Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem...

SAP BusinessObjects launch pad - Server-Side Request Forgery

SAP BusinessObjects launch pad - Server-Side Request Forgery Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack...

Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload

Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/...

ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)

ALLPlayer 7.5 - Local Buffer Overflow SEH Unicode !/usr/bin/python Tested on: Windows 10 Professional x86 Exploit for previous version: https://www.exploit-db.com/exploits/42455/ Seems they haven't patched the vulnerability at all :D msfvenom -p windows/exec CMD="calc.exe" -e x86/unicodemixed...

OpenText Documentum Content Server - Arbitrary File Download

OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText...

PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)

PHPMyFAQ 2.9.8 - Cross-Site Scripting 1 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...

Digirez 3.4 - Cross-Site Request Forgery (Update Admin)

Digirez 3.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo:...

WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting

WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting Exploit Title: Wordpress Plugin Participants Database 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link:...

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-catalog/ Software Link: Version: 1.0.7...

Apache2Triad 1.5.4 - Multiple Vulnerabilities

Apache2Triad 1.5.4 - Multiple Vulnerabilities + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net...

Advantech SUSIAccess 3.0 - RecoveryMgmt File Upload

Advantech SUSIAccess 3.0 - RecoveryMgmt File Upload ! /usr/bin/env ruby =begin Exploit Title: Advantech SUSIAccess RecoveryMgmt File Upload Date: 07/31/17 Exploit Author: james fitts Vendor Homepage: http://www.advantech.com/ Version: Advantech SUSIAccess = 3.0 Tested on: Windows 7 SP1 Relavant...

WebKit - WebCore::getCachedWrapper Use-After-Free

WebKit - WebCore::getCachedWrapper Use-After-Free function freememory var a; forvar i=0;i ::get const /Users/projectzero/webki...

Barracuda Load Balancer Firmware 6.0.1.006 - Remote Command Injection (Metasploit)

Barracuda Load Balancer Firmware 6.0.1.006 - Remote Command Injection Metasploit Exploit Title: Barracuda Load Balancer Firmware 'Barracuda Load Balancer Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Load Balancer Firmware Version = v6.0.1.006 2016-08-...

Joomla! 3.7 - SQL Injection

Joomla! 3.7 - SQL Injection --==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 333333; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px...

IBM Informix Dynamic Server - Code Injection Remote Code Execution

IBM Informix Dynamic Server - Code Injection Remote Code Execution !/usr/local/bin/python """ IBM Informix Dynamic Server doconfig PHP Code Injection Remote Code Execution Vulnerability 0DAY Bonus: free XXE bug included! Download:...

Net Monitor for Employees Pro 5.3.4 - Unquoted Service Path Privilege Escalation

Net Monitor for Employees Pro 5.3.4 - Unquoted Service Path Privilege Escalation Exploit Title: Unquoted Service Path Privilege Escalation - Net Monitor for Employees Pro gmail.com, saeid Nsecurity.org Linkedin: https://www.linkedin.com/in/saeidatabaki Vendor Homepage: http://networklookout.com/...

reiserfstune 3.6.25 - Local Buffer Overflow

reiserfstune 3.6.25 - Local Buffer Overflow + Title: reiserfstune 3.6.25 – Local Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A - Download -...

CMS Web-Gooroo 1.141 - Multiple Vulnerabilities

CMS Web-Gooroo 1.141 - Multiple Vulnerabilities Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad...

OV3 Online Administration 3.0 - Remote Code Execution

OV3 Online Administration 3.0 - Remote Code Execution !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...

Cisco DPC3928 Router - Arbitrary File Disclosure

Cisco DPC3928 Router - Arbitrary File Disclosure Vulnerability Summary The following advisory describes an arbitrary file disclosure vulnerability found in Cisco DPC3928AD DOCSIS 3.0 2-PORT Voice Gateway. The Cisco DPC3928AD DOCSIS is a home wireless router that is currently "Out of support" but ...

Dmitry 1.3a - Local Buffer Overflow (PoC)

Dmitry 1.3a - Local Buffer Overflow PoC Exploit Title: DmitryDeepmagic Information Gathering Tool Local Stack Buffer Overflow CVE: CVE-2017-7938 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/ Versio...

SpiceWorks 7.5 TFTP - Remote File Overwrite Upload

SpiceWorks 7.5 TFTP - Remote File Overwrite Upload + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt + ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com...

Kinsey InforLawson ESBUS - SQL Injection

Kinsey InforLawson ESBUS - SQL Injection Exploit Title: Kinsey Infor / Lawson ESBUS - Multiple SQL Injections Date: 3/10/2017 Exploit Author: Michael Benich Vendor homepage: http://www.kinsey.com/infor-lawson.html Version: ALL Tested on: Windows Server 2008 R2; MySQL ver 5.5 CVE: CVE-2017-6550...

WordPress Multiple Plugins - Arbitrary File Upload

WordPress Multiple Plugins - Arbitrary File Upload import requests import random import string print "---------------------------------------------------------------------" print "Multiple Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir...

Teradici Management Console 2.2.0 - Privilege Escalation

Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...

Geutebrueck GCore 1.3.8.421.4.2.37 - Remote Code Execution (Metasploit)

Geutebrueck GCore 1.3.8.421.4.2.37 - Remote Code Execution Metasploit Exploit Title: Geutebrueck GCore X64 Full RCE Bufferoverflow for Metasploit Date: 20170125 Exploit Author: Luca Cappiello, Maurice Popp ContactTwitter: @dopamined, @m4p0 Github: https://github.com/m4p0/GeutebrueckGCoreX64RCEBO...

NTOPNG 2.4 Web Interface - Cross-Site Request Forgery

NTOPNG 2.4 Web Interface - Cross-Site Request Forgery + + Credits / Discovery: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt + ISR: ApparitionSEC + Vendor: ============ www.ntop.org Product:...

Micro Blog Script - SQL Injection

Micro Blog Script - SQL Injection Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Tested on: http://www.microblogscript.scriptgiant.in Script Name: Micro Blog Script Author: Ihsan Sencan Author Web: http://ihsan.net Mail :...

Apple OS X Yosemite - flow_divert-heap-overflow Kernel Panic

Apple OS X Yosemite - flowdivert-heap-overflow Kernel Panic / flowdivert-heap-overflow.c Brandon Azad CVE-2016-1827: Kernel heap overflow in the function flowdiverthandleappmapcreate on OS X and iOS. Exploitation requires root privileges. The vulnerability was patched in OS X El Capitan 10.11.5 a...

Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution

Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the...

UCanCode - Multiple Vulnerabilities

UCanCode - Multiple Vulnerabilities UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm Description: Form vendor's web page "UCanCode Software is a Market Leading provider of HMI & SCADA, CAD, UML, GIS,...

SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection

SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909...

Microsoft Internet Explorer 8 - jscript Reg­Exp­Base::FBad­Header Use-After-Free (MS15-018)

Microsoft Internet Explorer 8 - jscript Reg­Exp­Base::FBad­Header Use-After-Free MS15-018 // This Po­C attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new Reg­Exp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g";...

EditMe CMS - Cross-Site Request Forgery (Add Admin)

EditMe CMS - Cross-Site Request Forgery Add Admin Document Title: =============== EditMe CMS - CSRF Privilege Escalate Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1996 Release Date: ============= 2016-11-14 Vulnerability Laboratory...

Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)

Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow PoC Exploit Title: Micro Focus Rumba function vuln // 272 Junk Data // 272 + "\x43\x43\x43\x43" = EDX = 43434343 // // If we change the edx to an address that point to a valid address // We will have control over EIP // 0x20302228 // Overwrite...

CherryTree 0.36.9 - Memory Corruption (PoC)

CherryTree 0.36.9 - Memory Corruption PoC !/usr/bin/python CherryTree 0.36.9 - Memory Corruption PoC by n30m1nd Date: 2016-10-27 PoC Author: n30m1nd Vendor Homepage: http://www.giuspen.com/cherrytree/ Software Link: http://www.giuspen.com/software/cherrytree0.36.9setup.exe Version: Affects all...

Oracle BI Publisher 11.1.1.6.011.1.1.7.011.1.1.9.012.2.1.0.0 - XML External Entity Injection

Oracle BI Publisher 11.1.1.6.011.1.1.7.011.1.1.9.012.2.1.0.0 - XML External Entity Injection Exploit Title: Oracle BI Publisher formerly XML Publisher - XML External Entity Injection w/o authentication Date: 20\10\2016 Exploit Author: Jakub Palaczynski CVE : CVE-2016-3473 Vendor Homepage:...

Kajona 4.7 - Cross-Site Scripting Directory Traversal

Kajona 4.7 - Cross-Site Scripting Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: Kajona 4.7 Fixed in: 5.0 Fixed Version Link: https://www.kajona.de/en/Downloads/downloads.getkajona.html Vendor Website: https://www.kajona.de/ Vulnerability Type: XSS...

Ktools Photostore 4.7.5 - Multiple Vulnerabilities

Ktools Photostore 4.7.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ktools Photostore = 4.7.5 Multiple Vulnerabilities Bug discovered by Yakir Wizman Date 01/07/2016 Affected versions prior to 4.7.5 Vendor Homepage - http://www.ktools.net...

Symphony CMS 2.6.7 - Session Fixation

Symphony CMS 2.6.7 - Session Fixation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt + ISR: APPARITIONSEC Vendor: ==================== www.getsymphony.com Product: ==================...

EduSec 4.2.5 - SQL Injection

EduSec 4.2.5 - SQL Injection EduSec 4.2.5 Multiple SQL Injection Vulnerabilities Vendor: Rudra Softech Product web page: http://www.rudrasoftech.com Affected version: 4.2.5 Summary: EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is...

Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)

Meteocontrol WEB’log - Admin Password Disclosure Metasploit Exploit Title: Meteocontrol WEB'log - Extract Admin password Discovered by: Karn Ganeshen Vendor Homepage: http://www.meteocontrol.com/en/ Versions Reported: All Meteocontrol WEB'log versions CVE-ID: CVE-2016-2296 Meteocontrol WEB'log -...

FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation

FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation ----------------------------------- Exploit Title: Filezilla 3.17.0.0 windows installer Privileges Escalation via unquoted path vulnerability Date: 08/05/2016 Exploit Author: Cyril Vallicari Vendor Homepage:...

Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution

Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution + Credits: Maxim Tomashevich from Thegrideon Software + Website: https://www.thegrideon.com/ + Details: https://www.thegrideon.com/qb-internals-sql.html Vendor: --------------------- www.intuit.com www.intuit.ca www.intuit.co.uk...

Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation

Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation Certec EDV atvise SCADA server 2.5.9 Privilege Escalation Vulnerability Vendor: Certec EDV GmbH Product web page: http://www.atvise.com Affected version: 2.5.9 Summary: atvise scada is based on newest technologies and standards:...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...

Mess Emulator 0.154-3.1 - Local Buffer Overflow

Mess Emulator 0.154-3.1 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Multi Emulator Super System MESS Version: 0.154-3.1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description: MESS is...

Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation

Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=738 A major component of Comodo Antivirus is the x86 emulator, which includes a number of shims for win32 API routines so that common API calls work in emulated...

iTop 2.2.1 - Cross-Site Request Forgery

iTop 2.2.1 - Cross-Site Request Forgery Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016...