ManageEngine OPutils 8.0 - Multiple Vulnerabilities

ManageEngine OPutils 8.0 - Multiple Vulnerabilities =================================================================================== Privilege escalation Vulnerability in ManageEngine oputils =================================================================================== Overview ========...

D-Link DVG­N5402SP - Multiple Vulnerabilities

D-Link DVG­N5402SP - Multiple Vulnerabilities Exploit Title: DLink DVG­N5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVG­N5402SP File Path Traversal...

D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities

D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed...

Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH)

Tomabo MP4 Player 3.11.6 - Local Stack Overflow SEH !/usr/bin/python Exploit Title: Tomabo MP4 Player 3.11.6 SEH Based Stack Overflow Exploit Author: @yokoacc, @nudragn, @runggareksya Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-player/download.html Vulnerable...

Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation

Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=437 Windows: CreateObjectTask SettingsSyncDiagnostics Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in...

OpenLDAP 2.4.42 - ber_get_next Denial of Service

OpenLDAP 2.4.42 - bergetnext Denial of Service Exploit Title: OpenLDAP 2.4.42 bergetnext DOS Date: 11/09/15 Exploit Author: Denis Andzakovic - Security-Assessment.com Vendor Homepage: http://www.openldap.org/ Software Link: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.42.tgz...

freeSSHd 1.3.1 - Denial of Service

freeSSHd 1.3.1 - Denial of Service ''' Exploit title: freesshd 1.3.1 denial of service vulnerability Date: 28-8-2015 Vendor homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeSSHd.exe Version: 1.3.1 Author: 3unnym00n Details: ---------------------------------------------...

Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec

Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec Source: https://code.google.com/p/google-security-research/issues/detail?id=425&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id To reproduce, host the attached files appropriately and:...

Microsoft Word - Local Machine Zone Code Execution (MS15-022)

Microsoft Word - Local Machine Zone Code Execution MS15-022 Exploit Title: Microsoft Word Local Machine Zone Remote Code Execution Vulnerability Date: July 15th, 2015 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com Version: 2007 Tested on: Microsoft Windows XP, 2003...

Koha 3.20.1 - Multiple SQL Injections

Koha 3.20.1 - Multiple SQL Injections Exploit Title: Koha Open Source ILS - Unauthenticated SQL Injection in OPAC Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research...

Cisco AnyConnect Secure Mobility 2.x3.x4.x - Client Denial of Service (PoC)

Cisco AnyConnect Secure Mobility 2.x3.x4.x - Client Denial of Service PoC !-- Cisco AnyConnect Secure Mobility Client Remote Command Execution Vendor: Cisco Systems, Inc. Product web page: http://www.cisco.com Affected version: 2.x 3.0 3.0.0A90 3.1.0472 3.1.05187 3.1.06073 3.1.06078 3.1.06079...

Burning Board 2.3.1 - SQL Injection

Burning Board 2.3.1 - SQL Injection Burning Board SQL Injection Vendor: Woltlab GmbH Product: Burning Board Version: = 2.3.1 Website: http://www.woltlab.de/ BID: 13643 CVE: CVE-2005-1642 OSVDB: 16575 SECUNIA: 15395 PACKETSTORM: 39262 Description: Burning Board is a popular, multi purpose forum /...

TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow (PoC)

TestDisk 6.14 - CheckOS2MB Stack Buffer Overflow PoC , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. TestDisk 6.14 CheckOS2MB Stack Buffer Overflow Affected versions: TestDisk 6.14 - Linux, Windows...

SolarWinds Orion Service - SQL Injection

SolarWinds Orion Service - SQL Injection I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the...

Publish-It 3.6d - Local Buffer Overflow (SEH)

Publish-It 3.6d - Local Buffer Overflow SEH !/usr/bin/python Title: Publish-It 3.6d - Buffer Overflow SEH Exploit Date: 2/16/15 Vulnerability: Discovery and PoC by Core Security http://www.exploit-db.com/exploits/31461/ Exploit Author: jakx Andrew Smith of Sword & Shield Enterprise Security Vendo...

SoftSphere DefenseWall FWIPS 3.24 - Local Privilege Escalation

SoftSphere DefenseWall FWIPS 3.24 - Local Privilege Escalation / Exploit Title - SoftSphere DefenseWall FW/IPS Arbitrary Write Privilege Escalation Date - 10th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.softsphere.com Tested Version - 3.24 Driver Version -...

Trend Micro 8.0.1133 (Multiple Products) - Local Privilege Escalation

Trend Micro 8.0.1133 Multiple Products - Local Privilege Escalation / Exploit Title - Trend Micro Multiple Products Arbitrary Write Privilege Escalation Date - 31st January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.trendmicro.co.uk/ Tested Version - 8.0.1133 Driver...

PhotoPost Classifieds 2.01 - Multiple Vulnerabilities

PhotoPost Classifieds 2.01 - Multiple Vulnerabilities PhotoPost Classifieds Multiple Vulnerabilities Vendor: All Enthusiast, Inc. Product: PhotoPost Classifieds Version: = 2.01 Website: http://www.photopost.com/class/ BID: 12156 OSVDB: 12728 12729 12730 12731 12732 12733 12734 12735 12736 12737...

GLPI 0.85 - Blind SQL Injection

GLPI 0.85 - Blind SQL Injection Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category...

ZTE ZXHN H108L - Authentication Bypass (2)

ZTE ZXHN H108L - Authentication Bypass 2 About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely...

WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload

WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload Exploit Title: Photo Gallery 1.2.5 Unrestricted File Upload Date: 11-11-2014 Software Link: https://wordpress.org/plugins/photo-gallery/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

WebTitan 4.01 (Build 68) - Multiple Vulnerabilities

WebTitan 4.01 Build 68 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WebTitan vulnerable version: 4.01 Build 68 fixed version: 4.04 impact: critic...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...

Jenkins 1.523 - Persistent HTML Code

Jenkins 1.523 - Persistent HTML Code 01. Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Informatio...

Dell Kace 1000 SMA 5.4.742 - SQL Injection

Dell Kace 1000 SMA 5.4.742 - SQL Injection Title: ====== Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities Date: ===== 2013-07-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=832 VL-ID: ===== 832 Common Vulnerability Scoring System:...

WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities

WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | ||...

Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC)

Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities PoC Multiple buffer overflows on Huawei SNMPv3 service ================================================== ADVISORY INFORMATION Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date:...

Joomla! 3.0.3 - remember.php PHP Object Injection

Joomla! 3.0.3 - remember.php PHP Object Injection ------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could...

AWS Xms 2.5 - importer.php?what Directory Traversal

AWS Xms 2.5 - importer.php?what Directory Traversal Advisory ID: HTB23147 Product: AWS XMS Vendor: http://www.aws-dms.com Vulnerable Versions: 2.5 and probably prior Tested Version: 2.5 Vendor Notification: March 6, 2013 Vendor Patch: March 16, 2013 Public Disclosure: March 27, 2013 Vulnerability...

Linux Kernel 3.3 3.8 (Ubuntu Fedora 18) - sock_diag_handlers() Local Privilege Escalation (3)

Linux Kernel 3.3 3.8 Ubuntu Fedora 18 - sockdiaghandlers Local Privilege Escalation 3 / quick'n'dirty poc for CVE-2013-1763 SOCKDIAG bug in kernel 3.3-3.8 bug found by Spender poc by SynQ hard-coded for 3.5.0-17-generic 28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux using...

Photodex ProShow Producer 5.0.3297 - .pxs Memory Corruption

Photodex ProShow Producer 5.0.3297 - .pxs Memory Corruption !/usr/bin/python Exploit Title: Photodex ProShow Producer v5.0.3297 .pxs Memory Corruption Vulnerability Version: = 5.0.3297 Date: 2013-02-14 Author: Julien Ahrens @MrTuxracer Homepage: http://www.inshell.net Software Link:...

cURL - Buffer Overflow (PoC)

cURL - Buffer Overflow PoC cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5messa...

Nagios3 - history.cgi Remote Command Execution

Nagios3 - history.cgi Remote Command Execution !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution =========================================================== Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more...

Centreon Enterprise Server 2.3.3 2.3.9-4 - Blind SQL Injection

Centreon Enterprise Server 2.3.3 2.3.9-4 - Blind SQL Injection !/usr/bin/env python Exploit Title: Centreon 2.3.3 - 2.3.9-4 menuXML.php Blind SQL Injection Exploit Disclosure Date: December 12, 2012 Author: modpr0be @modpr0be Platform: Linux Tested on: Centreon Enterprise Server with Centreon...

mcrypt 2.5.8 - Local Stack Overflow

mcrypt 2.5.8 - Local Stack Overflow !/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .=...

LAN.FS Messenger 2.4 - Command Execution

LAN.FS Messenger 2.4 - Command Execution Title: ====== LAN.FS Messenger v2.4 - Command Execution Vulnerability Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 760 Common Vulnerability Scoring System:...

Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)

Zoner Photo Studio 15 b3 - Buffer Overflow PoC Title: ====== Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Date: ===== 2012-11-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=759 VL-ID: ===== 759 Common Vulnerability Scoring System:...

ZPanel 10.0.1 - Cross-Site Request Forgery Cross-Site Scripting SQL Injection Password Reset

ZPanel 10.0.1 - Cross-Site Request Forgery Cross-Site Scripting SQL Injection Password Reset Exploit Title: ZPanel = 10.0.1 CSRF, XSS, SQLi, Password Reset Date: 04/11/2012 Exploit Author: pcsjj Vendor Homepage: http://www.zpanelcp.com/ Version: 10.0.1 Software Link:...

Trend Micro Control Manager 5.56.0 AdHocQuery - (Authenticated) Blind SQL Injection

Trend Micro Control Manager 5.56.0 AdHocQuery - Authenticated Blind SQL Injection !/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com...

QNX 6.5.0 QCONN 1.4.207944 - Remote Command Execution

QNX 6.5.0 QCONN 1.4.207944 - Remote Command Execution Title : QNX QCONN Remote Command Execution Vurnerability Version : QNX 6.5.0 = , QCONN = 1.4.207944 Download: http://www.qnx.com/download/feature.html?programid=23665 QNX Neutrino 6.5.0 SP1 Vendor : http://www.qnx.com Date : 2012/09/09 CVE : N...

SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities

SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities !-- Title: Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities Vendor: Spiceworks Inc. Product web page: http://www.spiceworks.com Affected version: 6.0.00993 and 6.0.00966 Summary: The Spiceworks IT Desktop delivers near...

CommPort 1.01 - Multiple Vulnerabilities

CommPort 1.01 - Multiple Vulnerabilities -------------------------------------------- CommPort 1.01 Vendor information: "A 'Community Portal' generator that can be tailored for any location. Each user gets a personal portal page to which they can add their own 'channels' or select from a growing...

Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities

Joomla! Component comjoomgalaxy 1.2.0.4 - Multiple Vulnerabilities Exploit Title: Joomla joomgalaxy 1.2.0.4 Multiple Vulnerabilites dork: inurl:comjoomgalaxy Date: 01-08-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor:...

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal Metasploit Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The...

Symantec pcAnywhere 12.5.0 - Login Password Remote Buffer Overflow

Symantec pcAnywhere 12.5.0 - Login Password Remote Buffer Overflow !/usr/bin/python Exploit Title: Symantec PcAnywhere login and password field buffer overflow Date: 2012.06.27 Author: S2 Crew Hungary Software Link: symantec.com Version: 12.5.0 Tested on: Windows XP SP2 CVE: CVE-2011-3478 EDB Not...

WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload

WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload Exploit Title: Wordpress Pica Photo Gallery 1.0 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/pica-photo-gallery/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://www.apptha.com Software Link:...

GIMP 2.6 script-fu 2.8.0 - Buffer Overflow (PoC)

GIMP 2.6 script-fu 2.8.0 - Buffer Overflow PoC / There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the...

Proman Xpress 5.0.1 - Multiple Vulnerabilities

Proman Xpress 5.0.1 - Multiple Vulnerabilities Title: ====== Proman Xpress v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=513 VL-ID: ===== 512 Common Vulnerability Scoring System:...

Lynx Message Server - Multiple Vulnerabilities

Lynx Message Server - Multiple Vulnerabilities 1. Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility...

Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)

Microsoft .NET Framework EncoderParameter - Integer Overflow MS12-025 ------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster,...