41207 matches found
Microsoft Windows - win32k.sys TTF Processing win32k!sbit_Embolden win32k!ttfdCloseFontContext Use-After-Free (MS16-120)
Microsoft Windows - win32k.sys TTF Processing win32k!sbitEmbolden win32k!ttfdCloseFontContext Use-After-Free MS16-120 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=868 We have encountered Windows kernel crashes in the win32k!sbitEmbolden and win32k!ttfdCloseFontContext functio...
IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation
IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation Exploit Title: IObit Malware Fighter Unquoted Service Path Privilege Escalation Date: 12/10/2016 Author: Amir.ght Vendor Homepage: http://www.iobit.com/en/index.php Software Link:...
Billion 7700NR4 Router - Remote Command Execution
Billion 7700NR4 Router - Remote Command Execution Title : Billion Router 7700NR4 Remote Root Command Execution Date : 06/10/2016 Author : R-73eN Tested on: Billion Router 7700NR4 Vendor : http://www.billion.com/ Vulnerability Description: This router is a widely used here in Albania. It is given ...
NetMan 204 - Backdoor Account
NetMan 204 - Backdoor Account NetMan 204 - Backdoor Account Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NetMan 204 Vendor: http://www.riello-ups.com Product URL: http://www.riello-ups.com/products/4-software-connectivity/85-netman-204 Quick Reference Installation Manual :...
Microsoft Windows 8.1 Update 2 10 10586 (x86x64) - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)
Microsoft Windows 8.1 Update 2 10 10586 x86x64 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation MS16-111 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=865 Windows: NtLoadKeyEx User Hive Attachment Point EoP Platform: Windows 10 10586 32/64 and 8.1 Update 2, not...
Exponent CMS 2.3.9 - Blind SQL Injection
Exponent CMS 2.3.9 - Blind SQL Injection ============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400...
ZineBasic 1.1 - Arbitrary File Disclosure
ZineBasic 1.1 - Arbitrary File Disclosure Title: ZineBasic 1.1 Remote File Disclosure Exploit Author: bd0rk || East Germany former GDR Tested on: Ubuntu-Linux Vendor: http://w2scripts.com/news-publishing/ Download:...
Joomla! Component Catalog 1.0.7 - SQL Injection
Joomla! Component Catalog 1.0.7 - SQL Injection Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Author: Larry W. Cashdollar, @larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-catalog/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact:...
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform:...
PHPCollab CMS 2.5 - emailusers.php SQL Injection
PHPCollab CMS 2.5 - emailusers.php SQL Injection Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1898 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID VL-I...
Navis Webaccess - SQL Injection
Navis Webaccess - SQL Injection @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under maintenan...
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Apache Archiva Vendor URL: https://archiva.apache.org Type: Cross-Site Request Forgery CWE-253 Date found: 2016-05-...
Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions
Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=810 A major component of the Symantec Antivirus scan engine is the "Decomposer", responsible for unpacking various archive formats such as ZIP, RAR, and so on. T...
Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)
Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...
Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure (MS16-074)
Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple...
phpATM 1.32 (Windows) - Arbitrary File Upload Remote Command Execution
phpATM 1.32 Windows - Arbitrary File Upload Remote Command Execution ?php / Exploit Title : "phpATM = 1.32 Remote Command Execution Shell Upload on Windows Servers" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windo...
Cisco EPC 3928 - Multiple Vulnerabilities
Cisco EPC 3928 - Multiple Vulnerabilities Title: Cisco EPC 3928 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337...
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)
Websockify C Implementation 0.8.0 - Buffer Overflow PoC Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product:...
EduSec 4.2.5 - SQL Injection
EduSec 4.2.5 - SQL Injection EduSec 4.2.5 Multiple SQL Injection Vulnerabilities Vendor: Rudra Softech Product web page: http://www.rudrasoftech.com Affected version: 4.2.5 Summary: EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is...
Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution
Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution + Credits: Maxim Tomashevich from Thegrideon Software + Website: https://www.thegrideon.com/ + Details: https://www.thegrideon.com/qb-internals-sql.html Vendor: --------------------- www.intuit.com www.intuit.ca www.intuit.co.uk...
Adobe Reader DC 15.010.20060 - Memory Corruption
Adobe Reader DC 15.010.20060 - Memory Corruption Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10,...
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities SPSA-2016-02/ManageEngine ApplicationsManager------------------------------ SECURITY ADVISORY: SPSA-2016-02/ManageEngine Applications Manager Build No: 12700 Affected Software: ManageEngine Applications Manager Build No: 127...
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access etcshadow)
Linux Kernel Ubuntu 14.04.3 - perfeventopen Can Race with execve Access etcshadow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as...
QSEE - PRDiag* Commands Privilege Escalation
QSEE - PRDiag Commands Privilege Escalation Sources: https://bits-please.blogspot.ca/2016/05/qsee-privilege-escalation-vulnerability.html https://github.com/laginimaineb/cve-2015-6639 Qualcomm's Secure Execution Environment QSEE Privilege Escalation Exploit using PRDiag commands CVE-2015-6639 Pro...
Observium 0.16.7533 - Cross-Site Request Forgery
Observium 0.16.7533 - Cross-Site Request Forgery & retype password instead of having to insert the older password. such an attack would look like this: -- Change admin password...
GLPi 0.90.2 - SQL Injection
GLPi 0.90.2 - SQL Injection Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 without technical details Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure:...
Mach Race OSX - Local Privilege Escalation
Mach Race OSX - Local Privilege Escalation Source: https://github.com/gdbinit/machrace Mach Race OS X Local Privilege Escalation Exploit c fG! 2015, 2016, [email protected] - https://reverse.put.as A SUID, SIP, and binary entitlements universal OS X exploit CVE-2016-1757. Usage against a SUID binar...
CC++ Offline Compiler and C For OS - Persistent Cross-Site Scripting
CC++ Offline Compiler and C For OS - Persistent Cross-Site Scripting Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14...
Microsoft Windows 7 10 2008 2012 R2 (x86x64) - Local Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 10 2008 2012 R2 x86x64 - Local Privilege Escalation MS16-032 PowerShell function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD...
PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities
PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview...
DameWare Remote Controller 12.0.0.520 - Remote Code Execution
DameWare Remote Controller 12.0.0.520 - Remote Code Execution Exploit Title: Dameware Remote Controller RCE Date: 3-04-2016 Exploit Author: Securifera Vendor Homepage: http://www.dameware.com/products/mini-remote-control/product-overview.aspx Version: 12.0.0.520 Website:...
Liferay Portal 5.1.2 - Persistent Cross-Site Scripting
Liferay Portal 5.1.2 - Persistent Cross-Site Scripting Exploit Title: Liferay Portal 5.1.2 - Persistent XSS Discovery Date: 2016-02-10 Exploit Author: Sarim Kiani Vendor Homepage: https://www.liferay.com Software Link: https://www.liferay.com/community/releases Version: 5.1.2 Tested on: Windows O...
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
Xoops 2.5.7.2 - Cross-Site Request Forgery Arbitrary User Deletions var c=-1 var amttodelete=100 var id=document.getElementById"ids" var frm=document.getEleme...
iTop 2.2.1 - Cross-Site Request Forgery
iTop 2.2.1 - Cross-Site Request Forgery Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016...
Netwrix Auditor 7.1.322.0 - ActiveX sourceFile Stack Buffer Overflow
Netwrix Auditor 7.1.322.0 - ActiveX sourceFile Stack Buffer Overflow Netwrix Auditor 7.1.322.0 ActiveX sourceFile Stack Buffer Overflow Vulnerability Vendor: Netwrix Corporation Product web page: http://www.netwrix.com Affected version: 7.1 Build 322 Summary: Netwrix Auditor is an IT audit...
Crouzet em4 soft 1.1.04 - .pm4 Integer Division By Zero
Crouzet em4 soft 1.1.04 - .pm4 Integer Division By Zero Crouzet em4 soft 1.1.04 Integer Division By Zero Vendor: Crouzet Automatismes SAS Product web page: http://www.crouzet-automation.com Affected version: 1.1.04 and 1.1.03.01 Summary: em4 is more than just a nano-PLC. It is a leading edge...
Comodo Anti-Virus - SHFolder.dll Local Privilege Escalation
Comodo Anti-Virus - SHFolder.dll Local Privilege Escalation ...... ,;''''''''''''''''';, .;''''''''''''''''''''''''''', :''''''''+';:,..,:;'''''''''': ,;'''''';,. ,;'''''';: :'''''',. ,'''''';. ;+''+': ,; ,''''';. ;'''';. .:;' . ;'''''. :+'''; ,:+'' ';;',''; :''''; .''''; ,';' '':' ';,''',' :'''...
Microsoft Windows - srv2.sys SMB Code Execution (Python) (MS09-050)
Microsoft Windows - srv2.sys SMB Code Execution Python MS09-050 EDB-Note: Source https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS09050.py !/usr/bin/python This module depends on the linux command line program smbclient. I can't find a python smb library for smb login. If you can find...
Chamilo LMS - Persistent Cross-Site Scripting
Chamilo LMS - Persistent Cross-Site Scripting Document Title: =============== Chamilo LMS - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1727 Video: https://www.youtube.com/watch?v=gNZsQjmtiGI Release Dat...
CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC)
CyberCop Scanner Smbgrind 5.5 - Buffer Overflow PoC + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SMBGRIND-BUFFER-OVERFLOW.txt Vendor: ======================= Network Associates Inc. Product: =========================================...
Toshiba Viewer v2 p3console - Local Denial of Service
Toshiba Viewer v2 p3console - Local Denial of Service !/usr/bin/perl Exploit Title: Toshiba viewer v2 p3console Local Denial of Service Date: 02-02-2016 Author: JaMbA Download: http://business.toshiba.com/downloads/KB/f1Ulds/9942/viewer2-cj242-v106.zip Version: 2 Tested on: Windows 7 my $file=...
Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption
Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption / Source: https://code.google.com/p/google-security-research/issues/detail?id=572 The OS data types OSArray etc are explicity not thread safe; they rely on their callers to implement the required locking to serialize all accesses...
Google Android - sensord Local Privilege Escalation
Google Android - sensord Local Privilege Escalation / Android sensord 0day root exploit by s0m3b0dy tested on LG L7 PL need pentests? s0m3b0dy1atgmail.com some Android devices have sensord deamon, for some ROMs the deamon is running as root processthere we can use this exploit and ---------...
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramire...
Polycom VVX-Series Business Media Phones - Directory Traversal
Polycom VVX-Series Business Media Phones - Directory Traversal Polycom VVX-Series Business Media Phones Path Traversal Vulnerability --Summary-- Polycom VVX-series Business Media Phones allow authenticated users to execute file path traversal attacks Polycom http://www.polycom.com --Affects--...
WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities
WIMAX LX350PWIXFMR-108 - Multiple Vulnerabilities Exploit Title: WIMAX LX350PWIXFMR-108 - Multiple Vulnerabilities Date: ˝Friday, ˝December ˝11, ˝2015 Exploit/Vulnerability Author: Alireza Azimzadeh Milani alimp5 Vendor Homepage: http://www.greenpacket.com Version: v2.10.14-g1.5.2 Tested on:...
Man-db 2.6.7.1 - Local Privilege Escalation
Man-db 2.6.7.1 - Local Privilege Escalation / EDB Note: man:man - man:root http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root - root:root http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c...
D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities
D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: DIR-866L Buffer overflows in HNAP and send email functionalities Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with...
TECO TP3-PCLINK 2.1 - .tpc Handling Buffer Overflow (PoC)
TECO TP3-PCLINK 2.1 - .tpc Handling Buffer Overflow PoC TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Affected version: 2.1 Summary: TP3-PCLINK Software is the supportive software for...
Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)
Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass MS15-111 Source: https://code.google.com/p/google-security-research/issues/detail?id=486 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Platform: Windows 10 build 10240, earlier versions do not have...