41207 matches found
Cheese Tracker 0.9.9 - Local Buffer Overflow
Cheese Tracker 0.9.9 - Local Buffer Overflow / by Luigi Auriemma / include include include include define VER "0.1" define CPOS 243 // reader.getfilepos-pcpos define JUNKSZ 500 + CPOS // Uint8 junkbuster500 define OVERFLOW 740 // overflow define BOFSZNUM JUNKSZ + OVERFLOW define BOFSZ JUNKSZ +...
RsGallery2 1.11.2 - rsgallery.html.php File Inclusion
RsGallery2 1.11.2 - rsgallery.html.php File Inclusion RsGallery2 for Joomla --------------------------------------------------------------------------- Discovered: marriottvn Remote : Yes Level : High --------------------------------------------------------------------------- Affected software...
DreamAccount 3.1 - auth.api.php Remote File Inclusion
DreamAccount 3.1 - auth.api.php Remote File Inclusion !/usr/bin/perl use HTTP::Request; use LWP::UserAgent; ---------------------------------------------------- DREAMACCOUNT V3.1 Remote Command Execution Exploit ---------------------------------------------------- Discovered By CrAshoVeRrIdEArabi...
acFTP FTP Server 1.4 - USER Remote Denial of Service
acFTP FTP Server 1.4 - USER Remote Denial of Service / Exploit for : acFTP 1.4 DoS Exploit Advisory : http://secunia.com/advisories/19978/ Coder : Omnipresent Email : [email protected] Description : Preddy has discovered a vulnerability in acFTP, which can be exploited by malicious people to...
Fenice Oms 1.10 - GET Remote Buffer Overflow
Fenice Oms 1.10 - GET Remote Buffer Overflow / IHS Iran Homeland Security public source code Fenice - Open Media Streaming Server remote BOF exploit author : c0d3r "kaveh razavi" [email protected] package : fenice-1.10.tar.gz and prolly prior versions workaround : update after patch release...
BomberClone 0.11.6.2 - Error Messages Remote Buffer Overflow
BomberClone 0.11.6.2 - Error Messages Remote Buffer Overflow / bomberclone include include include include include include include / fork + bind port 31337 - ty izik / char linuxshellcode= "\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02\x89\xe1\xcd\x80"...
Papoo 2.1.2 - Guestbook.php?menuid SQL Injection
Papoo 2.1.2 - Guestbook.php?menuid SQL Injection source: https://www.securityfocus.com/bid/16020/info Papoo is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
Eudora Qualcomm WorldMail 3.0 - IMAPd Remote Overflow
Eudora Qualcomm WorldMail 3.0 - IMAPd Remote Overflow !/usr/bin/python PRE AUTHENTICATION Eudora Qualcomm WorldMail 3.0 IMAPd Service 6.1.19.0 Overflow. Discovered by Tim Shelton - [email protected] Coded by [email protected] Details: SEH gets overwritten at 970 bytes in the LIS...
MidiCart PHP - Item_List.php?SecondGroup SQL Injection
MidiCart PHP - ItemList.php?SecondGroup SQL Injection source: https://www.securityfocus.com/bid/13514/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacke...
Microsoft Windows XP2003 - Remote Denial of Service
Microsoft Windows XP2003 - Remote Denial of Service / Added Line 1 - BSDSOURCE!!!! /str0ke / define BSDSOURCE include include include include include include include include include include include / Windows Server 2003 and XP SP2 remote DoS exploit Tested under OpenBSD 3.6 at WinXP SP 2 Vuln by...
NapShare 1.2 - Remote Buffer Overflow (2)
NapShare 1.2 - Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/11967/info It is reported that NapShare is susceptible to a remote buffer overflow vulnerability. This is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a...
Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote (PoC)
Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote PoC / source: https://www.securityfocus.com/bid/11488/info It is reported that an integer underflow vulnerability is present in the iptables logging rules of the Linux kernel 2.6 branch. A remote attacker may exploit this...
U.S. Robotics USR808054 Wireless Access Point - Web Administration Denial of Service
U.S. Robotics USR808054 Wireless Access Point - Web Administration Denial of Service source: https://www.securityfocus.com/bid/10840/info The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server. When malicious requests are received b...
Invision Power Board (IP.Board) 1.3.1 - Design Error
Invision Power Board IP.Board 1.3.1 - Design Error IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up...
PhotoPost 4.6 - Multiple Vulnerabilities
PhotoPost 4.6 - Multiple Vulnerabilities PhotoPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc Product: PhotoPost Version: = 4.6 Website: http://www.photopost.com/ BID: 9994 CVE: CVE-2004-1870 CVE-2004-1871 OSVDB: 10261 10262 10263 10264 10265 10266 10267 4771 SECUNIA: 11241 Description:...
PostNuke 0.726 Phoenix - Multiple Vulnerabilities
PostNuke 0.726 Phoenix - Multiple Vulnerabilities PostNuke Multiple Vulnerabilities Vendor: PostNuke Product: PostNuke Version: CODE VLID = Should be the valid id number of a file for download. CODE = Any script or HTML etc. Solution: An update has been released regarding the SQL Injection...
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool / SSHBRUTE - OpenSSH/PAM Proof of concept code by Maurizio Agazzini Tested against Red Hat, Mandrake, and Debian GNU/Linux. Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt $ tar xvfz openssh-3.6.1p1.tar.gz $ patch -p0 include...
Apache 1.x2.0.x - Chunked-Encoding Memory Corruption (1)
Apache 1.x2.0.x - Chunked-Encoding Memory Corruption 1 // source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretatio...
Cisco CBOS 2.x - Broadband Operating System TCPIP Stack Denial of Service
Cisco CBOS 2.x - Broadband Operating System TCPIP Stack Denial of Service source: https://www.securityfocus.com/bid/4815/info Cisco Broadband Operating System CBOS is the operating system used on Cisco 600 series routers. When the CBOS TCP/IP stack is forced to process a high number of unusually...
National Instruments LabVIEW 5.1.16.06.1 - HTTP Request Denial of Service
National Instruments LabVIEW 5.1.16.06.1 - HTTP Request Denial of Service source: https://www.securityfocus.com/bid/4577/info A vulnerability has been reported in some versions of National Instruments LabVIEW for Linux and Microsoft Windows. LabVIEW includes an integrated HTTP server. If a...
Brecht Claerhout Sniffit 0.3.6 HIP0.3.7 Beta - Mail Logging Buffer Overflow (3)
Brecht Claerhout Sniffit 0.3.6 HIP0.3.7 Beta - Mail Logging Buffer Overflow 3 // source: https://www.securityfocus.com/bid/1158/info Sniffit is a freely available, open source network monitoring tool. It is designed for use on the Unix and Linux Operating Systems. Sniffit contains a remotely...
Microsoft Internet Explorer 345 Netscape Communicator 4 - IMG Tag Denial of Service
Microsoft Internet Explorer 345 Netscape Communicator 4 - IMG Tag Denial of Service source: https://www.securityfocus.com/bid/3122/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. Multiple malicious IMG tags may cause a denial of...
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands source: https://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an...
Microsoft Windows Server 2000 SP1SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows Server 2000 SP1SP2 - isapi .printer Extension Overflow 1 / iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position...
Solaris 78 - kcms_configure Command-Line Buffer Overflow (2)
Solaris 78 - kcmsconfigure Command-Line Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2558/info The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcmsconfigure, a part of KCMS, is vulnerable to a buffer overflow...
Cisco Catalyst 4000 4.x5.x Catalyst 5000 4.55.x Catalyst 6000 5.x - Memory Leak Denial of Service
Cisco Catalyst 4000 4.x5.x Catalyst 5000 4.55.x Catalyst 6000 5.x - Memory Leak Denial of Service source: https://www.securityfocus.com/bid/2072/info Cisco Catalyst is a high speed switch implemented in local area networks. The telnet server that is built into the Catalyst firmware for remote...
3R Soft MailStudio 2000 2.0 - userreg.cgi Arbitrary Command Execution
3R Soft MailStudio 2000 2.0 - userreg.cgi Arbitrary Command Execution // source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string...
Phorum 3.0.7 - violation.php3 Arbitrary Email Relay
Phorum 3.0.7 - violation.php3 Arbitrary Email Relay source: https://www.securityfocus.com/bid/2272/info Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin...
SCO Unixware 7.1 - varmail Permissions
SCO Unixware 7.1 - varmail Permissions source: https://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet...
Microsoft Internet Explorer 4.x5 Outlook 2000 098 0Express 4.x - ActiveX .CAB File Execution
Microsoft Internet Explorer 4.x5 Outlook 2000 098 0Express 4.x - ActiveX .CAB File Execution Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4,Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet...
FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service (5)
FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service 5 / source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and...
PhpIX 2012 Professional - id SQL Injection
PhpIX 2012 Professional - id SQL Injection Title: PhpIX 2012 Professional - 'id' SQL Injection Date: 2020-02-26 Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search...
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin Strong Testimonials 2.40.0 - Persistent Cross-Site Scripting Date: 2020-01-23 Vendor Homepage: https://strongtestimonials.com Vendor Changelog:...
ExpertGPS 6.38 - XML External Entity Injection
ExpertGPS 6.38 - XML External Entity Injection + Exploit Title: ExpertGPS 6.38 - XML External Entity Injection + Date: 2019-12-07 + Exploit Author: Trent Gordon + Vendor Homepage: https://www.topografix.com/ + Software Link: http://download.expertgps.com/SetupExpertGPS.exe + Disclosed at: 7FEB202...
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting
Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Date: 2020-01-29 Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay...
Rukovoditel Project Management CRM 2.5.2 - entities_id SQL Injection
Rukovoditel Project Management CRM 2.5.2 - entitiesid SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'entitiesid' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage:...
piSignage 2.6.4 - Directory Traversal
piSignage 2.6.4 - Directory Traversal Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application...
NextVPN v4.10 - Insecure File Permissions
NextVPN v4.10 - Insecure File Permissions Exploit Title: NextVPN v4.10 - Insecure File Permissions Date: 2019-12-23 Exploit Author: SajjadBnd Contact: [email protected] Vendor Homepage: https://vm3max.site Software Link:http://dl.spacevm.com/NextVPNSetup-v4.10.exe Version: 4.10 Tested on: Win10...
Product Key Explorer 4.2.0.0 - Name Denial of Service (POC)
Product Key Explorer 4.2.0.0 - Name Denial of Service POC Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe...
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Exploit Title: Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.maxpcsecure.com Tested Version: 19.0.4.020 CVE: N/A + Credits: John Page aka hyp3rlinx +...
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is...
Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)
Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow SEH Exploit Title: Control Center PRO 6.2.9 - Local Stack Based BufferOverflow SEH Date: 2019-11-09 Exploit Author: Samir sanchez garnica @sasaga92 Vendor Homepage: http://www.webgateinc.com/wgi/eng/products/list.php?ecidx1=P610 Softwar...
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API. One of the classes that is allowed to be decoded from the incoming data is NSDictionary...
rConfig 3.9.2 - Remote Code Execution
rConfig 3.9.2 - Remote Code Execution Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662...
Rocket.Chat 2.1.0 - Cross-Site Scripting
Rocket.Chat 2.1.0 - Cross-Site Scripting Title: Rocket.Chat 2.1.0 - Cross-Site Scripting Author: 3H34N Date: 2019-10-22 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 2. Open a chat session 3. Send payload with your web server url 4. Token will be written in...
Joomla! 3.4.6 - Remote Code Execution
Joomla! 3.4.6 - Remote Code Execution Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...
X.Org X Server 1.20.4 - Local Stack Overflow
X.Org X Server 1.20.4 - Local Stack Overflow Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow Date: 2019-10-16 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://www.x.org/ Version: = 1.20.4 Tested on: Linux CVE: CVE-2019-17624 !/usr/bin/python coding: utf-8 Author:...
WebKit - Universal XSS Using Cached Pages
WebKit - Universal XSS Using Cached Pages VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child =...
Webmin 1.920 - Remote Code Execution
Webmin 1.920 - Remote Code Execution !/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html...
Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts
Adobe Acrobat CoolType AFDKO - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...