Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation

Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=738 A major component of Comodo Antivirus is the x86 emulator, which includes a number of shims for win32 API routines so that common API calls work in emulated...

iTop 2.2.1 - Cross-Site Request Forgery

iTop 2.2.1 - Cross-Site Request Forgery Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016...

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5...

WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities

WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === LSE Leading Security Experts GmbH - Security Advisory 2016-01-01 === Wordpress ProjectTheme Multiple Vulnerabilities - -...

phpRPC 0.7 - Remote Code Execution

phpRPC 0.7 - Remote Code Execution phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use...

iScripts EasyCreate 3.0 - Remote Code Execution

iScripts EasyCreate 3.0 - Remote Code Execution !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This softwa...

NETGEAR WNR1000v4 - Authentication Bypass

NETGEAR WNR1000v4 - Authentication Bypass ''' Exploit Title: NetgearWNR1000v4AuthBypass Google Dork: - Date: 06.10.2015 Exploit Author: Daniel Haake Vendor Homepage: http://www.netgear.com/ Software Link: http://downloadcenter.netgear.com/en/product/WNR1000v4 Version: N300 router firmware version...

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of...

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference !/usr/bin/python Title: IBM Tivoli Storage Manager FastBack Server 5.5.4.2 Invalid Pointer Dereference Date: 14 December 2015 Author: Gianni Gnesa gnix Vendor Homepage: http://www.ibm.com/ Software Name: IBM Tivoli...

WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities

WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities ----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |..........................

TECO SG2 LAD Client 3.51 - .gen Overwrite Buffer Overflow (SEH)

TECO SG2 LAD Client 3.51 - .gen Overwrite Buffer Overflow SEH !/usr/bin/perl TECO SG2 LAD Client 3.51 SEH Overwrite Buffer Overflow Exploit Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Download: http://globalsa.teco.com.tw/supportdownload.aspx?KindID=9...

D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities

D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: DIR-866L Buffer overflows in HNAP and send email functionalities Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with...

eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution Denial of Service)

eBay Magento CE 1.9.2.1 - Unrestricted Cron Script Code Execution Denial of Service Exploit Title: eBay Magento CE = 1.9.2.1 Unrestricted Cron Script Potential Code Execution / DoS Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: http://magento.com Version: eBay Magento CE = 1.9.2...

netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities

netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities Exploit Title: netis RealTek wireless router / ADSL modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: Vulnerability? What's this? Vendor Homepage: www.netis-systems.com...

ZYXEL PMG5318-B20A - OS Command Injection

ZYXEL PMG5318-B20A - OS Command Injection Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...

F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal

F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal Exploit Title: F5 BigIP File Path Traversal Vulnerability Discovered by: Karn Ganeshen Reported on: April 27, 2015 New version released on: September 01, 2015 Vendor Homepage: www.f5.com Version Reported: F5 BIG-IP 10.2.4 Build 595.0...

ManageEngine OpManager 11.5 - Multiple Vulnerabilities

ManageEngine OpManager 11.5 - Multiple Vulnerabilities Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded...

Symantec Endpoint Protection 12.1.4013 - Service Disabling

Symantec Endpoint Protection 12.1.4013 - Service Disabling Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection...

WordPress Plugin S3Bubble Cloud Video With Adverts Analytics 0.7 - Arbitrary File Download

WordPress Plugin S3Bubble Cloud Video With Adverts Analytics 0.7 - Arbitrary File Download Exploit Title: Wordpress S3Bubble Cloud Video With Adverts & Analytics - Arbitrary File Download Google Dork: inurl:/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/ Date: 04/07/2015 Exploit Author:...

ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting

ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting Title: =============== ManageEngine Asset Explorer v6.1 - XSS Vulnerability CVE-ID: ==================================== CVE-2015-2169 CVSS: ==================================== 3.5 Product & Service Introduction Taken from their...

ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities

ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1501 Release Date: ============= 2015-06-19...

Apexis IP CAM - Information Disclosure

Apexis IP CAM - Information Disclosure Exploit Title: Apexis IP CAM - Full Info Disclosure Google Dork: inurl:"getstatus.cgi"cgi-bin/ Date: 01/06/2015 Exploit Author: Sunplace Solutions - Soluciones Informáticas - RE Remoteexecution.net Vendor Homepage: http://www.apexis.com.cn/ Tested on: Linux...

Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting

Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting =============================================================================== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script...

Invision Power Board (IP.Board) 2.0.3 - Multiple Vulnerabilities

Invision Power Board IP.Board 2.0.3 - Multiple Vulnerabilities IP.Board Multiple Vulnerabilities Vendor: Invision Power Services Product: IP.Board Version: = 2.0.3 Website: http://www.invisionboard.com/ BID: 13529 13534 CVE: CVE-2005-1597 CVE-2005-1598 OSVDB: 16297 16298 SECUNIA: 15265 PACKETSTOR...

Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation

Apport 2.14.1 Ubuntu 14.04.2 - Local Privilege Escalation !/bin/sh CVE-2015-1318 Reference: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1438758 Example: % uname -a Linux maggie 3.13.0-48-generic 80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x8664 x8664 x8664 GNU/Linux % lsbrelease -a No LS...

Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change

Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change !/bin/bash Shuttle Tech ADSL Modem-Router 915 WM Unauthenticated Remote DNS Change Exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Description: The vulnerability exist in the web interface, which is accessible without...

VSAT Sailor 900 - Remote Overflow

VSAT Sailor 900 - Remote Overflow / File : satcompwn.c - VSAT SAILOR SAT COM 900 Remote 0day Author : Nicholas Lemonias This is proprietary source code material of Advanced Information Security Corporation. Usage, distribution and modifications are pursuant to our terms of agreement. Copyright c...

IceCream Ebook Reader 1.41 - Crash (PoC)

IceCream Ebook Reader 1.41 - Crash PoC Exploit Title: Icecream Ebook Reader v1.41 .mobi/.prc Denial of Service Date: 23/01/2015 Exploit Author: Kapil Soni Twitter: @Haxinos Vendor Homepage: http://icecreamapps.com/ Version: Icecream Ebook Reader v1.41 Tested on: Windows XP SP2 Technical Details &...

QQPlayer-asx-File-Processing-Buffer-Overflow

Title: QQPlayer asx File Processing Buffer Overflow Exploit Author: Li Qingshan of Information Security Engineering Center,School of Software and Microelectronics,Peking University Vendor: www.qq.com head =''' ''' payload=head+junk+nseh+seh+adjust+shellcode+junk+foot fobj = open"poc.asx","w"...

MP3-Nator-Buffer-Overflow

Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://files.brothersoft.com/mp3audio/players/mp3nator.zip filename = 'crash.plf' ./msfpayload windows/exec CMD=calc EXITFUNC=seh R |...

DVD-X-Player-5.5-Pro-SEH

DVD X Player 5.5 Pro Bypass ASLR by using non-aslr enabled module SEH Overwrite Egghunter is not needed as there is at least 2000 bytes for shellcode import sys print "====================================" print "DVD X Player 5.5 Pro Buffer Overflow" print " SEH Overwrite - Bypass ASLR " print "...

CoolPlayer-Portable-2.19.2

Buffer overflow that bypasses ASLR by using a non-aslr module Tested against CoolPlayer Portable version 2.19.2 on Windows Vista Business 32 bit Written by Blake patched by pole Originally found by Securityxxxpert print "\n=====================================" print "CoolPlayer Portable Buffer...

IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution

IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution...

Enalean Tuleap 7.4.99.5 - Blind SQL Injection

Enalean Tuleap 7.4.99.5 - Blind SQL Injection Vulnerability title: Tuleap &globalfiltersubmit=Apply HTTP/1.1 Host: 192.168.56.108 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Languag...

Dell EqualLogic Storage - Directory Traversal

Dell EqualLogic Storage - Directory Traversal Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage Date: 09/2013 Exploit Author: Mauricio Pampim Corr�a Vendor Homepage: www.dell.com Version: 6.0 Tested on: Equipment Model Dell EqualLogic PS4000 CVE : CVE-2013-3304 The...

ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)

ManageEngine Password Manager - MetadataServlet.dat SQL Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3 "ManageEngine...

IBM GCM1632 1.20.0.22575 - Multiple Vulnerabilities

IBM GCM1632 1.20.0.22575 - Multiple Vulnerabilities Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. Versions v1.20.0.22575 and prior are vulnerables. Note that this vulnerability is also present in some DELL and...

Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting

Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751...

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact:...

Motorola SBG901 Wireless Modem - Cross-Site Request Forgery

Motorola SBG901 Wireless Modem - Cross-Site Request Forgery Exploit Title : Motorola SBG901 Wireless Modem CSRF Vulnerability Google dork : N/A Exploit Author: Blessen Thomas Date : 06/01/2014 Vendor Homepage : http://www.arrisi.com/modems/ Software Link : N/A Version : Motorola SBG901 Wireless...

PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author...

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...

Titan FTP Server 10.32 Build 1816 - Directory Traversal

Titan FTP Server 10.32 Build 1816 - Directory Traversal "Titan FTP Server Directory Traversal Vulnerabilities" - Affected Vendor: South River Technologies - Affected System: Titan FTP Server software Version 10.32 Build 1816 - Vendor Disclosure Date: January 27th, 2014 - Public Disclosure Date:...

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery (Admin Account Manipulation)

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery Admin Account Manipulation source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site...

Elite Graphix ElitCMS 1.01 PRO - Multiple Web Vulnerabilities

Elite Graphix ElitCMS 1.01 PRO - Multiple Web Vulnerabilities Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18...

HP Data Protector - Remote Command Execution

HP Data Protector - Remote Command Execution """ HP Data Protector Arbitrary Remote Command Execution This script allows to execute a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory installpath/bin/. The...

FluxBB 1.5.3 - Multiple Vulnerabilities

FluxBB 1.5.3 - Multiple Vulnerabilities !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-site scripting,...

MCImageManager - Multiple Vulnerabilities

MCImageManager - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/61825/info MCImageManager is prone to multiple security vulnerabilities. An attacker may exploit these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the...

McAfee ePO 4.6.6 - Multiple Vulnerabilities

McAfee ePO 4.6.6 - Multiple Vulnerabilities Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in McAfee ePO 4.6.6 Affected Product: McAfee ePO 4.6.6 Build 176 & potentially earlier versions Timeline: 08 June 2013 - Vulnerability found 12 June 2013 - Vendo...

Mobile Atlas Creator 1.9.12 - Persistent Command Injection

Mobile Atlas Creator 1.9.12 - Persistent Command Injection Title: ====== Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability Date: ===== 2013-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=970 VL-ID: ===== 970 Common Vulnerability Scoring...