41207 matches found
WDMyCloud 2.30.165 - Multiple Vulnerabilities
WDMyCloud 2.30.165 - Multiple Vulnerabilities WDMyCloud Multiple Vulnerabilities Vendor: Western Digital Product: WDMyCloud Version: = 2.30.165 Website: https://www.wdc.com/products/network-attached-storage.html / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,///...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE :...
Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload
Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/...
Winamp Pro 5.66.Build.3512 - Denial of Service
Winamp Pro 5.66.Build.3512 - Denial of Service ! /usr/bin/perl Exploit Title: Winamp Pro .wav|.wmv|.au|.asf|.aiff|.aif Denial of Service Date: 2017-11-22 Exploit Author: R.Yavari Version: v5.66.Build.3512 Tested on: Windows 10 , Windows 7 other version should be affected CVE-2017-16951...
Vastal I-Tech Agent Zone - searchCommercial.php searchResidential.php SQL Injection
Vastal I-Tech Agent Zone - searchCommercial.php searchResidential.php SQL Injection Exploit Title: Vastal I-Tech Agent Zone - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/agent-zone-real-estate-script.html Demo:...
TP-Link TL-MR3220 - Cross-Site Scripting
TP-Link TL-MR3220 - Cross-Site Scripting Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220 Date: 12/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: http://www.tp-link.com.br Version: TL-MR3220 Tested on: Windows 10 CVE : CVE-2017-15291 Vulnerabilty: Cross-site scripting XSS in TP-LI...
phpCollab 2.5.1 - SQL Injection
phpCollab 2.5.1 - SQL Injection CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments,...
Trend Micro OfficeScan 11.0XG (12.0) - Image File Execution Bypass
Trend Micro OfficeScan 11.0XG 12.0 - Image File Execution Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt + ISR: ApparitionSec Vendor: ==================...
AirStar Airbnb Clone Script 1.0 - SQL Injection
AirStar Airbnb Clone Script 1.0 - SQL Injection Exploit Title: AirStar Airbnb Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/airstar-airbnb-clone/ Version: 1.0 Tested on: Kali Linu...
Tor (Linux) - X11 Linux Sandbox Breakout
Tor Linux - X11 Linux Sandbox Breakout / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2 EDIT: I mixed up two different sandboxes; see the comment below for a correction. From inside the Linux sandbox described in , it is still possible to talk to the X server withou...
Disk Pulse Enterprise 9.9.16 - Remote Buffer Overflow (SEH)
Disk Pulse Enterprise 9.9.16 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Disk Pulse Enterprise 9.9.16 Remote SEH Buffer Overflow Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.diskpulse.com...
Apple macOS Sierra 10.12.1 - IOFireWireFamily FireWire Port Denial of Service
Apple macOS Sierra 10.12.1 - IOFireWireFamily FireWire Port Denial of Service / IOFireWireFamily-overflow.c Brandon Azad Buffer overflow reachable from IOFireWireUserClient::localConfigDirectoryPublish. Download:...
NoMachine 5.3.9 - Local Privilege Escalation
NoMachine 5.3.9 - Local Privilege Escalation """ Exploit Title: NoMachine LPE - Local Privilege Escalation Date: 09/08/2017 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.nomachine.com Software Link: https://www.nomachine.com Version: 5.3.9 Tested on: OSX CVE : CVE-2017-12763...
WebKit - WebCore::RenderObject with Accessibility Enabled Use-After-Free
WebKit - WebCore::RenderObject with Accessibility Enabled Use-After-Free link text-transform: lowercase; link::first-letter border-spacing: 1em; function go dt.appendChildlink; var s = link.style; s.setProperty"display", "table-column-group"; s.setProperty"-webkit-appearance", "menulist-button";...
IBM Informix Dynamic Server - Code Injection Remote Code Execution
IBM Informix Dynamic Server - Code Injection Remote Code Execution !/usr/local/bin/python """ IBM Informix Dynamic Server doconfig PHP Code Injection Remote Code Execution Vulnerability 0DAY Bonus: free XXE bug included! Download:...
libquicktime 1.2.4 - Denial of Service
libquicktime 1.2.4 - Denial of Service libquicktime multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= The libquicktime package contains the libquicktime library, various plugins and codecs, along with graphical and command line utilities used f...
Net Monitor for Employees Pro 5.3.4 - Unquoted Service Path Privilege Escalation
Net Monitor for Employees Pro 5.3.4 - Unquoted Service Path Privilege Escalation Exploit Title: Unquoted Service Path Privilege Escalation - Net Monitor for Employees Pro gmail.com, saeid Nsecurity.org Linkedin: https://www.linkedin.com/in/saeidatabaki Vendor Homepage: http://networklookout.com/...
Craft CMS 2.6 - Cross-Site Scripting
Craft CMS 2.6 - Cross-Site Scripting Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip Version: 2.6 Teste...
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2...
CMS Web-Gooroo 1.141 - Multiple Vulnerabilities
CMS Web-Gooroo 1.141 - Multiple Vulnerabilities Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad...
Mozilla Firefox 53 - ConvolvePixel Memory Disclosure
Mozilla Firefox 53 - ConvolvePixel Memory Disclosure /home/worker/workspace/build/src/gfx/2d/FilterNodeSoftware.cpp:2358 2 0x7f8d3fcd397d in alreadyAddRefedmozilla::gfx::Data...
Apple WebKit Safari 10.0.3(12602.4.8) - WebCore::FrameView::scheduleRelayout Use-After-Free
Apple WebKit Safari 10.0.312602.4.8 - WebCore::FrameView::scheduleRelayout Use-After-Free let f = document.body.appendChilddocument.createElement'iframe'; let g = f.contentDocument.body.appendChilddocument.createElement'iframe'; g.contentWindow.onunload = = g.contentWindow.onunload = null; let h ...
Apple macOSiOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
Apple macOSiOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1168 The dump today has this list of iOS stuff: https://wikileaks.org/ciav7p1/cms/page13205587.html Reading through this...
CMS Made Simple 2.1.6 - Multiple Vulnerabilities
CMS Made Simple 2.1.6 - Multiple Vulnerabilities Title: CMSMS 2.1.6 Multiple Vulnerabilities Date: 10-05-2017 Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original write-up: https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities/ CVE:...
Zyxel P-660HW-61 Firmware 3.40(PE.11)C0 Router - Local File Inclusion
Zyxel P-660HW-61 Firmware 3.40PE.11C0 Router - Local File Inclusion Exploit Title: Zyxel P-660HW-61 3.40PE.11C0 - Local File Inclusion Date: 2-05-2017 Exploit Author: ReverseBrain Contact: https://www.twitter.com/ReverseBrain Vendor Homepage: https://www.zyxel.com Software Link:...
Emby MediaServer 3.2.5 - Directory Traversal
Emby MediaServer 3.2.5 - Directory Traversal Emby MediaServer 3.2.5 Directory Traversal File Disclosure Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to...
Brother MFC-J6520DW - Authentication Bypass Password Change
Brother MFC-J6520DW - Authentication Bypass Password Change ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS...
SpiceWorks 7.5 TFTP - Remote File Overwrite Upload
SpiceWorks 7.5 TFTP - Remote File Overwrite Upload + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt + ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com...
Apple macOSIOS 10.12.2 (16C67) - mach_msg Heap Overflow
Apple macOSIOS 10.12.2 16C67 - machmsg Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copyi...
EyesOfNetwork (EON) 5.1 - SQL Injection
EyesOfNetwork EON 5.1 - SQL Injection Exploit Title: EyesOfNetwork EON 5.1 Unauthenticated SQL Injection in eonweb leading to remote root Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" Date: 29/03/2017 Exploit Author: Dany Bach Vendor Homepage: https://www.eyesofnetwork.com/...
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork EON 5.0 - Remote Code Execution CVE-2017-6087 EON 5.0 Remote Code Execution Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. Remote Code Execution authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to execute...
phplist 3.2.6 - SQL Injection
phplist 3.2.6 - SQL Injection 1. Introduction Affected Product: phplist 3.2.6 Fixed in: 3.3.1 Fixed Version Link: https://sourceforge.net/projects/phplist/files/phplist/3.3.1/phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability Type: SQL Injection Remote Exploitable:...
Global In - SQL Injection
Global In - SQL Injection Exploit Title: Global In – A LinkedIn Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.techbizstudio.com/ Software: https://www.techbizstudio.com/product/linkedin-clone/ Demo: https://www.techbizstudio.com/demo/globalin/ Version: N/A...
OpenText Documentum D2 - Remote Code Execution
OpenText Documentum D2 - Remote Code Execution / CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Description: Document D2 contains vulnerable...
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Google Android - android.util.MemoryIntArray Ashmem Race Conditions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1002 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...
Google Android - Inter-process munmap in android.util.MemoryIntArray
Google Android - Inter-process munmap in android.util.MemoryIntArray Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage:...
Ghostscript 9.20 - Filename Command Execution
Ghostscript 9.20 - Filename Command Execution + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...
DCMTK 3.6.0 storescp - Stack Buffer Overflow
DCMTK 3.6.0 storescp - Stack Buffer Overflow !/usr/bin/env python -- coding: utf8 -- DCMTK storescp DICOM storage C-STORE SCP Remote Stack Buffer Overflow Vendor: OFFIS e. V. Product web page: http://www.dcmtk.org Affected version: = 3.6.0 Not affected: DCMTK-3.6.120160216 -...
Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service
Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service !/usr/bin/env python -- coding: utf8 -- Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: Horos™ is an...
Serva 3.0.0 - HTTP Server Denial of Service
Serva 3.0.0 - HTTP Server Denial of Service !/usr/bin/env python Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit Vendor: Patrick Masotta Product web page: http://www.vercot.com Affected version: 3.0.0.1001 Community, Pro, 32/64bit Summary: Serva is a light 3 MB, yet powerful...
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free (MS15-018)
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free MS15-018 // This PoC attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new RegExp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g";...
Microsoft Edge 11.0.10240.16384 - edgehtml CAttrArray::Destroy Use-After-Free
Microsoft Edge 11.0.10240.16384 - edgehtml CAttrArray::Destroy Use-After-Free Alternatively: Description When an element is created and style properties are added, these are stored in a CAttrArray object. A new CAttrArray is able to store up to 8 properties. If more properties need to be store...
MyBB 1.8.6 - Cross-Site Scripting
MyBB 1.8.6 - Cross-Site Scripting Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyBB 1.8.6 Fixed in: 1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: XSS Remote Exploitable: Yes Report...
Sophos Web Appliance 4.2.1.3 - Remote Code Execution
Sophos Web Appliance 4.2.1.3 - Remote Code Execution KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL:...
Alienvault OSSIMUSM 5.3.1 - SQL Injection
Alienvault OSSIMUSM 5.3.1 - SQL Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3...
Joomla! 3.4.4 3.6.4 - Account Creation Privilege Escalation
Joomla! 3.4.4 3.6.4 - Account Creation Privilege Escalation Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandle...
Linux Kernel 2.6.22 3.9 - Dirty COW PTRACE_POKEDATA Race Condition (Write Access Method)
Linux Kernel 2.6.22 3.9 - Dirty COW PTRACEPOKEDATA Race Condition Write Access Method // $ echo pikachu|sudo tee pokeball;ls -l pokeball;gcc -pthread pokemon.c -o d;./d pokeball miltank;cat pokeball include //// pikachu include //// -rw-r--r-- 1 root root 8 Apr 4 12:34 pokeball include ////...
Microsoft Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123)
Microsoft Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor MS16-123 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=876 We have encountered a Windows kernel crash in the nt!RtlValidRelativeSecurityDescriptor function invoked...