41207 matches found
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload Exploit Title: GRR = 3.0.0-RC1 all versions RCE with privilege escalation through file upload filter bypass authenticated Date: January 7th, 2016 Exploit Author: kmkz Bourbon Jean-marie | @kmkzsecurity Vendo...
Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure (MS16-074)
Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple...
Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)
Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...
Symphony CMS 2.6.7 - Session Fixation
Symphony CMS 2.6.7 - Session Fixation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt + ISR: APPARITIONSEC Vendor: ==================== www.getsymphony.com Product: ==================...
EduSec 4.2.5 - SQL Injection
EduSec 4.2.5 - SQL Injection EduSec 4.2.5 Multiple SQL Injection Vulnerabilities Vendor: Rudra Softech Product web page: http://www.rudrasoftech.com Affected version: 4.2.5 Summary: EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is...
FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation
FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation ----------------------------------- Exploit Title: Filezilla 3.17.0.0 windows installer Privileges Escalation via unquoted path vulnerability Date: 08/05/2016 Exploit Author: Cyril Vallicari Vendor Homepage:...
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access etcshadow)
Linux Kernel Ubuntu 14.04.3 - perfeventopen Can Race with execve Access etcshadow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...
PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities
PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview...
Netwrix Auditor 7.1.322.0 - ActiveX sourceFile Stack Buffer Overflow
Netwrix Auditor 7.1.322.0 - ActiveX sourceFile Stack Buffer Overflow Netwrix Auditor 7.1.322.0 ActiveX sourceFile Stack Buffer Overflow Vulnerability Vendor: Netwrix Corporation Product web page: http://www.netwrix.com Affected version: 7.1 Build 322 Summary: Netwrix Auditor is an IT audit...
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5...
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === LSE Leading Security Experts GmbH - Security Advisory 2016-01-01 === Wordpress ProjectTheme Multiple Vulnerabilities - -...
phpRPC 0.7 - Remote Code Execution
phpRPC 0.7 - Remote Code Execution phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use...
Chamilo LMS - Persistent Cross-Site Scripting
Chamilo LMS - Persistent Cross-Site Scripting Document Title: =============== Chamilo LMS - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1727 Video: https://www.youtube.com/watch?v=gNZsQjmtiGI Release Dat...
iScripts EasyCreate 3.0 - Remote Code Execution
iScripts EasyCreate 3.0 - Remote Code Execution !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This softwa...
NETGEAR WNR1000v4 - Authentication Bypass
NETGEAR WNR1000v4 - Authentication Bypass ''' Exploit Title: NetgearWNR1000v4AuthBypass Google Dork: - Date: 06.10.2015 Exploit Author: Daniel Haake Vendor Homepage: http://www.netgear.com/ Software Link: http://downloadcenter.netgear.com/en/product/WNR1000v4 Version: N300 router firmware version...
WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities
WIMAX LX350PWIXFMR-108 - Multiple Vulnerabilities Exploit Title: WIMAX LX350PWIXFMR-108 - Multiple Vulnerabilities Date: ˝Friday, ˝December ˝11, ˝2015 Exploit/Vulnerability Author: Alireza Azimzadeh Milani alimp5 Vendor Homepage: http://www.greenpacket.com Version: v2.10.14-g1.5.2 Tested on:...
TECO SG2 LAD Client 3.51 - .gen Overwrite Buffer Overflow (SEH)
TECO SG2 LAD Client 3.51 - .gen Overwrite Buffer Overflow SEH !/usr/bin/perl TECO SG2 LAD Client 3.51 SEH Overwrite Buffer Overflow Exploit Vendor: TECO Electric and Machinery Co., Ltd. Product web page: http://www.teco-group.eu Download: http://globalsa.teco.com.tw/supportdownload.aspx?KindID=9...
ZYXEL PMG5318-B20A - OS Command Injection
ZYXEL PMG5318-B20A - OS Command Injection Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation CVE-2015-5889: issetugid + rsh + libmalloc osx local root tested on osx 10.9.5 / 10.10.5 jul/2015 by rebel import os,time,sys env = s = os.stat"/etc/sudoers".stsize env'MallocLogFile' = '/etc/crontab' env'MallocStackLogging' =...
Photo Transfer (2) 1.0 iOS - Denial of Service
Photo Transfer 2 1.0 iOS - Denial of Service Document Title: =============== Photo Transfer 2 v1.0 iOS - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1580 Release Date: ============= 2015-08-20 Vulnerability Laboratory ...
Security IP Camera Star Vision DVR - Authentication Bypass
Security IP Camera Star Vision DVR - Authentication Bypass Exploit Title: Security IP Camera Star Vision DVR Authentication Bypass Date: 2015-08-13 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: Version: All Versions Exploit : 1 - First, open your Chrome...
Geoserver 2.7.1.1 2.6.4 2.5.5.1 - XML External Entity
Geoserver 2.7.1.1 2.6.4 2.5.5.1 - XML External Entity Exploit Title : GeoServer XXE Date : 11/08/2015 Exploit Author : David Bloom Script - Ping to Sven Claessens, Jacques Villemur and Eric Donners Vendor homepage : http://geoserver.org Software Link : http://geoserver.org/release/stable Version ...
WordPress Plugin S3Bubble Cloud Video With Adverts Analytics 0.7 - Arbitrary File Download
WordPress Plugin S3Bubble Cloud Video With Adverts Analytics 0.7 - Arbitrary File Download Exploit Title: Wordpress S3Bubble Cloud Video With Adverts & Analytics - Arbitrary File Download Google Dork: inurl:/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/ Date: 04/07/2015 Exploit Author:...
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1501 Release Date: ============= 2015-06-19...
Peercast 0.1211 - Format String
Peercast 0.1211 - Format String Peercast Format String Vulnerability Vendor: peercast.org Product: Peercast Version: = 0.1211 Website: http://www.peercast.org/ BID: 13808 CVE: CVE-2005-1806 OSVDB: 16906 SECUNIA: 15536 PACKETSTORM: 39355 Description: Peercast is a popular p2p streaming media serve...
WordPress Plugin Simple Ads Manager - Information Disclosure
WordPress Plugin Simple Ads Manager - Information Disclosure Vulnerability title: Wordpress plugin Simple Ads Manager - Information Disclosure Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Downlo...
JBoss AS 3456 - Remote Command Execution
JBoss AS 3456 - Remote Command Execution coding: utf-8 JexBoss v1.0. @autor: João Filho Matos Figueiredo [email protected] Updates: https://github.com/joaomatosf/jexboss Free for distribution and modification, but the authorship should be preserved. import httplib, sys, urllib, os, time from...
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=222 Windows: Local WebDAV NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update, Windows 7 Class: Elevation of Privilege Summary: A...
vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection
vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection + Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage:...
McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation
McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation / Exploit Title - McAfee Data Loss Prevention Endpoint Arbitrary Write Privilege Escalation Date - 29th January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.mcafee.com Tested Version -...
VideoLAN VLC Media Player 2.1.5 - Write Access Violation
VideoLAN VLC Media Player 2.1.5 - Write Access Violation Title : VLC Player 2.1.5 Write Access Violation Vulnerability Discoverer: Veysel HATAS @muh4f1z Web page : www.binarysniper.net Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Fixed Severity : High CVE ID : CVE-2014-9598 NIST:...
RedStar 3.0 Desktop - Software Manager swmng.app Local Privilege Escalation
RedStar 3.0 Desktop - Software Manager swmng.app Local Privilege Escalation The root user is disabled on Red Star, and it doesn't look like there is a way to enable it. UnFortunately, they left a big security hole: the Software Manager swmng.app, which runs as root through sudo and will install a...
QQPlayer-asx-File-Processing-Buffer-Overflow
Title: QQPlayer asx File Processing Buffer Overflow Exploit Author: Li Qingshan of Information Security Engineering Center,School of Software and Microelectronics,Peking University Vendor: www.qq.com head =''' ''' payload=head+junk+nseh+seh+adjust+shellcode+junk+foot fobj = open"poc.asx","w"...
MP3-Nator-Buffer-Overflow
Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://files.brothersoft.com/mp3audio/players/mp3nator.zip filename = 'crash.plf' ./msfpayload windows/exec CMD=calc EXITFUNC=seh R |...
DVD-X-Player-5.5-Pro-SEH
DVD X Player 5.5 Pro Bypass ASLR by using non-aslr enabled module SEH Overwrite Egghunter is not needed as there is at least 2000 bytes for shellcode import sys print "====================================" print "DVD X Player 5.5 Pro Buffer Overflow" print " SEH Overwrite - Bypass ASLR " print "...
Adobe-Illustrator-CS5.5
ImageType AlphaChannelCount reserved bin-ascii ImageMask XI Arguments to the XI operator specify the location and size of the image, its pixel bit depth, color type, and other attributes The image matrix maps the unit square of user space, bounded by 0, 0 and 1, 1 in user space, to the boundary o...
CoolPlayer-Portable-2.19.2
Buffer overflow that bypasses ASLR by using a non-aslr module Tested against CoolPlayer Portable version 2.19.2 on Windows Vista Business 32 bit Written by Blake patched by pole Originally found by Securityxxxpert print "\n=====================================" print "CoolPlayer Portable Buffer...
PhotoPost 4.85 - Multiple Vulnerabilities
PhotoPost 4.85 - Multiple Vulnerabilities PhotoPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc. Product: PhotoPost Version: = 4.85 Website: http://www.photopost.com/ BID: 12157 CVE: CVE-2005-0273 CVE-2005-0274 OSVDB: 12741 12741 SECUNIA: 13680 PACKETSTORM: 35595 Description: PhotoPost w...
SysAid Server - Arbitrary File Disclosure
SysAid Server - Arbitrary File Disclosure Vantage Point Security Advisory 2014-004 ======================================== Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: Summary: --- SysAid Server is vulnerable...
IPUX Cube Type CS303C IP Camera - UltraMJCamX.ocx ActiveX Stack Buffer Overflow
IPUX Cube Type CS303C IP Camera - UltraMJCamX.ocx ActiveX Stack Buffer Overflow IPUX Cube Type CS303C IP Camera UltraMJCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com Affected...
Enalean Tuleap 7.4.99.5 - Blind SQL Injection
Enalean Tuleap 7.4.99.5 - Blind SQL Injection Vulnerability title: Tuleap &globalfiltersubmit=Apply HTTP/1.1 Host: 192.168.56.108 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Languag...
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)
ManageEngine EventLog Analyzer - Multiple Vulnerabilities 1 Mogwai Security Advisory MSA-2014-01 ---------------------------------------------------------------------- Title: ManageEngine EventLog Analyzer Multiple Vulnerabilities Product: ManageEngine EventLog Analyzer Affected versions: EventLo...
Oxwall 1.7.0 - Multiple Cross-Site Request Forgery HTML Injection Vulnerabilities
Oxwall 1.7.0 - Multiple Cross-Site Request Forgery HTML Injection Vulnerabilities Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities form action="http://192.168.0.105/admin/users/roles/" method="...
Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting
Zenoss Monitoring System 4.2.5-2108 x64 - Persistent Cross-Site Scripting Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org Vendor homepage: http://zenoss.com Software Link: http://www.zenoss.com...
D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting
D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting !/bin/bash Written and discovered by Yuval tisf Nativ The page 'dhcpinfo.html' will list all machines connected to the network with hostname, IP, MAC and IP expiration. It is possible to store an XSS in this table by changing hostname. Checks ...
Motorola SBG901 Wireless Modem - Cross-Site Request Forgery
Motorola SBG901 Wireless Modem - Cross-Site Request Forgery Exploit Title : Motorola SBG901 Wireless Modem CSRF Vulnerability Google dork : N/A Exploit Author: Blessen Thomas Date : 06/01/2014 Vendor Homepage : http://www.arrisi.com/modems/ Software Link : N/A Version : Motorola SBG901 Wireless...
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...
PotPlayer 1.5.40688 - .avi File Handling Memory Corruption
PotPlayer 1.5.40688 - .avi File Handling Memory Corruption !/usr/bin/python Exploit Title: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/20 Exploit Author: ariarat Software Link: http://www.videohelp.com/download/PotPlayer1.5.40688.EXE Version:...
TP-Link TL-WR740N TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service
TP-Link TL-WR740N TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service Exploit title: 150M Wireless Lite N Router HTTP DoS Date: 28.11.2013 Exploit Author: Dino Causevic Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N Vendor Homepage: http://www.tp-link.com/...