41207 matches found
Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change
Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change !/bin/bash Shuttle Tech ADSL Modem-Router 915 WM Unauthenticated Remote DNS Change Exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Description: The vulnerability exist in the web interface, which is accessible without...
VSAT Sailor 900 - Remote Overflow
VSAT Sailor 900 - Remote Overflow / File : satcompwn.c - VSAT SAILOR SAT COM 900 Remote 0day Author : Nicholas Lemonias This is proprietary source code material of Advanced Information Security Corporation. Usage, distribution and modifications are pursuant to our terms of agreement. Copyright c...
MP3-Nator-Buffer-Overflow
Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://files.brothersoft.com/mp3audio/players/mp3nator.zip filename = 'crash.plf' ./msfpayload windows/exec CMD=calc EXITFUNC=seh R |...
CoolPlayer-Portable-2.19.2
Buffer overflow that bypasses ASLR by using a non-aslr module Tested against CoolPlayer Portable version 2.19.2 on Windows Vista Business 32 bit Written by Blake patched by pole Originally found by Securityxxxpert print "\n=====================================" print "CoolPlayer Portable Buffer...
Pimcore CMS 2.3.03.0 - SQL Injection
Pimcore CMS 2.3.03.0 - SQL Injection Document Title: =============== Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1363 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID:...
IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution...
ZTE ZXHN H108L - Authentication Bypass (2)
ZTE ZXHN H108L - Authentication Bypass 2 About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely...
Dell EqualLogic Storage - Directory Traversal
Dell EqualLogic Storage - Directory Traversal Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage Date: 09/2013 Exploit Author: Mauricio Pampim Corr�a Vendor Homepage: www.dell.com Version: 6.0 Tested on: Equipment Model Dell EqualLogic PS4000 CVE : CVE-2013-3304 The...
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting Python Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and...
SHARP MX Series - Denial of Service
SHARP MX Series - Denial of Service Exploit Title: SHARP MX Series - Denial Of Service Date: 08/08/2014 Exploit Author: pws Vendor Homepage: Sharp Printers Firmware Link: Not found Tested on: Latest version Shodan d0rk: "SHARP Telnet server" 4000 devices CVE : None yet $ python -c 'print "A"200 +...
IBM GCM1632 1.20.0.22575 - Multiple Vulnerabilities
IBM GCM1632 1.20.0.22575 - Multiple Vulnerabilities Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. Versions v1.20.0.22575 and prior are vulnerables. Note that this vulnerability is also present in some DELL and...
WebTitan 4.01 (Build 68) - Multiple Vulnerabilities
WebTitan 4.01 Build 68 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WebTitan vulnerable version: 4.01 Build 68 fixed version: 4.04 impact: critic...
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...
SoapUI 4.6.3 - Remote Code Execution
SoapUI 4.6.3 - Remote Code Execution Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4 Tested on: Windows,...
Dredge School Administration System - DSMloader.php Cross-Site Request Forgery (Admin Account Manipulation)
Dredge School Administration System - DSMloader.php Cross-Site Request Forgery Admin Account Manipulation source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site...
Elite Graphix ElitCMS 1.01 PRO - Multiple Web Vulnerabilities
Elite Graphix ElitCMS 1.01 PRO - Multiple Web Vulnerabilities Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18...
NETGEAR ProSafe - Denial of Service
NETGEAR ProSafe - Denial of Service !/usr/bin/python Netgear ProSafe - CVE-2013-4776 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import...
HP Data Protector - Remote Command Execution
HP Data Protector - Remote Command Execution """ HP Data Protector Arbitrary Remote Command Execution This script allows to execute a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory installpath/bin/. The...
McAfee ePO 4.6.6 - Multiple Vulnerabilities
McAfee ePO 4.6.6 - Multiple Vulnerabilities Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in McAfee ePO 4.6.6 Affected Product: McAfee ePO 4.6.6 Build 176 & potentially earlier versions Timeline: 08 June 2013 - Vulnerability found 12 June 2013 - Vendo...
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | ||...
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery 1. 2. 3. + Exploit Title : AfterLogic WebMail Lite PHP CSRF 4. + Author : Pablo '7days' Riberio 5. + Team: So Good Security 6. + Other 0days : http://pastebin.com/u/7days 7. + Version : = 7.0.1 8. + Tested on : windows/internet explor...
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Locatio...
Simple HRM System 2.3 - Multiple Vulnerabilities
Simple HRM System 2.3 - Multiple Vulnerabilities Exploit Title: Multiple Vulnerabilities in Simple HRM system v2.3 and below Date: 12/04/2013 Exploit Author: Doraemon Vendor Homepage: http://www.simplehrm.com/ Software Link: http://sourceforge.net/projects/simplehrm/ Version: 2.2/2.3 Tested on: 2...
AWS Xms 2.5 - importer.php?what Directory Traversal
AWS Xms 2.5 - importer.php?what Directory Traversal Advisory ID: HTB23147 Product: AWS XMS Vendor: http://www.aws-dms.com Vulnerable Versions: 2.5 and probably prior Tested Version: 2.5 Vendor Notification: March 6, 2013 Vendor Patch: March 16, 2013 Public Disclosure: March 27, 2013 Vulnerability...
Photodex ProShow Producer 5.0.3297 - .pxs Memory Corruption
Photodex ProShow Producer 5.0.3297 - .pxs Memory Corruption !/usr/bin/python Exploit Title: Photodex ProShow Producer v5.0.3297 .pxs Memory Corruption Vulnerability Version: = 5.0.3297 Date: 2013-02-14 Author: Julien Ahrens @MrTuxracer Homepage: http://www.inshell.net Software Link:...
Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)
Microsoft Windows - HWNDBROADCAST PoC MS13-005 / ms13-005-funz-poc.cpp - Drive a Medium IL cmd.exe via a Low IL process and message broadcasted Copyright C 2013 Axel "0vercl0k" Souchet - http://www.twitter.com/0vercl0k This program is free software: you can redistribute it and/or modify it under...
Nagios3 - history.cgi Remote Command Execution
Nagios3 - history.cgi Remote Command Execution !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution =========================================================== Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more...
SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting
SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting Title: ====== SonicWall SonicOS 5.8.1.8 WAF - POST Inject Vulnerability Date: ===== 2012-12-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=769 DELL Sonicwall Bug ID DSBID: 123995 VL-ID: ===== 769 Common...
Greenstone - Multiple Vulnerabilities
Greenstone - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/56662/info Greenstone is prone to the following security vulnerabilities: 1. A file-disclosure vulnerability 2. A cross-site scripting vulnerability 3. A security weakness 4. A security-bypass vulnerability Attackers...
Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pa_modify_accounts() Remote Code Execution
Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pamodifyaccounts Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 auth.dll pamodifyaccounts Remote Code Execution pre auth / SYSTEM privileges Tested against: Microsoft Windows 2003 r2 sp2 download url:...
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities Title: ====== PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities Date: ===== 2012-10-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=736 VL-ID: ===== 736 Common Vulnerability Scoring System:...
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
xt:Commerce VEYTON 4.0.15 - products_name_de Script Insertion
xt:Commerce VEYTON 4.0.15 - productsnamede Script Insertion xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability input type="hidden" name="dat...
am4ss Support System 1.2 - PHP Code Injection
am4ss Support System 1.2 - PHP Code Injection 10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/...
DecisionTools SharpGrid - ActiveX Control Remote Code Execution
DecisionTools SharpGrid - ActiveX Control Remote Code Execution Application: DecisionTools SharpGrid ActiveX Control Code Execution Vulnerability Platforms: Windows Secunia: SA48571 Date: 2012-05-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitte...
Mobipocket Reader 6.2 Build 608 - Buffer Overflow
Mobipocket Reader 6.2 Build 608 - Buffer Overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= ============================================================================= Mobipocket Reader version 6.2 Build 608 Buffe...
Landshop 0.9.2 - Multiple Web Vulnerabilities
Landshop 0.9.2 - Multiple Web Vulnerabilities Title: ====== Landshop v0.9.2 - Multiple Web Vulnerabilities Date: ===== 2012-03-31 References: =========== http://vulnerability-lab.com/getcontent.php?id=485 VL-ID: ===== 485 Introduction: ============= The SAMEDIA LandShop� is an innovative tool for...
Google Talk - gtalk: Deprecated URI Handler Injection
Google Talk - gtalk: Deprecated URI Handler Injection Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...
Open Journal Systems (OJS) 2.3.6 - libpkpclassescoreString.inc.php?String::stripUnsafeHtml() Method Cross-Site Scripting
Open Journal Systems OJS 2.3.6 - libpkpclassescoreString.inc.php?String::stripUnsafeHtml Method Cross-Site Scripting source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize...
FlashFXP 4.1.8.1701 - Remote Buffer Overflow
FlashFXP 4.1.8.1701 - Remote Buffer Overflow Title: ====== FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability Date: ===== 2012-03-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=462 VL-ID: ===== 462 Introduction: ============= FlashFXP is a FTP File Transfer Protoc...
Yealink VOIP Phone - Persistent Cross-Site Scripting
Yealink VOIP Phone - Persistent Cross-Site Scripting ============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting...
The Uploader 2.0.4 (EnglishItalian) - Arbitrary File Upload Remote Code Execution (Metasploit)
The Uploader 2.0.4 EnglishItalian - Arbitrary File Upload Remote Code Execution Metasploit require 'msf/core' class Metasploit3 'The Uploader 2.0.4 Eng/Ita Remote File Upload', 'Description'= %q This module exploits various flaws in The Uploader to upload a PHP payload to target system. When run...
Tube Ace - q Cross-Site Scripting
Tube Ace - q Cross-Site Scripting source: https://www.securityfocus.com/bid/52046/info Tube Ace is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Linux Kernel 2.6.39 3.2.2 (Gentoo Ubuntu x86x64) - Mempodipper Local Privilege Escalation (1)
Linux Kernel 2.6.39 3.2.2 Gentoo Ubuntu x86x64 - Mempodipper Local Privilege Escalation 1 / Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 EDB-Note: Updated version can be found here:...
Cloupia End-to-end FlexPod Management - Directory Traversal
Cloupia End-to-end FlexPod Management - Directory Traversal Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes...
Docebo Lms 4.0.4 - Messages Remote Code Execution
Docebo Lms 4.0.4 - Messages Remote Code Execution if$GLOBALS'modname' != '' $modulecfg =& createModule...
siemens automation license manager 500.0.122.1 - Multiple Vulnerabilities
siemens automation license manager 500.0.122.1 - Multiple Vulnerabilities Luigi Auriemma Application: Siemens Automation License Manager http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&objid=10805384&treeLang=en...
CaupoShop Pro (2.x 3.70) Classic 3.01 - Local File Inclusion
CaupoShop Pro 2.x 3.70 Classic 3.01 - Local File Inclusion CaupoShop Pro 2.x/ = 3.70 Local File Include Vulnerability ----------------------------------------------------------------------------------------- Vuln Softwares : CaupoShop Pro 2.x CaupoShop Classic 3.01 CaupoShop Pro 3.70 Discovered B...
WordPress Plugin BackWPUp 2.1.4 - Code Execution
WordPress Plugin BackWPUp 2.1.4 - Code Execution Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote...