
PHP 7.0.5 - ZipArchive::getFrom Integer Overflow Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex and getFromName methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/phpzip.c ,---- | 2679 static void...
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation MS16-048 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=692 Windows: CSRSS BaseSrvCheckVDM Session 0 Process Creation EoP Platform: Windows 8.1, not tested on Windows 10 or 7 Class:...
Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload
Oracle Application Testing Suite ATS 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload Exploit Title: Oracle Application Testing Suite Authentication Bypass and Arbitrary File Upload Remote Exploit Exploit Author: Zhou Yu Vendor Homepage: http://www.oracle.com/ Software Link:...
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-06 www.orwelllabs.com Twitter:@orwelllabs mantra: ...not affect a product that is in...
Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow
Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow !/usr/bin/python Meta information Exploit Title: Hexchat IRC client - CAP LS Handling Stack Buffer Overflow Date: 2016-02-07 Exploit Author: PizzaHatHacker Vendor Homepage: https://hexchat.github.io/index.html Software Link:...
FireEye - Malware Input Processor Privilege Escalation
FireEye - Malware Input Processor Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=670 The mip user is already quite privileged, capable of accessing sensitive network data. However, as the child process has supplementary gid contents, there is a very simple...
Adobe Digital Editions 4.5.0 - .pdf Critical Memory Corruption
Adobe Digital Editions 4.5.0 - .pdf Critical Memory Corruption Title: Adobe Digital Editions = 4.5.0 - Critical memory corruption Application: Adobe Digital Editions Version: 4.5.0 and earlier versions Platform: Windows, Macintosh, iOS and Android Software Link:...
Chamilo LMS IDOR - messageId Delete POST Injection
Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow !/usr/bin/env python Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow Exploit Vendor: Delta Electronics, Inc. Product web page: http://www.delta.com.tw Software link:...
WhatsUp Gold 16.3 - Remote Code Execution
WhatsUp Gold 16.3 - Remote Code Execution Exploit Title: WhatsUp Gold v16.3 Unauthenticated Remote Code Execution Date: 2016-01-13 Exploit Author: Matt Buzanowski Vendor Homepage: http://www.ipswitch.com/ Version: 16.3.x Tested on: Windows 7 x86 CVE : CVE-2015-8261 Usage: python...
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation Source: https://code.google.com/p/google-security-research/issues/detail?id=515 NVIDIA: Stereoscopic 3D Driver Service Arbitrary Run Key Creation Platform: Windows, NVIDIA Service Version 7.17.13.5382 Class: Elevation...
D-Link DIR-815 DIR-850L - SSDP Command Injection
D-Link DIR-815 DIR-850L - SSDP Command Injection Advisory Information Title: SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L Vendors contacted: William Brown Dlink Release mode: Released CVE: None Note: All these security issues have been discussed with the...
Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH)
Tomabo MP4 Player 3.11.6 - Local Stack Overflow SEH !/usr/bin/python Exploit Title: Tomabo MP4 Player 3.11.6 SEH Based Stack Overflow Exploit Author: @yokoacc, @nudragn, @runggareksya Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-player/download.html Vulnerable...
Tenda N3 Wireless N150 Router - Authentication Bypass
Tenda N3 Wireless N150 Router - Authentication Bypass Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers Date: 03-09-2015 Software Link: http://tendacn.com/en/product/N150.html Exploit Author: Mandeep Jadon Contact: http://twitter.com/1337tr0lls Website:...
4 TOTOLINK Router Models - Backdoor Credentials
4 TOTOLINK Router Models - Backdoor Credentials Advisory Information Title: Backdoor credentials found in 4 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt Blog URL:...
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Symantec Endpoint Protection 12.1.4013 - Service Disabling Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection...
Endian Firewall 3.0.0 - OS Command Injection (Metasploit)
Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection 0-day Website : http://codecanyon.net/item/phpsfp-schedule-facebook-posts/5177393...
Acunetix 9.5 - OLE Automation Array Remote Code Execution
Acunetix 9.5 - OLE Automation Array Remote Code Execution !/usr/bin/python import BaseHTTPServer, sys, socket Acunetix OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 27 Mar 2015 Version: acunetix.exe Video:...
SolarWinds Orion Service - SQL Injection
SolarWinds Orion Service - SQL Injection I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the...
LG DVR LE6016D - Remote UsersPasswords Disclosure
LG DVR LE6016D - Remote UsersPasswords Disclosure !/usr/bin/perl LG DVR LE6016D unauthenticated remote users/passwords disclosure exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Digital video recorder DVR surveillance is the use of cameras, often hidden or concealed, that use...
Symantec Encryption Management Server 3.2.0 MP6 - Remote Command Injection
Symantec Encryption Management Server 3.2.0 MP6 - Remote Command Injection Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encrypti...
ecommerceMajor - SQL Injection Authentication Bypass
ecommerceMajor - SQL Injection Authentication Bypass Exploit Title : ecommercemajor ecommerce CMS SQL Injection and Authentication bypass Author : Manish Kishan Tanwar Home page Link : https://github.com/xlinkerz/ecommerceMajor Date : 22/01/2015 Discovered at : IndiShell Lab Love to : zero...
Postfix-SMTP---Shellshock
Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x 4.2.48 !/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bas...
PHPMyRecipes 1.2.2 - browse.php?category SQL Injection
PHPMyRecipes 1.2.2 - browse.php?category SQL Injection Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered...
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress Plugin DukaPress 2.5.2 - Directory Traversal Exploit Title: DukaPress 2.5.2 Path Traversal Date: 27-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/dukapress.2.5.2.zip Category: webapps CVE: CVE-2014-8799 1...
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)
Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2...
WebsiteBaker 2.8.3 - Multiple Vulnerabilities
WebsiteBaker 2.8.3 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score...
Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting
Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting Nessus Web UI 2.3.3: Stored XSS ========================================================= CVE number: CVE-2014-7280 Permalink: http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html Vendor advisory:...
dbPowerAmp 2.010.0 - Local Buffer Overflow
dbPowerAmp 2.010.0 - Local Buffer Overflow dbPowerAmp Buffer Overflow Vendor: Illustrate Product: dbPowerAmp Version: = 2.0/10.0 Website: http://www.dbpoweramp.com BID: 11266 CVE: CVE-2004-1569 OSVDB: 10380 11126 11127 SECUNIA: 12684 PACKETSTORM: 34531 Description: Often called the Swiss Army kni...
ALCASAR 2.8.1 - Remote Code Execution
ALCASAR 2.8.1 - Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8.1 Remote Root Code Execution Vulnerability Author: eF Date : 2014-09-12 URL : http://www.alcasar.net/ This is not a responsible disclosure coz' I have no sense of ethics and I don't give a fck. db 88...
C99Shell (Web Shell) - c99.php Authentication Bypass
C99Shell Web Shell - c99.php Authentication Bypass Exploit Title: C99 Shell Authentication Bypass via Backdoor Google Dork: inurl:c99.php Date: June 23, 2014 Exploit Author: mandatory Matthew Bryant Vendor Homepage: http://ccteam.ru/ Software Link: https://www.google.com/ Version: ", " ",...
Skybox Security 6.3.x 6.4.x - Multiple Denial of Service Vulnerabilities
Skybox Security 6.3.x 6.4.x - Multiple Denial of Service Vulnerabilities Exploit Title: SKYBOX Security - DDOS Date: 22-Jan-2014 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.skyboxsecurity.com Version: Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54,...
IBM Tealeaf CX 8.8 - Remote OS Command Injection
IBM Tealeaf CX 8.8 - Remote OS Command Injection IBM Tealeaf CX v8 release 8 Remote OS Command Injection Date: 11/08/2013 Exploit author: drone More information: http://www-01.ibm.com/support/docview.wss?uid=swg21667630 Vendor homepage: http://www-01.ibm.com/software/info/tealeaf/ Version: Versio...
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in...
CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting
CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting Exploit Title: CTERA Project Folders - Stored XSS Date: 11-Mar-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.ctera.com Version: 3.2.29.0 and 3.2.42.0 Tested on: ctera os CVE : CVE-2013-2639 OVERVIEW Standard Ctera User...
XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access
XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access ============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel García Cárdenas - Severity: 6,8/10 CVSS Ba...
Share KM 1.0.19 - Remote Denial of Service
Share KM 1.0.19 - Remote Denial of Service Advisory Information : ====================== Title : Share KM 1.0.19 - Remote Denial Of Service Advisory ID : Cr02013-001 Product : Share KM desktop setup file Vendor : SmartUX Vulnerable Versions : 1.0.19 and probably prior release Tested Version :...
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities Date: Sep 17 2013 Exploit Author: xistence Vendor Homepage: www.open-emr.org Tested on: CentOS 5.9 32-bit Affected Version : 4.1.1 Patch 14 and lower Fix: Upgrade to OpenEMR 4.1.2...
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities Title: ====== Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=791 VL-ID: ===== 791 Common...
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia,...
MoinMoin - Arbitrary Command Execution
MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...
WPS Office - Wpsio.dll Stack Buffer Overflow
WPS Office - Wpsio.dll Stack Buffer Overflow WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/25140.tgz 1 Summary CVE number: CVE-2012-4886 Impact: High Vendor homepage: http://www.wps.cn Credit:...