Beetel-Connection-Manager

Exploit Title:Beetel Connection Manager SEH Buffer Overflow Software for usb wireless Homepage:http://www.beetel.in/business-solutions/international-business/3g-products/g31-3g-data-card Version:PCWBTLINDV1.0.0B04 Software...

Pimcore CMS 2.3.03.0 - SQL Injection

Pimcore CMS 2.3.03.0 - SQL Injection Document Title: =============== Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1363 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID:...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2...

Bash CGI - Shellshock Remote Command Injection (Metasploit)

Bash CGI - Shellshock Remote Command Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Shellshock Bashed CGI RCE', 'Description' = %q This module exploits the...

Moab 7.2.9 - Authentication Bypass

Moab 7.2.9 - Authentication Bypass Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computi...

PHPComptaNOALYSS 6.7.1 5638 - Remote Command Execution

PHPComptaNOALYSS 6.7.1 5638 - Remote Command Execution Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does no...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)

ManageEngine EventLog Analyzer - Multiple Vulnerabilities 1 Mogwai Security Advisory MSA-2014-01 ---------------------------------------------------------------------- Title: ManageEngine EventLog Analyzer Multiple Vulnerabilities Product: ManageEngine EventLog Analyzer Affected versions: EventLo...

Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting

Zenoss Monitoring System 4.2.5-2108 x64 - Persistent Cross-Site Scripting Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org Vendor homepage: http://zenoss.com Software Link: http://www.zenoss.com...

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact:...

Motorola SBG901 Wireless Modem - Cross-Site Request Forgery

Motorola SBG901 Wireless Modem - Cross-Site Request Forgery Exploit Title : Motorola SBG901 Wireless Modem CSRF Vulnerability Google dork : N/A Exploit Author: Blessen Thomas Date : 06/01/2014 Vendor Homepage : http://www.arrisi.com/modems/ Software Link : N/A Version : Motorola SBG901 Wireless...

miSecureMessages 4.0.1 - Session Management Authentication Bypass

miSecureMessages 4.0.1 - Session Management Authentication Bypass Affected Product ================================== miSecureMessages from Amtelco - Tested on version: Client=4.0.1 Server=6.2.4552.30017 iOS: https://itunes.apple.com/us/app/misecuremessages/id423957478?mt=8 android:...

OpenSupports 2.0 - Blind SQL Injection

OpenSupports 2.0 - Blind SQL Injection Open Support Blind SQL Injection v2.0 Vulnerability =================================================== Author indoushka ================= vendor :http://www.opensupports.com/files/Opensupportsv2EN.rar ================= Dork : Power by OpenSupports © 2009 -...

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...

Titan FTP Server 10.32 Build 1816 - Directory Traversal

Titan FTP Server 10.32 Build 1816 - Directory Traversal "Titan FTP Server Directory Traversal Vulnerabilities" - Affected Vendor: South River Technologies - Affected System: Titan FTP Server software Version 10.32 Build 1816 - Vendor Disclosure Date: January 27th, 2014 - Public Disclosure Date:...

Jenkins 1.523 - Persistent HTML Code

Jenkins 1.523 - Persistent HTML Code 01. Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Informatio...

ImpressPages CMS 3.6 - manage() Remote Code Execution

ImpressPages CMS 3.6 - manage Remote Code Execution !/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web conten...

Zabbix 2.0.8 - SQL Injection Remote Code Execution (Metasploit)

Zabbix 2.0.8 - SQL Injection Remote Code Execution Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Aanval 7.1 build 70151 - Multiple Vulnerabilities

Aanval 7.1 build 70151 - Multiple Vulnerabilities ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Aanval 7.1 build 70151 ------------------------- Affected vendors: ------------------------- Aanval http://www.aanval.com/...

XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access

XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access ============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel García Cárdenas - Severity: 6,8/10 CVSS Ba...

glFusion 1.3.0 - search.php?cat_id SQL Injection

glFusion 1.3.0 - search.php?catid SQL Injection Information -------------------- Name : SQL Injection Vulnerability in glFusion Software : glFusion 1.3.0 and possibly below. Vendor Homepage : http://www.glfusion.org Vulnerability Type : Blind SQL Injection Severity : Critical Researcher : Omar Ku...

MCImageManager - Multiple Vulnerabilities

MCImageManager - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/61825/info MCImageManager is prone to multiple security vulnerabilities. An attacker may exploit these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the...

Sony Playstation 3 (PS3) 4.31 - Save Game Preview .SFO Handling Local Command Execution

Sony Playstation 3 PS3 4.31 - Save Game Preview .SFO Handling Local Command Execution Title: ====== Sony PS3 Firmware v4.31 - Code Execution Vulnerability Date: ===== 2013-05-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=767 VL-ID: ===== 767 Common Vulnerability...

Joomla! Component com_civicrm 4.2.2 - Remote Code Injection

Joomla! Component comcivicrm 4.2.2 - Remote Code Injection Exploit Title: joomla component comcivicrm remode code injection exploit Google Dork:"Index of /joomla/administrator/components/comcivicrm/civicrm/packages/OpenFlashChart" Date: 20/04/2013 Exploit Author: iskorpitx Vendor Homepage:...

PonyOS 0.4.99-mlp - Multiple Vulnerabilities

PonyOS 0.4.99-mlp - Multiple Vulnerabilities Advisory: PonyOS Security Issues John Cartwright Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future o...

Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pa_modify_accounts() Remote Code Execution

Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pamodifyaccounts Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 auth.dll pamodifyaccounts Remote Code Execution pre auth / SYSTEM privileges Tested against: Microsoft Windows 2003 r2 sp2 download url:...

Novell Groupwise Internet Agent - LDAP BIND Request Overflow

Novell Groupwise Internet Agent - LDAP BIND Request Overflow Application: Novell Groupwise Platforms: Windows Version: 8.0.2 HP3 and 2012 Secunia: SA50622 PRL: 2012-33 ZDI: ?? Novell TID: 5150711 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter:...

ZPanel 10.0.1 - Cross-Site Request Forgery Cross-Site Scripting SQL Injection Password Reset

ZPanel 10.0.1 - Cross-Site Request Forgery Cross-Site Scripting SQL Injection Password Reset Exploit Title: ZPanel = 10.0.1 CSRF, XSS, SQLi, Password Reset Date: 04/11/2012 Exploit Author: pcsjj Vendor Homepage: http://www.zpanelcp.com/ Version: 10.0.1 Software Link:...

CMSQLite 1.3.2 - Multiple Vulnerabilities

CMSQLite 1.3.2 - Multiple Vulnerabilities Title: ====== CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies Date: ===== 2012-10-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=726 VL-ID: ===== 726 Common Vulnerability Scoring System: ==================================== 4...

FileBound 6.2 - Local Privilege Escalation

FileBound 6.2 - Local Privilege Escalation Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact...

JPEGsnoop 1.5.2 - WriteAV Crash (PoC)

JPEGsnoop 1.5.2 - WriteAV Crash PoC !/usr/bin/perl JPEGsnoop 1.5.2 Vendor URI: http://sourceforge.net/projects/jpegsnoop/ Vendor Description: JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports all image metadata and can even help identify if an image has been edited. Debug...

Winlog Lite SCADA HMI system - Overwrite (SEH)

Winlog Lite SCADA HMI system - Overwrite SEH Vuln Title: Winlog Lite SCADA HMI system SEH 0verwrite Vulnerability Author: FaryadR a.k.a Ciph3r tested on : winXp sp3 and Winlog Lite 2.06.17 Version Twitter : https://twitter.com/faryadR Mail : [email protected] Website : http://0c0c0c0c.com...

IOServer 1.0.18.0 - Directory Traversal

IOServer 1.0.18.0 - Directory Traversal ===================================================================== BEGIN Foofus.net Security Advisory: foofus-20120817 BEGIN ===================================================================== Title: IOServer "Root Directory" Trailing Backslash Web...

WespaJuris 3.0 - Multiple Vulnerabilities

WespaJuris 3.0 - Multiple Vulnerabilities Then, go to http://localhost/juris/clientdir/30/dl/webshell.php and see your webshell. :: How this exploit works? Manually work. Login bypass On login form, enter "SQLi strings": Login: '...

XnView 1.98.8 - .PCT Image Processing Heap Overflow

XnView 1.98.8 - .PCT Image Processing Heap Overflow Application: XnView PCT Image Processing Heap Overflow Platforms: Windows Secunia: SA48666 PRL: 2012-17 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report...

Agora-Project 2.12.11 - Arbitrary File Upload

Agora-Project 2.12.11 - Arbitrary File Upload Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link:...

Ganesha Digital Library 4.0 - Multiple Vulnerabilities

Ganesha Digital Library 4.0 - Multiple Vulnerabilities ===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities =====================================================...

PHP 5.4.3 (Windows x86 Polish) - Code Execution

PHP 5.4.3 Windows x86 Polish - Code Execution...

S9Y Serendipity 1.6 - Backend Cross-Site Scripting SQL Injection

S9Y Serendipity 1.6 - Backend Cross-Site Scripting SQL Injection Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-ADV2012-001 Contact: [email protected] Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.6...

Simple Machines Forum (SMF) 2.0.2 - scheduled Cross-Site Scripting

Simple Machines Forum SMF 2.0.2 - scheduled Cross-Site Scripting source: https://www.securityfocus.com/bid/52822/info Simple Machines Forum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Google Talk - gtalk: Deprecated URI Handler Injection

Google Talk - gtalk: Deprecated URI Handler Injection Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...

lizard cart - search.php SQL Injection

lizard cart - search.php SQL Injection Exploit Title: lizard cart SQLi search.php Google Dork: inurl:search.php+intitle:"Lizard Cart"+intext:"Search Results:" Date: 05-03-2012 Author: Number 7 Software Link: http://sourceforge.net/projects/lizardcart/files/latest/download?source=directory Version...

GAzie 5.20 - Cross-Site Request Forgery

GAzie 5.20 - Cross-Site Request Forgery ======================================== GAzie Date: 5/02/2012 Site: http://www.giudinvx.altervista.org/ -------------------------------------------------------- @Application Info: Multicompany finance application written in PHP using a MySql database backe...

Linux Kernel 2.6.39 3.2.2 (Gentoo Ubuntu x86x64) - Mempodipper Local Privilege Escalation (1)

Linux Kernel 2.6.39 3.2.2 Gentoo Ubuntu x86x64 - Mempodipper Local Privilege Escalation 1 / Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 EDB-Note: Updated version can be found here:...

OpenKM Document Management System 5.1.7 - Command Execution

OpenKM Document Management System 5.1.7 - Command Execution COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect:...

Plone and Zope - Remote Command Execution

Plone and Zope - Remote Command Execution Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zo...

Attachmate Reflection FTP Client - Heap Overflow

Attachmate Reflection FTP Client - Heap Overflow Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter:...

URL Shortener Script 1.0 - SQL Injection

URL Shortener Script 1.0 - SQL Injection =================================================================================== url shortener script 1.0 sql injection Vulnerabilities =================================================================================== Exploit Title: url shortener scri...

WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion

WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion Exploit Title: Zingiri Web Shop Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/zingiri-web-shop Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Actfax FTP Server 4.27 - USER Stack Buffer Overflow (Metasploit)

Actfax FTP Server 4.27 - USER Stack Buffer Overflow Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

PHPJunkYard GBook 1.61.7 - Multiple Cross-Site Scripting Vulnerabilities

PHPJunkYard GBook 1.61.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/48905/info PHPJunkYard GBook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these...