41207 matches found
ATutor 1.2 - Multiple Vulnerabilities
ATutor 1.2 - Multiple Vulnerabilities Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authenticatio...
Omnistar Mailer 7.2 - Multiple Vulnerabilities
Omnistar Mailer 7.2 - Multiple Vulnerabilities Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System:...
Trend Micro Control Manager 5.56.0 AdHocQuery - (Authenticated) Blind SQL Injection
Trend Micro Control Manager 5.56.0 AdHocQuery - Authenticated Blind SQL Injection !/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com...
Able2Doc and Able2Doc Professional 6.0 - Memory Corruption
Able2Doc and Able2Doc Professional 6.0 - Memory Corruption Exploit Title: Able2Doc and Able2Doc Professional v 6.0 memory corruption Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:6.0 Tested on: Windows 7 CVE : cve-2011-4221 payload...
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash Denial of Service PoC Title: Qutecom Cross-platform, open source softphone Heap Overflow DoS/Crash Proof of Concept Date: 14th June 2012 Exploit Author: Debasish Mandal Author's Blog : http://www.debasish.in/ Vendor Homepage: http://qutecom.org/...
WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload
WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload Exploit Title: Wordpress Pica Photo Gallery 1.0 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/pica-photo-gallery/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.apptha.com Software Link:...
WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload
WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload Exploit Title: Wordpress Omni-secure-files 0.1.13 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/omni-secure-files/ Date: 07/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://omni-secure.com/ Software Link...
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC)
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow PoC ; msvcrt.sprintf 03238246 52 push edx 03238247 8D8C24 EC020000 lea ecx,dword ptr ss:esp+2EC 0323824E 68 48612603 push PlayerPT.03266148 ; ASCII "%s" 03238253 51 push ec...
Adobe Photoshop 12.1 - .tiff Parsing Use-After-Free
Adobe Photoshop 12.1 - .tiff Parsing Use-After-Free Application: Adobe Photoshop 12.1 Tiff Parsing Use-After-Free Platforms: Windows PRL: 2012-07 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...
Snom IP Phone - Privilege Escalation
Snom IP Phone - Privilege Escalation Sense of Security - Security Advisory - SOS-12-001 Release Date. 23-Feb-2012 Last Update. - Vendor Notification Date. 27-Jan-2012 Product. Snom IP Phone series Platform. Hardware Affected versions. All versions prior to v8.4.35 Severity Rating. High Impact...
Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass
Apache 2.2.15 modproxy - Reverse Proxy Security Bypass source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about runni...
Linux Kernel 2.6.39 3.2.2 (x86x64) - Mempodipper Local Privilege Escalation (2)
Linux Kernel 2.6.39 3.2.2 x86x64 - Mempodipper Local Privilege Escalation 2 / Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per...
Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities
Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities !/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link:...
glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation
glibc - LDAUDIT Arbitrary DSO Load Privilege Escalation !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file...
Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow (PoC)
Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow PoC g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception ha...
Microsoft Win32k - Null Pointer De-reference (PoC) (MS11-077)
Microsoft Win32k - Null Pointer De-reference PoC MS11-077 Exploit Title: MS11-077 Win32k Null Pointer De-reference Vulnerability POC Date: 10/19/2011 Author: KiDebug Version: Windows XP SP3 32bit Tested on: Windows XP SP3 32bit CVE : CVE-2011-1985 Exploit Code. Only a single line of code can caus...
Cogent DataHub 7.1.1.63 - Integer Overflow
Cogent DataHub 7.1.1.63 - Integer Overflow Luigi Auriemma Application: Cogent DataHub http://www.cogentdatahub.com/Products/CogentDataHub.html Versions: = 7.1.1.63 Platforms: Windows Bug: integer overflow Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...
HP Network Automation 9.10 - SQL Injection
HP Network Automation 9.10 - SQL Injection source: https://www.securityfocus.com/bid/48924/info HP Network Automation is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...
Freefloat FTP Server - MKD Remote Buffer Overflow (Metasploit)
Freefloat FTP Server - MKD Remote Buffer Overflow Metasploit require 'msf/core' class Metasploit3 'Freefloat FTP Server MKD Command Stack Overflow', 'Description' = %q This module exploits a buffer overflow vulnerability found in the MKD command in the Freefloat FTP server. , 'Author' = 'C4SS!0...
IBM Web Application Firewall - Bypass
IBM Web Application Firewall - Bypass Trustwave's SpiderLabs Security Advisory TWSL2011-006: IBM Web Application Firewall Bypass https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt Published: 2011-06-21 Version: 1.0 Vendor: IBM Product: IBM Web Application Firewall These capabilities...
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize...
Pligg CMS 1.1.3 - Multiple Vulnerabilities
Pligg CMS 1.1.3 - Multiple Vulnerabilities Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became evailable;...
Monkeys Audio - .ape Remote Buffer Overflow
Monkeys Audio - .ape Remote Buffer Overflow source: https://www.securityfocus.com/bid/46887/info Monkeyâ??s Audio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue...
Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection
Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection source: https://www.securityfocus.com/bid/46423/info Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP...
CuteZip 2.1 - Local Buffer Overflow
CuteZip 2.1 - Local Buffer Overflow !/usr/bin/perl +Exploit Title: Exploit Buffer Overflow CuteZip 2.1 +Date: 02\12\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.globalscape.com/files/cutezip20b.exe +Version: 2.1 build 9.24.1 +Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN +CVE: N/A Comment i...
SiteScape Enterprise Forum 7 - TCL Injection
SiteScape Enterprise Forum 7 - TCL Injection !/usr/bin/env python """ -- coding: utf-8 -- sitescapesploit.py Copyright 2010 Spencer McIntyre This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
Joomla! Component JE Auto - Local File Inclusion
Joomla! Component JE Auto - Local File Inclusion Name : Joomla comjeauto LFI Vulnerability Date : Dec,7 2010 Vendor Url :http://joomlaextensions.co.in/jeauto Dork:inurl:comjeauto Author : Sid3^effects aKa HaRi Big hugs : Th3 RDX,Hananbutt, special thanks to : r0073r inj3ct0r.com,L0rd...
Native Instruments (Multiple Products) - DLL Loading Arbitrary Code Execution
Native Instruments Multiple Products - DLL Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/44989/info Multiple products from Native Instruments are prone to multiple vulnerabilities that let attackers execute arbitrary code. An attacker can exploit these issues by...
Camtron CMNC-200 IP Camera - Directory Traversal
Camtron CMNC-200 IP Camera - Directory Traversal Finding 2: Directory Traversal in Camera Web Server CVE: CVE-2010-4231 The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera...
Apple Directory Services - Memory Corruption
Apple Directory Services - Memory Corruption Apple Directory Services Memory Corruption CVE-2010-1840 INTRODUCTION chfn, chpass and chsh dos not properly parse authname switch "-u", which causes the applications to crash when parsing a long string. Those binaries are setuid root by default. This...
Zoopeer 0.10.2 - FCKeditor Arbitrary File Upload
Zoopeer 0.10.2 - FCKeditor Arbitrary File Upload ============================================================= Zoopeer 0.1 & 0.2 fckeditor Zoopeer Shell Upload Vulnerability ============================================================= Exploit Title: Zoopeer 0.1 & 0.2 fckeditor Date: 27-10-2010...
Webspell wCMS-Clanscript4.01.02net - static Blind SQL Injection
Webspell wCMS-Clanscript4.01.02net - static Blind SQL Injection ----------------------------Information------------------------------------------------ +Autor : Easy Laster +ICQ : 11-051-551 +Date : 29.09.2010 +Script : Webspell wCMS-Clanscript4.01.02net= static&static Blind SQL Injection Exploit...
Mozilla Firefox CSS - font-face Remote Code Execution
Mozilla Firefox CSS - font-face Remote Code Execution ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moabu-15-mozilla-firefox-css-font-face-remote-code-execution-vulnerability/...
Mozilla Firefox 3.6.4 - Plugin EnsureCachedAttrParamArrays Remote Code Execution
Mozilla Firefox 3.6.4 - Plugin EnsureCachedAttrParamArrays Remote Code Execution ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | page demonstration """ i=0 whilei\n";...
Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow
Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/...
Computer Associates Oneview Monitor 6.0 - doSave.jsp Remote Code Execution
Computer Associates Oneview Monitor 6.0 - doSave.jsp Remote Code Execution source: https://www.securityfocus.com/bid/42413/info Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input...
Struts2XWork 2.2.0 - Remote Command Execution
Struts2XWork 2.2.0 - Remote Command Execution Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 releas...
Joomla! Component Phoca Gallery 2.7.3 - SQL Injection
Joomla! Component Phoca Gallery 2.7.3 - SQL Injection --------------------------------------------------------------------------- Founded by RoAdKiLlEr Team: Albanian Hacking Crew Contact: RoAdKiLlEratKhg-CrewdotWs Home: http://a-h-crew.net Download...
MooreAdvice - productlist.asp SQL Injection
MooreAdvice - productlist.asp SQL Injection Exploit Title: MooreAdvice productlist.asp SQL injection Vulnerable Date: 1-07-2010 Author: Th3 RDX Software Link: Version: n/a Tested on: Demo Site category: webapp Code : n/a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
CubeCart PHP 4.3.x - shipkey SQL Injection
CubeCart PHP 4.3.x - shipkey SQL Injection SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application 1. Advisory Information Title: SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application Advisory Id: CORE-2010-0415 Advisory URL:...
Joomla! Component JE Job 1.0 - catid SQL Injection
Joomla! Component JE Job 1.0 - catid SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
GlobalWebTek Design - SQL Injection
GlobalWebTek Design - SQL Injection .----..--.--.| |--..-----..----.| |.-----..-----. | || | || || -|| || || || | ||| ||||||| ||||| | || || GlobalWebTek Design SQL Injection Vulnerability Vendor: http://www.globalwebtek.com/ Discovered by : cyberlog Site : Sekuritionline.net Channel :...
3Com* iMC (Intelligent Management Center) - Cross-Site Scripting Information Disclosure Flaws
3Com iMC Intelligent Management Center - Cross-Site Scripting Information Disclosure Flaws PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January...
Spaw Editor 1.02.0 - Arbitrary File Upload
Spaw Editor 1.02.0 - Arbitrary File Upload Tilte: Spaw Editor v1.0 & 2.0 Remote File Upload . Date....................: 20-05-2010 Author..................: Ma3sTr0-Dz Location ...............: Algeria Software ...............: Spaw Editor v1 & v2 Impact..................: Remote Site Software...
Microsoft Windows - SMB2 Negotiate Protocol 0x72 Response Denial of Service
Microsoft Windows - SMB2 Negotiate Protocol 0x72 Response Denial of Service !/usr/bin/python === EDIT – this exploit appears to be exactly the same one of one which was already found and fixed notified by Laurent Gaffié, i did not know this but his blog post can be found here:...
AJ Shopping Cart 1.0 (maincatid) - SQL Injection
AJ Shopping Cart 1.0 maincatid - SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
EasyFTP Server 1.7.0.2 - CWD Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.2 - CWD Buffer Overflow Metasploit Exploit Title: EasyFTP Server 'EasyFTP Server %q This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.2. EasyFTP fails to check input size when parsing 'CWD' commands, which allows for easy stack based buffer overflow...
Joomla! Component mv_restaurantmenumanager - SQL Injection
Joomla! Component mvrestaurantmenumanager - SQL Injection ========================================================= Joomla component mvrestaurantmenumanager SQL injection Vulnerability ========================================================= Exploit Title : joomla component mvrestaurantmenumanag...
DZ Auktionshaus V4.rgo - id news.php?SQL Injection
DZ Auktionshaus V4.rgo - id news.php?SQL Injection ----------------------------Information------------------------------------------------ +Name : DZ Auktionshaus "V4.rgo" id news.php SQL Injection +Autor : Easy Laster +Date : 08.03.2010 +Script : DZ Auktionshaus "V4.rgo" +Price : 99,99€ +Languag...
DA Mailing List System 2 - Multiple Vulnerabilities
DA Mailing List System 2 - Multiple Vulnerabilities DA Mailing List System V2 Remote Admin Login Exploit Author : Phenom Dork: DA Mailing List System V2 Powered by DigitalArakan.Net Version : 2 Exploit : 1- http://server/path/admincp.asp 2- login with "admin" as user name and 'or' as password...