Cloupia End-to-end FlexPod Management - Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes...

Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution

Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution ?PHP / -------------------------------------------------------------------------------- Title: Simple File Upload v1.3 module for joomla Remote Code Execution Exploit...

CoDeSys SCADA 2.3 - Remote Buffer Overflow

CoDeSys SCADA 2.3 - Remote Buffer Overflow / See Also: http://aluigi.altervista.org/adv/codesys1-adv.txt CoDeSys v2.3 Industrial Control System Development Software Remote Buffer Overflow Exploit for CoDeSys Scada webserver Author : Celil UNUVER, SignalSEC Labs www.signalsec.com Tested on WinXP S...

CaupoShop Pro (2.x 3.70) Classic 3.01 - Local File Inclusion

CaupoShop Pro 2.x 3.70 Classic 3.01 - Local File Inclusion CaupoShop Pro 2.x/ = 3.70 Local File Include Vulnerability ----------------------------------------------------------------------------------------- Vuln Softwares : CaupoShop Pro 2.x CaupoShop Classic 3.01 CaupoShop Pro 3.70 Discovered B...

WordPress Plugin BackWPUp 2.1.4 - Code Execution

WordPress Plugin BackWPUp 2.1.4 - Code Execution Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote...

Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer

Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer Luigi Auriemma Application: Microsys PROMOTIC http://www.promotic.eu/en/promotic/scada-pm.htm Versions: 8.1.4 Platforms: Windows Bug: ActiveX GetPromoticSite unitialized pointer Exploitation: remote Date: 30 Oct 2011 Author:...

Vivvo CMS - Local File Inclusion

Vivvo CMS - Local File Inclusion !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Exploit Title: Vivvo CMS - Local File include ! D0rk: Find YourSelf = ! Date: Sun, 02 Oct 2011 11:55:00 = ! Author: JaBrOtxHaCkEr ! Email My ^ [email protected] ^ ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...

Blue Coat Reporter - Directory Traversal

Blue Coat Reporter - Directory Traversal Exploit Title: Blue Coat Reporter Unauthenticated Directory Traversal Author: nitr0us / http://twitter.com/nitr0usmx Software Link: http://www.bluecoat.com/products/reporter Version: 9.2.x - 9.1.x Tested on: Windows Server 2003 Standard Blue Coat Reporter...

CS-Cart 2.2.1 - products.php SQL Injection

CS-Cart 2.2.1 - products.php SQL Injection source: https://www.securityfocus.com/bid/49378/info CS-Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Adobe Reader 5.1 - XFDF Buffer Overflow (SEH)

Adobe Reader 5.1 - XFDF Buffer Overflow SEH Exploit Title: Adobe Reader 5.1 XFDF Buffer Overflow Vulnerability SEH Google Dork: N/A or filtype ".xfdf" Date: 04/01/2011 Author: [email protected] / http://extraexploit.blogspot.com Software Link: http://www.oldversion.com/download/acrobat51.exe...

tmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation

tmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation --------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation...

Dream Vision Technologies Web Portal - SQL Injection

Dream Vision Technologies Web Portal - SQL Injection Title : Dream Vision Technologies SQL Injection Vulnerability Author: eXeSoul Home : 1337day.com or www.indishell.in /www.andhrahackers.com Email : [email protected] date : 6/04/2011 d0rk:- Developed and Managed by Dream Vision Technologies Pvt...

Monkeys Audio - .ape Remote Buffer Overflow

Monkeys Audio - .ape Remote Buffer Overflow source: https://www.securityfocus.com/bid/46887/info Monkeyâ??s Audio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue...

PHP Exif Extension - exif_read_data() Remote Denial of Service

PHP Exif Extension - exifreaddata Remote Denial of Service Source: http://permalink.gmane.org/gmane.comp.security.oss.general/4198 ===================================================================== PHP Exif 64bit Casting Vulnerability...

SiteScape Enterprise Forum 7 - TCL Injection

SiteScape Enterprise Forum 7 - TCL Injection !/usr/bin/env python """ -- coding: utf-8 -- sitescapesploit.py Copyright 2010 Spencer McIntyre This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload

MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload ============================================== File Upload Vulnerability Plugins tinymce ============================================== http://tinymce.moxiecode.com/pluginsfilemanager.php Major version 3 Minor version 2.2.3 Author :...

HP Insight Diagnostics Online Edition 8.4 - search.php Cross-Site Scripting

HP Insight Diagnostics Online Edition 8.4 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/45420/info HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker m...

Wolf CMS 0.6.0b - Multiple Vulnerabilities

Wolf CMS 0.6.0b - Multiple Vulnerabilities Vulnerability ID: HTB22681 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwolfcms.html Product: Wolf CMS Vendor: Wolf CMS team http://www.wolfcms.org/ Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010...

Camtron CMNC-200 IP Camera - Denial of Service

Camtron CMNC-200 IP Camera - Denial of Service Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests...

Apple Directory Services - Memory Corruption

Apple Directory Services - Memory Corruption Apple Directory Services Memory Corruption CVE-2010-1840 INTRODUCTION chfn, chpass and chsh dos not properly parse authname switch "-u", which causes the applications to crash when parsing a long string. Those binaries are setuid root by default. This...

Zoopeer 0.10.2 - FCKeditor Arbitrary File Upload

Zoopeer 0.10.2 - FCKeditor Arbitrary File Upload ============================================================= Zoopeer 0.1 & 0.2 fckeditor Zoopeer Shell Upload Vulnerability ============================================================= Exploit Title: Zoopeer 0.1 & 0.2 fckeditor Date: 27-10-2010...

Microsoft Excel - OBJ Record Stack Overflow

Microsoft Excel - OBJ Record Stack Overflow ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-24-microsoft-excel-obj-record-stack-overflow/...

Adobe Acrobat and Reader - pushstring Memory Corruption

Adobe Acrobat and Reader - pushstring Memory Corruption ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | ' + self.eol else: self.content += self.eol + data + self.eol self.content += 'endobj' + self.eol def objSWFStreamself, objnum, data, stream:...

dompdf 0.6.0 beta1 - Remote File Inclusion

dompdf 0.6.0 beta1 - Remote File Inclusion ================================== apps dompdf RFI Vulnerability ================================== ==================================================== x ExpL0it TitLe : apps dompdf RFI Vulnerability x DatE : 01 September 2010 x AutH0r : AndreCorleone x...

Joomla! Component com_zina - SQL Injection

Joomla! Component comzina - SQL Injection Exploit Title: Joomla Component comzina SQL Injection Vulnerability Date: 21-08-2010 Author: Th3 RDX Software Link:http://www.pancake.org/zina/ Version: 2.x Tested on: Demo Site category: webapp Code : n/a...

Computer Associates Oneview Monitor 6.0 - doSave.jsp Remote Code Execution

Computer Associates Oneview Monitor 6.0 - doSave.jsp Remote Code Execution source: https://www.securityfocus.com/bid/42413/info Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input...

Struts2XWork 2.2.0 - Remote Command Execution

Struts2XWork 2.2.0 - Remote Command Execution Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 releas...

ISC DHCPD - Denial of Service

ISC DHCPD - Denial of Service ! /usr/bin/env python Exploit title: isc-dhcpd DoS Date: 03/07/2010 Author: sid Software Link: https://www.isc.org/software/dhcp Version: 4.0.x, 4.1.x, 4.2.x CVE: cve-2010-2156 ps: is possible make a bruteforce on subnet ip address to find a correct value. import sys...

HP OpenView Network Node Manager (OV NNM) - getnnmdata.exe CGI Invalid Hostname Remote Code Execution

HP OpenView Network Node Manager OV NNM - getnnmdata.exe CGI Invalid Hostname Remote Code Execution Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Date: 2010.07.02 Author: S2 Crew Hungary Software Link: hp.com Version: 7.53 Tested on: Windows 2003 CVE:...

OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities

OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities Redspin Security Notice -- RSN-2010-01 Multiple vulnerabilities in OpenEMR Electronic Medical Record Software Overview ---------------- Quote from http://www.oemr.org/ OpenEMR is a free medical practice management, electron...

Havij 1.10 - Persistent Cross-Site Scripting

Havij 1.10 - Persistent Cross-Site Scripting Exploit Title: Havij Persistent XSS =v1.10 Date: 15/6/2010 Author: hexon Version: 1.10 and below Tested on: Windows XP Service Pack 2 Professional, Windows 7 Code : htttp://site.com/file.php?param=XSS Code Havij Persistent XSS =v1.10 By : Hkhexon...

e107 0.7.21 full - Remote File Inclusion Cross-Site Scripting

e107 0.7.21 full - Remote File Inclusion Cross-Site Scripting ======================================================================= e107 0.7.21 full Mullti RFI/XSS Vulnerabilities =======================================================================...

interuse Website Builder design - index2.php SQL Injection

interuse Website Builder design - index2.php SQL Injection ------------------------------------------------------------------------------------------- interuse Website Builder & design index2.php SQL Injection Vulnerability...

Microsoft Windows - SMB2 Negotiate Protocol 0x72 Response Denial of Service

Microsoft Windows - SMB2 Negotiate Protocol 0x72 Response Denial of Service !/usr/bin/python === EDIT – this exploit appears to be exactly the same one of one which was already found and fixed notified by Laurent Gaffié, i did not know this but his blog post can be found here:...

IDEAL Administration 2010 10.2 - Local Buffer Overflow

IDEAL Administration 2010 10.2 - Local Buffer Overflow !/usr/bin/env python IDEAL Administration 2010 v10.2 Local Buffer Overflow Exploit Found By: DrIDE Usage: Migrate - Open Migration Project - Bind Shell Download: www.pointdev.com Tested On: Windows XPSP3 windows/shellbindtcp - 696 bytes...

Alstrasoft AskMe Pro 2.1 - que_id SQL Injection

Alstrasoft AskMe Pro 2.1 - queid SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...

EasyFTP Server 1.7.0.2 - CWD Buffer Overflow (Metasploit)

EasyFTP Server 1.7.0.2 - CWD Buffer Overflow Metasploit Exploit Title: EasyFTP Server 'EasyFTP Server %q This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.2. EasyFTP fails to check input size when parsing 'CWD' commands, which allows for easy stack based buffer overflow...

ZipCentral - .zip File (SEH)

ZipCentral - .zip File SEH !/usr/bin/python Title: ZipCentral .zip SEH exploit Author: TecR0c - http://tecninja.net/blog & http://twitter.com/TecR0c Download: http://downloads.pcworld.com/pub/new/utilities/compression/zcsetup.exe Platform: Windows XP sp3 En VMWARE Greetz to: Corelan Security Team...

eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (1)

eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows 1 Exploit Title : eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Stack BOF Type of sploit: Remote Code Execution Bug found by : loneferret march 19, 2010 Reference :...

Orbital Viewer 1.04 - .orb File Local Universal Overflow (SEH)

Orbital Viewer 1.04 - .orb File Local Universal Overflow SEH !/usr/bin/python Orbital Viewer v1.04 .orb 0day Local Universal SEH Overflow Exploit Date: 27 Feb 2010 CVE: CVE-2010-0688 Download: http://www.orbitals.com/orb/ov.htm Found & exploited by: mrme http://net-ninja.net Greetz to:...

TinyMCE WYSIWYG Editor - Multiple Vulnerabilities

TinyMCE WYSIWYG Editor - Multiple Vulnerabilities + Vurnerebility: Js tinymce/tinymce WYSIWYGjava script vurnerebility xss--popup & SQl implemented + Language : Java--,Xml + lisences : LGPL + Vendor : Moxiecode Systems AB + support : IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02; + Category : bug repo...

Ingres Database 9.3 - Heap Buffer Overflow

Ingres Database 9.3 - Heap Buffer Overflow source: https://www.securityfocus.com/bid/38001/info Ingres Database is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execu...

AOL 9.5 - ActiveX Heap Overflow

AOL 9.5 - ActiveX Heap Overflow Product: AOL 9.5 Vulnerability: ActiveX - Heap Overflow Discussion: Vulnerability is in Activex Control "CDDBControl.dll" Sending a string to BindToFile , triggering the vulnerability. Successful exploitation allow remote attackers to execute arbitrary code. Credit...

Oracle Database - Remote Listener Memory Corruption

Oracle Database - Remote Listener Memory Corruption source: https://www.securityfocus.com/bid/37728/info Oracle Database is prone to a remote memory-corruption vulnerability in Listener. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker does not require privileges to...

Quiz - Cross-Site Scripting

Quiz - Cross-Site Scripting ======================================================================================== | Title : quiz Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -0021377181886...

Best Top List - Cross-Site Scripting

Best Top List - Cross-Site Scripting ======================================================================================== | Title : Best Top List Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi -...

Sitecore Staging Module 5.4.0 - Authentication Bypass File Manipulation

Sitecore Staging Module 5.4.0 - Authentication Bypass File Manipulation SEC Consult Security Advisory ========================================================================== title: Authentication bypass and file manipulation in Sitecore Staging Module products: Sitecore Staging Module vulnerab...

Kaspersky Lab (Multiple Products) - Local Privilege Escalation

Kaspersky Lab Multiple Products - Local Privilege Escalation ShineShadow Security Report 16122009-15 TITLE Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability BACKGROUND Due to its high level of professionalism and dedication, Kaspersky Lab has become a market leader in the...

Tender System 0.9.5b - Local File Inclusion

Tender System 0.9.5b - Local File Inclusion . . \ \ | | / | | / / || | | /\ \ / | |/ // \ / |/ \ \ \ | \ | | / \ | | \ | \ |\ /| || / / / / / / / / / ------------------------------------------------------------------------------------------- Note: TESTED LOCALLY WITH XAMPP FOR...

Vivvo CMS 4.1.5.1 - file Disclosure

Vivvo CMS 4.1.5.1 - file Disclosure waraxe-2009-SA075 - Remote File Disclosure in Vivvo CMS 4.1.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 21. October 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-75.htm...