41207 matches found
MikroTik RouterOS 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution
MikroTik RouterOS 6.38.4 x86 - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import...
Asterisk chan_pjsip 15.2.0 - SDP Denial of Service
Asterisk chanpjsip 15.2.0 - SDP Denial of Service ''' Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory...
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/ Software...
Pdfium - Pattern Shading Integer Overflows
Pdfium - Pattern Shading Integer Overflows This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp re...
Advantech WebAccess 8.3.0 - Remote Code Execution
Advantech WebAccess 8.3.0 - Remote Code Execution Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...
Online Voting System - Authentication Bypass
Online Voting System - Authentication Bypass Exploit Title: Online Voting System - Authentication Bypass Date: 02.02.2018 Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author:...
Joomla! Component Easydiscuss 4.0.21 - Cross-Site Scripting
Joomla! Component Easydiscuss 4.0.21 - Cross-Site Scripting Exploit Title: Joomla Plugin Easydiscuss inside the body, everything after the will be executed in the user’s browser. Works with every version up to 4.0.20 2. Proof of Concept Login with permissions to post a message, insert in the body...
SAP BusinessObjects launch pad - Server-Side Request Forgery
SAP BusinessObjects launch pad - Server-Side Request Forgery Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack...
ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)
ALLPlayer 7.5 - Local Buffer Overflow SEH Unicode !/usr/bin/python Tested on: Windows 10 Professional x86 Exploit for previous version: https://www.exploit-db.com/exploits/42455/ Seems they haven't patched the vulnerability at all :D msfvenom -p windows/exec CMD="calc.exe" -e x86/unicodemixed...
Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
Cisco UCS Platform Emulator 3.12ePE1 - Remote Code Execution Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a...
iTech Gigs Script 1.21 - SQL Injection
iTech Gigs Script 1.21 - SQL Injection Exploit Title: iTech Gigs Script 1.21 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Demo: http://gigs.itechscripts.com/ Version: 1.21 Category: Webapps Tested on:...
ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow (DEP Bypass)
ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow DEP Bypass import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EA...
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digirez 3.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo:...
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-catalog/ Software Link: Version: 1.0.7...
Microsoft Edge Chakra - NULL Pointer Dereference
Microsoft Edge Chakra - NULL Pointer Dereference spreadIndices = nullptr // This function emits the arguments for a call. // ArgOut's with uses immediately following defs. EmitArgListStartthisLocation, byteCodeGenerator, funcInfo, callSiteId; Js::RegSlot evalLocation = Js::Constants::NoRegister; ...
Unitrends UEB 9.1 - Unitrends bpserverd Remote Command Execution
Unitrends UEB 9.1 - Unitrends bpserverd Remote Command Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Jared Arave, Cale Smith, Benny Husted Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted ||...
WebKit - WebCore::RenderObject with Accessibility Enabled Use-After-Free
WebKit - WebCore::RenderObject with Accessibility Enabled Use-After-Free link text-transform: lowercase; link::first-letter border-spacing: 1em; function go dt.appendChildlink; var s = link.style; s.setProperty"display", "table-column-group"; s.setProperty"-webkit-appearance", "menulist-button";...
Barracuda Load Balancer Firmware 6.0.1.006 - Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware 6.0.1.006 - Remote Command Injection Metasploit Exploit Title: Barracuda Load Balancer Firmware 'Barracuda Load Balancer Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Load Balancer Firmware Version = v6.0.1.006 2016-08-...
Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass
Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02...
Joomla! 3.7 - SQL Injection
Joomla! 3.7 - SQL Injection --==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 333333; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px...
IBM Informix Dynamic Server - Code Injection Remote Code Execution
IBM Informix Dynamic Server - Code Injection Remote Code Execution !/usr/local/bin/python """ IBM Informix Dynamic Server doconfig PHP Code Injection Remote Code Execution Vulnerability 0DAY Bonus: free XXE bug included! Download:...
DNSTracer 1.8.1 - Buffer Overflow (PoC)
DNSTracer 1.8.1 - Buffer Overflow PoC Exploit Title: DNSTracer Stack-based Buffer Overflow CVE: CVE-2017-9430 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://www.mavetju.org Version : 1.8.1 Tested on: Parrot OS Date: 04-06-2017 Category: Application Author Mail :...
CMS Web-Gooroo 1.141 - Multiple Vulnerabilities
CMS Web-Gooroo 1.141 - Multiple Vulnerabilities Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad...
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - Remote Code Execution !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...
Mozilla Firefox 53 - ConvolvePixel Memory Disclosure
Mozilla Firefox 53 - ConvolvePixel Memory Disclosure /home/worker/workspace/build/src/gfx/2d/FilterNodeSoftware.cpp:2358 2 0x7f8d3fcd397d in alreadyAddRefedmozilla::gfx::Data...
Tecnovision DLX Spot - SSH Backdoor Access
Tecnovision DLX Spot - SSH Backdoor Access Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...
D-Link DIR-615 - Cross-Site Request Forgery
D-Link DIR-615 - Cross-Site Request Forgery Title: ==== D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Pratik S. Shah Reference: ========= CVE Details: CVE-2017-7398. Date: ==== 1-04-2017 Vendor: ====== D-Link wireless router...
APNGDis 2.8 - filename Stack Buffer Overflow (PoC)
APNGDis 2.8 - filename Stack Buffer Overflow PoC Exploit Title: APNGDis filename Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested on: Linux Debian ...
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference Source: http://seclists.org/oss-sec/2017/q1/458 Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output: mujstest...
Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution
Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the...
UCanCode - Multiple Vulnerabilities
UCanCode - Multiple Vulnerabilities UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm Description: Form vendor's web page "UCanCode Software is a Market Leading provider of HMI & SCADA, CAD, UML, GIS,...
Microsoft Edge 11.0.10240.16384 - edgehtml CAttrArray::Destroy Use-After-Free
Microsoft Edge 11.0.10240.16384 - edgehtml CAttrArray::Destroy Use-After-Free Alternatively: Description When an element is created and style properties are added, these are stored in a CAttrArray object. A new CAttrArray is able to store up to 8 properties. If more properties need to be store...
Microsoft WININET.dll - CHttpHeaderParser::ParseStatusLine Out-of-Bounds Read (MS16-104MS16-105)
Microsoft WININET.dll - CHttpHeaderParser::ParseStatusLine Out-of-Bounds Read MS16-104MS16-105 !-- Source: http://blog.skylined.nl/20161110001.html Synopsis A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of ...
Joomla! 3.4.4 3.6.4 - Account Creation Privilege Escalation
Joomla! 3.4.4 3.6.4 - Account Creation Privilege Escalation Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandle...
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform:...
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...
Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)
Meteocontrol WEB’log - Admin Password Disclosure Metasploit Exploit Title: Meteocontrol WEB'log - Extract Admin password Discovered by: Karn Ganeshen Vendor Homepage: http://www.meteocontrol.com/en/ Versions Reported: All Meteocontrol WEB'log versions CVE-ID: CVE-2016-2296 Meteocontrol WEB'log -...
Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation
Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation Certec EDV atvise SCADA server 2.5.9 Privilege Escalation Vulnerability Vendor: Certec EDV GmbH Product web page: http://www.atvise.com Affected version: 2.5.9 Summary: atvise scada is based on newest technologies and standards:...
Mach Race OSX - Local Privilege Escalation
Mach Race OSX - Local Privilege Escalation Source: https://github.com/gdbinit/machrace Mach Race OS X Local Privilege Escalation Exploit c fG! 2015, 2016, [email protected] - https://reverse.put.as A SUID, SIP, and binary entitlements universal OS X exploit CVE-2016-1757. Usage against a SUID binar...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...
Mess Emulator 0.154-3.1 - Local Buffer Overflow
Mess Emulator 0.154-3.1 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Multi Emulator Super System MESS Version: 0.154-3.1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description: MESS is...
iTop 2.2.1 - Cross-Site Request Forgery
iTop 2.2.1 - Cross-Site Request Forgery Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016...
Chamilo LMS - Persistent Cross-Site Scripting
Chamilo LMS - Persistent Cross-Site Scripting Document Title: =============== Chamilo LMS - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1727 Video: https://www.youtube.com/watch?v=gNZsQjmtiGI Release Dat...
ManageEngine OPutils 8.0 - Multiple Vulnerabilities
ManageEngine OPutils 8.0 - Multiple Vulnerabilities =================================================================================== Privilege escalation Vulnerability in ManageEngine oputils =================================================================================== Overview ========...
WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities
WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of...
D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities
D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: DIR-880L Buffer overflows in authenticatio and HNAP functionalities. Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed...
netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities
netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities Exploit Title: netis RealTek wireless router / ADSL modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: Vulnerability? What's this? Vendor Homepage: www.netis-systems.com...
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=437 Windows: CreateObjectTask SettingsSyncDiagnostics Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in...