41207 matches found
OrientDB - Code Execution
OrientDB - Code Execution Vulnerability Summary The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code. OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product. The first and...
Yaws 1.91 - Remote File Disclosure
Yaws 1.91 - Remote File Disclosure + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========...
Microsoft Windows - nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationWorkerFactory WorkerFactoryBasicInformation Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the...
Logpoint 5.6.4 - Root Remote Code Execution
Logpoint 5.6.4 - Root Remote Code Execution Exploit Title: Unauthenticated remote root code execution on logpoint 5.6.4 Date: 11/06/17 Exploit Author: agix Vendor Homepage: https://www.logpoint.com Version: logpoint 5.6.4 Tested on: 5.6.2 Vendor contact 19/04 Exploit details sent to the vendor...
reiserfstune 3.6.25 - Local Buffer Overflow
reiserfstune 3.6.25 - Local Buffer Overflow + Title: reiserfstune 3.6.25 – Local Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A - Download -...
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - Remote Code Execution !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...
Linux Kernel 4.8.0 UDEV 232 - Local Privilege Escalation
Linux Kernel 4.8.0 UDEV 232 - Local Privilege Escalation / Title: Linux Kernel 4.8.0 udev 232 - Privilege Escalation Author: Nassim Asrir Researcher at: Henceforth Author contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ The full Research:...
D-Link DIR-615 - Cross-Site Request Forgery
D-Link DIR-615 - Cross-Site Request Forgery Title: ==== D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Pratik S. Shah Reference: ========= CVE Details: CVE-2017-7398. Date: ==== 1-04-2017 Vendor: ====== D-Link wireless router...
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v1.58 - Arbitrary File...
Kinsey InforLawson ESBUS - SQL Injection
Kinsey InforLawson ESBUS - SQL Injection Exploit Title: Kinsey Infor / Lawson ESBUS - Multiple SQL Injections Date: 3/10/2017 Exploit Author: Michael Benich Vendor homepage: http://www.kinsey.com/infor-lawson.html Version: ALL Tested on: Windows Server 2008 R2; MySQL ver 5.5 CVE: CVE-2017-6550...
WordPress Multiple Plugins - Arbitrary File Upload
WordPress Multiple Plugins - Arbitrary File Upload import requests import random import string print "---------------------------------------------------------------------" print "Multiple Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir...
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityinuserloginlogwordpressplugin.html Abstract A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress Plugin. This issue can be...
Teradici Management Console 2.2.0 - Privilege Escalation
Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...
Posnic Stock Management System - SQL Injection
Posnic Stock Management System - SQL Injection --==IndiSh3LL==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR:...
Geutebrueck GCore 1.3.8.421.4.2.37 - Remote Code Execution (Metasploit)
Geutebrueck GCore 1.3.8.421.4.2.37 - Remote Code Execution Metasploit Exploit Title: Geutebrueck GCore X64 Full RCE Bufferoverflow for Metasploit Date: 20170125 Exploit Author: Luca Cappiello, Maurice Popp ContactTwitter: @dopamined, @m4p0 Github: https://github.com/m4p0/GeutebrueckGCoreX64RCEBO...
NTOPNG 2.4 Web Interface - Cross-Site Request Forgery
NTOPNG 2.4 Web Interface - Cross-Site Request Forgery + + Credits / Discovery: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt + ISR: ApparitionSEC + Vendor: ============ www.ntop.org Product:...
OpenSSL 1.1.0a1.1.0b - Denial of Service
OpenSSL 1.1.0a1.1.0b - Denial of Service Exploit Title: OpenSSL 1.1.0a & 1.1.0b Heap Overflow Remote DOS vulnerability Date: 11-12-2016 Software Link: https://www.openssl.org/source/old/1.1.0/ Exploit Author: Silverfox Contact: http://twitter.com/Silverfox Website: https://www.silverf0x00.com/ CV...
VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to...
NodCMS - PHP Code Execution
NodCMS - PHP Code Execution !-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept:...
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE product: RSA Enterprise Compromise Assessment Tool ECA...
Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities + Credits: John Page hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSRF.txt + ISR: ApparitionSec Vendor: =============== www.nagios.co...
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload Exploit Title: GRR = 3.0.0-RC1 all versions RCE with privilege escalation through file upload filter bypass authenticated Date: January 7th, 2016 Exploit Author: kmkz Bourbon Jean-marie | @kmkzsecurity Vendo...
WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting
WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting Persistent Cross-Site Scripting in WordPress Activity Log plugin Han Sahin Abstract A stored Cross-Site Scripting XSS vulnerability has been found in the WordPress Activity Log plugin. By using this vulnerability an attacker ca...
24online SMS_2500i 8.3.6 build 9.0 - SQL Injection
24online SMS2500i 8.3.6 build 9.0 - SQL Injection Exploit Title: SQL Injection In 24 Online Billing API Date: 03/07/2016 Exploit Author: Rahul Raz Vendor Homepage: http://24onlinebilling.com Software Name:24online Model SMS2500i Version: 8.3.6 build 9.0 Tested on: Ubuntu Linux Potentially others...
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
Ktools Photostore 4.7.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ktools Photostore = 4.7.5 Multiple Vulnerabilities Bug discovered by Yakir Wizman Date 01/07/2016 Affected versions prior to 4.7.5 Vendor Homepage - http://www.ktools.net...
Symphony CMS 2.6.7 - Session Fixation
Symphony CMS 2.6.7 - Session Fixation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt + ISR: APPARITIONSEC Vendor: ==================== www.getsymphony.com Product: ==================...
FireEye - Malware Input Processor Privilege Escalation
FireEye - Malware Input Processor Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=670 The mip user is already quite privileged, capable of accessing sensitive network data. However, as the child process has supplementary gid contents, there is a very simple...
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5...
PHPLib 7.4 - SQL Injection
PHPLib 7.4 - SQL Injection PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...
D-Link DVGN5402SP - Multiple Vulnerabilities
D-Link DVGN5402SP - Multiple Vulnerabilities Exploit Title: DLink DVGN5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVGN5402SP File Path Traversal...
NETGEAR WNR1000v4 - Authentication Bypass
NETGEAR WNR1000v4 - Authentication Bypass ''' Exploit Title: NetgearWNR1000v4AuthBypass Google Dork: - Date: 06.10.2015 Exploit Author: Daniel Haake Vendor Homepage: http://www.netgear.com/ Software Link: http://downloadcenter.netgear.com/en/product/WNR1000v4 Version: N300 router firmware version...
D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities
D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed...
ZHONE S3.0.501 - Multiple Remote Code Execution Vulnerabilities
ZHONE S3.0.501 - Multiple Remote Code Execution Vulnerabilities Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA,...
netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities
netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities Exploit Title: netis RealTek wireless router / ADSL modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: Vulnerability? What's this? Vendor Homepage: www.netis-systems.com...
ZYXEL PMG5318-B20A - OS Command Injection
ZYXEL PMG5318-B20A - OS Command Injection Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation CVE-2015-5889: issetugid + rsh + libmalloc osx local root tested on osx 10.9.5 / 10.10.5 jul/2015 by rebel import os,time,sys env = s = os.stat"/etc/sudoers".stsize env'MallocLogFile' = '/etc/crontab' env'MallocStackLogging' =...
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
ManageEngine OpManager 11.5 - Multiple Vulnerabilities Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded...
Sysax Multi Server 6.40 - SSH Component Denial of Service
Sysax Multi Server 6.40 - SSH Component Denial of Service ''' Exploit title: Sysax Multi Server 6.40 ssh component denial of service vulnerability Date: 29-8-2015 Vendor homepage: http://www.sysax.com Software Link: http://www.sysax.com/download/sysaxservsetup.msi Version: 6.40 Author: 3unnym00n...
Security IP Camera Star Vision DVR - Authentication Bypass
Security IP Camera Star Vision DVR - Authentication Bypass Exploit Title: Security IP Camera Star Vision DVR Authentication Bypass Date: 2015-08-13 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: Version: All Versions Exploit : 1 - First, open your Chrome...
Microsoft Word - Local Machine Zone Code Execution (MS15-022)
Microsoft Word - Local Machine Zone Code Execution MS15-022 Exploit Title: Microsoft Word Local Machine Zone Remote Code Execution Vulnerability Date: July 15th, 2015 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com Version: 2007 Tested on: Microsoft Windows XP, 2003...
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Symantec Endpoint Protection 12.1.4013 - Service Disabling Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection...
Lively Cart - SQL Injection
Lively Cart - SQL Injection Exploit Title : Lively cart SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://codecanyon.net/item/livelycart-a-jquery-php-store-shop/5531393 Date : 18/06/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep...
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1501 Release Date: ============= 2015-06-19...
Apexis IP CAM - Information Disclosure
Apexis IP CAM - Information Disclosure Exploit Title: Apexis IP CAM - Full Info Disclosure Google Dork: inurl:"getstatus.cgi"cgi-bin/ Date: 01/06/2015 Exploit Author: Sunplace Solutions - Soluciones Informáticas - RE Remoteexecution.net Vendor Homepage: http://www.apexis.com.cn/ Tested on: Linux...
JDownloader 2 Beta - Directory Traversal
JDownloader 2 Beta - Directory Traversal =begin Exploit Title: JDownloader 2 Beta Directory Traversal Vulnerability Zip Extraction Date: 2015-06-02 Exploit Author: PizzaHatHacker Vendor Homepage: http://jdownloader.org/home/index Software Link: http://jdownloader.org/download/offline Version: 117...
Invision Power Board (IP.Board) 2.0.3 - Multiple Vulnerabilities
Invision Power Board IP.Board 2.0.3 - Multiple Vulnerabilities IP.Board Multiple Vulnerabilities Vendor: Invision Power Services Product: IP.Board Version: = 2.0.3 Website: http://www.invisionboard.com/ BID: 13529 13534 CVE: CVE-2005-1597 CVE-2005-1598 OSVDB: 16297 16298 SECUNIA: 15265 PACKETSTOR...
AZBB 1.0.07d - Multiple Vulnerabilities
AZBB 1.0.07d - Multiple Vulnerabilities AZBB Multiple Vulnerabilities Vendor: AZBB Product: AZBB Version: = 1.0.07d Website: http://azbb.cyaccess.com/ BID: 13272 13278 CVE: CVE-2005-1200 CVE-2005-1201 OSVDB: 15700 15701 15702 15703 SECUNIA: 15013 PACKETSTORM: 37792 Description: azbb is a forum th...
Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
Apport 2.14.1 Ubuntu 14.04.2 - Local Privilege Escalation !/bin/sh CVE-2015-1318 Reference: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1438758 Example: % uname -a Linux maggie 3.13.0-48-generic 80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x8664 x8664 x8664 GNU/Linux % lsbrelease -a No LS...
Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change
Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change !/bin/bash Shuttle Tech ADSL Modem-Router 915 WM Unauthenticated Remote DNS Change Exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Description: The vulnerability exist in the web interface, which is accessible without...
RedStar 3.0 Desktop - Software Manager swmng.app Local Privilege Escalation
RedStar 3.0 Desktop - Software Manager swmng.app Local Privilege Escalation The root user is disabled on Red Star, and it doesn't look like there is a way to enable it. UnFortunately, they left a big security hole: the Software Manager swmng.app, which runs as root through sudo and will install a...