Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass

Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass ''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer...

Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference

Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference...

Barco ClickShare CSE-200 - Remote Denial of Service

Barco ClickShare CSE-200 - Remote Denial of Service !/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT...

WordPress Plugin Background Takeover 4.1.4 - Directory Traversal

WordPress Plugin Background Takeover 4.1.4 - Directory Traversal Exploit Title: WP Background Takeover, Directory Traversal = 4.1.4 Google Dork: inurl:/plugins/wpsite-background-takeover Date: 2018-03-08 Exploit Author: Colette Chamberland, Defiant, Inc. Vendor Homepage: https://99robots.com...

LifeSize ClearSea 3.1.4 - Directory Traversal

LifeSize ClearSea 3.1.4 - Directory Traversal ''' Tittle: LifeSize ClearSea 3.1.4 Directory Traversal Vulnerabilities Author: rsp3ar Impact: Remote Code Execution Post-Authentication Recommendation: Use strong password for default 'admin' user and secure management access to the device. Please...

OpenSSH 6.6 SFTP - Command Execution

OpenSSH 6.6 SFTP - Command Execution OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16 print "+ Stack mapped @ -".formataddr0, ad...

MikroTik RouterOS 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution

MikroTik RouterOS 6.38.4 x86 - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import...

Asterisk chan_pjsip 15.2.0 - SDP Denial of Service

Asterisk chanpjsip 15.2.0 - SDP Denial of Service ''' Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory...

Joomla! Component JS Autoz 1.0.9 - SQL Injection

Joomla! Component JS Autoz 1.0.9 - SQL Injection Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/ Software...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage:...

userSpice 4.3 - Cross-Site Scripting

userSpice 4.3 - Cross-Site Scripting Application UserSpice PHP user management Vulnerability userSpice alert"1"&csrf=8b1339546d6af1e7536da0a705302e9c&updatebio= Vulnerable code: id?" class="nounderline"id?...

Advantech WebAccess 8.3.0 - Remote Code Execution

Advantech WebAccess 8.3.0 - Remote Code Execution Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...

LogicalDOC Enterprise 7.7.4 - User Enumeration

LogicalDOC Enterprise 7.7.4 - User Enumeration LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management...

Advantech WebAccess 8.3 - SQL Injection

Advantech WebAccess 8.3 - SQL Injection !/usr/bin/python2.7 Exploit Title: Advantech WebAccess BWSCADARest Login Method SQL Injection Authentication Bypass Vulnerability Date: 01-13-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...

Blizzard Update Agent - JSON RPC DNS Rebinding

Blizzard Update Agent - JSON RPC DNS Rebinding All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RP...

Photos in Wifi 1.0.1 - Path Traversal

Photos in Wifi 1.0.1 - Path Traversal Document Title: =============== Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-I...

Sync Breeze 10.2.12 - Denial of Service

Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...

FS Indiamart Clone 1.0 - token id c SQL Injection

FS Indiamart Clone 1.0 - token id c SQL Injection Exploit Title: FS Indiamart Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/indiamart-clone/ Demo: http://indiamart-clone.demonstration.co.in/...

Perspective ICM Investigation Case 5.1.1.16 - Privilege Escalation

Perspective ICM Investigation Case 5.1.1.16 - Privilege Escalation Exploit Title: Privilege Escalation - Perspective ICM Investigation & Case - 5.1.1.16 Date Reported to vendor: Jun 28, 2017 Date Accepted by vendor: Jun 11, 2017 Exploit Author: [email protected] Vendor Homepage:...

WebKit - WebCore::SVGPatternElement::collectPatternAttributes Out-of-Bounds Read

WebKit - WebCore::SVGPatternElement::collectPatternAttributes Out-of-Bounds Read / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1350 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC:...

VX Search 10.2.14 - Proxy Local Buffer Overflow (SEH)

VX Search 10.2.14 - Proxy Local Buffer Overflow SEH !/usr/bin/env python Exploit Title : VXSearch v10.2.14 Local SEH Overflow Date : 11/16/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.flexense.com/ Software link : http://www.vxsearch.com/setups/vxsearchentsetupv10.2.14.exe Version :...

Ulterius Server 1.9.5.0 - Directory Traversal

Ulterius Server 1.9.5.0 - Directory Traversal Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link:...

Ametys CMS 4.0.2 - Password Reset

Ametys CMS 4.0.2 - Password Reset Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for...

Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution

Cisco UCS Platform Emulator 3.12ePE1 - Remote Code Execution Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a...

Vastal I-Tech Dating Zone 0.9.9 - product_id SQL Injection

Vastal I-Tech Dating Zone 0.9.9 - productid SQL Injection Exploit Title: Vastal I-Tech Dating Zone 0.9.9 - 'productid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/dating-zone-the-dating-software.html Demo:...

OpenText Documentum Content Server - dmr_content Privilege Escalation

OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...

ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow (DEP Bypass)

ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow DEP Bypass import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EA...

ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)

ZScada Modbus Buffer 2.0 - Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'ZScada Net Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Z-Scada Net 2.0. The vulnerability is triggered when parsing the response to a Modbus...

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ Software Link...

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114...

NoMachine 5.3.9 - Local Privilege Escalation

NoMachine 5.3.9 - Local Privilege Escalation """ Exploit Title: NoMachine LPE - Local Privilege Escalation Date: 09/08/2017 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.nomachine.com Software Link: https://www.nomachine.com Version: 5.3.9 Tested on: OSX CVE : CVE-2017-12763...

Unitrends UEB 9.1 - Privilege Escalation

Unitrends UEB 9.1 - Privilege Escalation Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage:...

FortiOS 5.6.0 - Cross-Site Scripting

FortiOS 5.6.0 - Cross-Site Scripting Title: FortiOS = 5.6.0 Multiple XSS Vulnerabilities Vendor: Fortinet www.fortinet.com CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 Date: 28.07.2016 Author: Patryk Bogdan @patrykbogdan Affected FortiNet products: CVE-2017-3131 : FortiOS versions 5.4.0 to...

PuTTY 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption

PuTTY 0.68 - sshagentchanneldata Integer Overflow Heap Corruption Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a...

Trend Micro Deep Security 6.5 - XML External Entity Injection Local Privilege Escalation Remote Code Execution

Trend Micro Deep Security 6.5 - XML External Entity Injection Local Privilege Escalation Remote Code Execution The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delive...

Tecnovision DLX Spot - SSH Backdoor Access

Tecnovision DLX Spot - SSH Backdoor Access Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1,...

ExtraPuTTY 0.29-RC2 - Denial of Service

ExtraPuTTY 0.29-RC2 - Denial of Service + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================== www.extraputty.com Product:...

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...

pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery

pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell...

Joomla! Component GPS Tools 4.0.1 - SQL Injection

Joomla! Component GPS Tools 4.0.1 - SQL Injection Exploit Title: Joomla! Component GPS Tools v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comgpstools Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy:...

Artifex MuPDF mujstest 1.10a - Null Pointer Dereference

Artifex MuPDF mujstest 1.10a - Null Pointer Dereference Source: http://seclists.org/oss-sec/2017/q1/458 Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output: mujstest...

Microsoft WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read (MS16-104MS16-105)

Microsoft WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read MS16-104MS16-105 !-- Source: http://blog.skylined.nl/20161110001.html Synopsis A specially crafted HTTP response can cause the CHttp­Header­Parser::Parse­Status­Line method in WININET to read data beyond the end of ...

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored...

SPIP 3.1.2 Template CompilerComposer - PHP Code Execution

SPIP 3.1.2 Template CompilerComposer - PHP Code Execution SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free...

Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection

Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection Title: Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Joomla extension v1.0.6 Author: Larry W. Cashdollar, @larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-portfolio-gallery/ Vendor: huge-it.com Vendor Notified...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...

Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)

Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion MS16-063 !-- CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion ============================================================================ This information is available in an easier to read...

VirIT Explorer Lite Pro 8.1.68 - Local Privilege Escalation

VirIT Explorer Lite Pro 8.1.68 - Local Privilege Escalation / Full title: VirIT Explorer Lite & Pro v.8.1.68 Local Privilege Escalation System/Arbitrary Code Execution Exploit Author: Paolo Stagno - [email protected] Vendor Homepage: http://www.tgsoft.it Version: VirIT Explorer Lite & Pro...