41207 matches found
Dmitry 1.3a - Local Buffer Overflow (PoC)
Dmitry 1.3a - Local Buffer Overflow PoC Exploit Title: DmitryDeepmagic Information Gathering Tool Local Stack Buffer Overflow CVE: CVE-2017-7938 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/ Versio...
ExtraPuTTY 0.29-RC2 - Denial of Service
ExtraPuTTY 0.29-RC2 - Denial of Service + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================== www.extraputty.com Product:...
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell...
Joomla! Component GPS Tools 4.0.1 - SQL Injection
Joomla! Component GPS Tools 4.0.1 - SQL Injection Exploit Title: Joomla! Component GPS Tools v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comgpstools Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy:...
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Google Android - android.util.MemoryIntArray Ashmem Race Conditions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1002 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...
Posnic Stock Management System - SQL Injection
Posnic Stock Management System - SQL Injection --==IndiSh3LL==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR:...
SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection
SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909...
ScriptCase 8.1.053 - Multiple Vulnerabilities
ScriptCase 8.1.053 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product:...
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored...
InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials
InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03...
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI...
CherryTree 0.36.9 - Memory Corruption (PoC)
CherryTree 0.36.9 - Memory Corruption PoC !/usr/bin/python CherryTree 0.36.9 - Memory Corruption PoC by n30m1nd Date: 2016-10-27 PoC Author: n30m1nd Vendor Homepage: http://www.giuspen.com/cherrytree/ Software Link: http://www.giuspen.com/software/cherrytree0.36.9setup.exe Version: Affects all...
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation MS16-118 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=879 Windows: Edge/IE Isolated Private Namespace Insecure DACL EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not...
SquirrelMail 1.4.7 - Arbitrary Variable Overwrite
SquirrelMail 1.4.7 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: SquirrelMail Product: SquirrelMail Version: = 1.4.7 Website: http://www.squirrelmail.org BID: 19486 CVE: CVE-2006-4019 OSVDB: 27917 SECUNIA: 21354 Description: SquirrelMail is a standards-based...
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
Ktools Photostore 4.7.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ktools Photostore = 4.7.5 Multiple Vulnerabilities Bug discovered by Yakir Wizman Date 01/07/2016 Affected versions prior to 4.7.5 Vendor Homepage - http://www.ktools.net...
Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)
Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion MS16-063 !-- CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion ============================================================================ This information is available in an easier to read...
VirIT Explorer Lite Pro 8.1.68 - Local Privilege Escalation
VirIT Explorer Lite Pro 8.1.68 - Local Privilege Escalation / Full title: VirIT Explorer Lite & Pro v.8.1.68 Local Privilege Escalation System/Arbitrary Code Execution Exploit Author: Paolo Stagno - [email protected] Vendor Homepage: http://www.tgsoft.it Version: VirIT Explorer Lite & Pro...
Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution
Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution + Credits: Maxim Tomashevich from Thegrideon Software + Website: https://www.thegrideon.com/ + Details: https://www.thegrideon.com/qb-internals-sql.html Vendor: --------------------- www.intuit.com www.intuit.ca www.intuit.co.uk...
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities Vendor: Asbru Ltd. Product web page: http://www.asbrusoft.com Affected version: 9.2.7 Summary: Ready to use, full-featured, database-driven web content...
Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation
Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=738 A major component of Comodo Antivirus is the x86 emulator, which includes a number of shims for win32 API routines so that common API calls work in emulated...
PHPLib 7.4 - SQL Injection
PHPLib 7.4 - SQL Injection PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067)
Microsoft Windows - NetAPI32.dll Code Execution Python MS08-067 import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from impacket import uuid from impacket import dcerpc from impacket.dcerpc.v5 import...
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference !/usr/bin/python Title: IBM Tivoli Storage Manager FastBack Server 5.5.4.2 Invalid Pointer Dereference Date: 14 December 2015 Author: Gianni Gnesa gnix Vendor Homepage: http://www.ibm.com/ Software Name: IBM Tivoli...
iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions
iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 6.30.04 Build 6300400 Summary: Modular and automated...
PHP Utility Belt - Remote Code Execution
PHP Utility Belt - Remote Code Execution Exploit Title : PHP utility belt Remote Code Execution vulnerability Author : WICS Date : 8/12/2015 Software Link : https://github.com/mboynes/php-utility-belt Overview: PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible...
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities ----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |..........................
Acunetix WVS 10 - Local Privilege Escalation
Acunetix WVS 10 - Local Privilege Escalation ''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege...
RHEL 7.07.1 - abrtsosreport Local Privilege Escalation
RHEL 7.07.1 - abrtsosreport Local Privilege Escalation !/usr/bin/python CVE-2015-5287 ? abrt/sosreport RHEL 7.0/7.1 local root rebel 09/2015 user@localhost $ python sosreport-rhel7.py crashing pid 19143 waiting for dump directory dump directory: /var/tmp/abrt/ccpp-2015-11-30-19:41:13-19143 waitin...
D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities
D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: DIR-866L Buffer overflows in HNAP and send email functionalities Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with...
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution Denial of Service)
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script Code Execution Denial of Service Exploit Title: eBay Magento CE = 1.9.2.1 Unrestricted Cron Script Potential Code Execution / DoS Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: http://magento.com Version: eBay Magento CE = 1.9.2...
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting Cross-Site Request Forgery
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting Cross-Site Request Forgery Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client...
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal Exploit Title: F5 BigIP File Path Traversal Vulnerability Discovered by: Karn Ganeshen Reported on: April 27, 2015 New version released on: September 01, 2015 Vendor Homepage: www.f5.com Version Reported: F5 BIG-IP 10.2.4 Build 595.0...
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
ManageEngine OpManager 11.5 - Multiple Vulnerabilities Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded...
OpenLDAP 2.4.42 - ber_get_next Denial of Service
OpenLDAP 2.4.42 - bergetnext Denial of Service Exploit Title: OpenLDAP 2.4.42 bergetnext DOS Date: 11/09/15 Exploit Author: Denis Andzakovic - Security-Assessment.com Vendor Homepage: http://www.openldap.org/ Software Link: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.42.tgz...
Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec Source: https://code.google.com/p/google-security-research/issues/detail?id=425&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id To reproduce, host the attached files appropriately and:...
Watchguard XCS 10.0 - Multiple Vulnerabilities
Watchguard XCS 10.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Watchguard XCS Multiple Vulnerabilities Affected versions: Watchguard XCS =10.0 PDF:...
Koha 3.20.1 - Multiple SQL Injections
Koha 3.20.1 - Multiple SQL Injections Exploit Title: Koha Open Source ILS - Unauthenticated SQL Injection in OPAC Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research...
Apexis IP CAM - Information Disclosure
Apexis IP CAM - Information Disclosure Exploit Title: Apexis IP CAM - Full Info Disclosure Google Dork: inurl:"getstatus.cgi"cgi-bin/ Date: 01/06/2015 Exploit Author: Sunplace Solutions - Soluciones Informáticas - RE Remoteexecution.net Vendor Homepage: http://www.apexis.com.cn/ Tested on: Linux...
Cisco AnyConnect Secure Mobility 2.x3.x4.x - Client Denial of Service (PoC)
Cisco AnyConnect Secure Mobility 2.x3.x4.x - Client Denial of Service PoC !-- Cisco AnyConnect Secure Mobility Client Remote Command Execution Vendor: Cisco Systems, Inc. Product web page: http://www.cisco.com Affected version: 2.x 3.0 3.0.0A90 3.1.0472 3.1.05187 3.1.06073 3.1.06078 3.1.06079...
Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash (PoC)
Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC Exploit Title: Buffer Overflow in Oracle� Hyperion Smart View for Office DOS Exploit Author: sajith Vendor Homepage: http://oracle.com vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157 Vulnerable Link:...
Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC)
Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-3631poc.c The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel...
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies Discovered by- Mayuresh Dani [email protected] Narendra Shinde [email protected] Vendor Homepage: http://www.exponentcms.org/ Software Link:...
VideoSpirit-Pro-1.68
"VideoSpirit Pro is the most easily used Video Converter/Editor tools. For acting as a Video Editor, various slide effect/title/subtitle can be added to a video clip. Also, the video clip can be rotated, resized and warped. Multiple video/audio clips can be joined together. Converting speed is fa...
PhotoPost Classifieds 2.01 - Multiple Vulnerabilities
PhotoPost Classifieds 2.01 - Multiple Vulnerabilities PhotoPost Classifieds Multiple Vulnerabilities Vendor: All Enthusiast, Inc. Product: PhotoPost Classifieds Version: = 2.01 Website: http://www.photopost.com/class/ BID: 12156 OSVDB: 12728 12729 12730 12731 12732 12733 12734 12735 12736 12737...
WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload
WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload Exploit Title: Photo Gallery 1.2.5 Unrestricted File Upload Date: 11-11-2014 Software Link: https://wordpress.org/plugins/photo-gallery/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...
Cart Engine 3.0 - Multiple Vulnerabilities
Cart Engine 3.0 - Multiple Vulnerabilities === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially...
ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)
ManageEngine Password Manager - MetadataServlet.dat SQL Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3 "ManageEngine...
SHARP MX Series - Denial of Service
SHARP MX Series - Denial of Service Exploit Title: SHARP MX Series - Denial Of Service Date: 08/08/2014 Exploit Author: pws Vendor Homepage: Sharp Printers Firmware Link: Not found Tested on: Latest version Shodan d0rk: "SHARP Telnet server" 4000 devices CVE : None yet $ python -c 'print "A"200 +...
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751...