41207 matches found
ASX to MP3 Converter 1.82.50 (Windows XP SP3) - .asx Local Stack Overflow
ASX to MP3 Converter 1.82.50 Windows XP SP3 - .asx Local Stack Overflow ''' Exploit Title: ASX to MP3 Converter 1.82.50 Stack Overflow Date: 2 Oct 2015 Exploit Author: exptr Vendor Homepage: http://mini-stream.net Version: 1.82.50 Tested on: Windows XP SP3 ''' import struct filename = "exploit.as...
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities Exploit Title: Vehicle 3G Wi-Fi Router - PIXORD - Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor till date Discovered by: Karn Ganeshen Vendor Homepage: http://www.pixord.com/en/productsshow.php?show=17 Versio...
Git 1.9.5 - ssh-agent.exe Buffer Overflow (PoC)
Git 1.9.5 - ssh-agent.exe Buffer Overflow PoC ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-GIT-SSH-AGENT-BUFF-OVERFLOW.txt Vendor: ================================ git-scm.com Product: ================================...
Air Drive Plus 2.4 - Arbitrary File Upload
Air Drive Plus 2.4 - Arbitrary File Upload Document Title: =============== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1597 Release Date: ============= 2015-09-21 Vulnerability Laboratory ...
ADH-Web Server IP-Cameras - Multiple Vulnerabilities
ADH-Web Server IP-Cameras - Multiple Vulnerabilities 1. Adivisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions EDB-ID: 38245 Advisory ID: OLSA-2015-0919 Advisory URL: http://www.orwelllabs.com/2015/10/adh-web-server-ip-cameras-improper.html Date published: 2015-09-19...
Wireshark 1.12.7 - Division by Zero Crash (PoC)
Wireshark 1.12.7 - Division by Zero Crash PoC Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC Date: 02/09/2015 Exploit Author: spyk @SwanBeaujard Vendor Homepage: https://www.wireshark.org/ Software Link: https://www.wireshark.org/download.html Version: 1.12.7 Tested on: Windows 7 Thanks...
Google Android - libstagefright Integer Overflow Remote Code Execution
Google Android - libstagefright Integer Overflow Remote Code Execution !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00...
TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials
TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Buil...
Photo Transfer (2) 1.0 iOS - Denial of Service
Photo Transfer 2 1.0 iOS - Denial of Service Document Title: =============== Photo Transfer 2 v1.0 iOS - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1580 Release Date: ============= 2015-08-20 Vulnerability Laboratory ...
Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)
Netsweeper 4.0.8 - Authentication Bypass via New Profile Creation +-----------------------------------------------------------------+ + Netsweeper 4.0.8 - Authentication Bypass New Profile Creation + +-----------------------------------------------------------------+ Affected Product: Netsweeper...
Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities
Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary ================ Aruba...
Geoserver 2.7.1.1 2.6.4 2.5.5.1 - XML External Entity
Geoserver 2.7.1.1 2.6.4 2.5.5.1 - XML External Entity Exploit Title : GeoServer XXE Date : 11/08/2015 Exploit Author : David Bloom Script - Ping to Sven Claessens, Jacques Villemur and Eric Donners Vendor homepage : http://geoserver.org Software Link : http://geoserver.org/release/stable Version ...
Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution
Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop...
SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite
SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description:...
TCPDF Library 5.9 - Arbitrary File Deletion
TCPDF Library 5.9 - Arbitrary File Deletion TCPDF library Universal POI Payload to Arbitrary File Deletion + Author: Filippo Roncari + Target: TCPDF library + Version: internalencoding AND !empty$this-internalencoding mbinternalencoding$this-internalencoding; // u...
Peercast 0.1211 - Format String
Peercast 0.1211 - Format String Peercast Format String Vulnerability Vendor: peercast.org Product: Peercast Version: = 0.1211 Website: http://www.peercast.org/ BID: 13808 CVE: CVE-2005-1806 OSVDB: 16906 SECUNIA: 15536 PACKETSTORM: 39355 Description: Peercast is a popular p2p streaming media serve...
Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery
Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery =============================================================================== CSRF/Stored XSS Vulnerability in Manage Engine Asset Explorer ===============================================================================...
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
Quick Search 1.1.0.189 - search textbox Buffer Overflow SEH Unicode Egghunter !/usr/bin/perl = Exploit Title: Quick Search 1.1.0.189 'search textbox' Unicode SEH egghunter Buffer Overflow Date: 2015-04-23 Exploit Author: Tomislav Paskalev Vulnerable Software: Quick Search v1.1.0.189 Vendor...
Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash (PoC)
Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC Exploit Title: Buffer Overflow in Oracle� Hyperion Smart View for Office DOS Exploit Author: sajith Vendor Homepage: http://oracle.com vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157 Vulnerable Link:...
WordPress Plugin Simple Ads Manager - Information Disclosure
WordPress Plugin Simple Ads Manager - Information Disclosure Vulnerability title: Wordpress plugin Simple Ads Manager - Information Disclosure Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Downlo...
JBoss AS 3456 - Remote Command Execution
JBoss AS 3456 - Remote Command Execution coding: utf-8 JexBoss v1.0. @autor: João Filho Matos Figueiredo [email protected] Updates: https://github.com/joaomatosf/jexboss Free for distribution and modification, but the authorship should be preserved. import httplib, sys, urllib, os, time from...
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=222 Windows: Local WebDAV NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update, Windows 7 Class: Elevation of Privilege Summary: A...
Websense Appliance Manager - Command Injection
Websense Appliance Manager - Command Injection Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remo...
Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)
Zabbix 2.0.5 - Cleartext ldapbindPassword Password Disclosure Metasploit This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE:...
ClearSCADA - Remote Authentication Bypass
ClearSCADA - Remote Authentication Bypass !/usr/bin/python cs-auby.py ClearSCADA Remote Authentication Bypass Exploit Jeremy Brown jbrown3264/gmail Oct 2010 released Jan 2015 There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in...
PHP Webquest 2.6 - SQL Injection
PHP Webquest 2.6 - SQL Injection Exploit Title: sql injection Google Dork: inurl:webquest/soportehorizontalw.php?idactividad= Date: 24/01/2015 Exploit Author: jord4nroo7 [email protected] Vendor Homepage: http://phpwebquest.org Software Link: http://phpwebquest.org/?pageid=14 Version: phpwebquest-2....
Sim Editor 6.6 - Local Stack Buffer Overflow
Sim Editor 6.6 - Local Stack Buffer Overflow include include include define SIZE 65536 / Title: Sim Editor v6.6 Stack Based Buffer Overflow Version: 6.6 Tested on: Windows XP sp2 en, Windows 8 64-bit Date: 16-01-2015 Author: Osanda Malith Jayathissa E-Mail: osandacatunseen.is Website:...
MP3-Nator-Buffer-Overflow
Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://files.brothersoft.com/mp3audio/players/mp3nator.zip filename = 'crash.plf' ./msfpayload windows/exec CMD=calc EXITFUNC=seh R |...
DVD-X-Player-5.5-Pro-SEH
DVD X Player 5.5 Pro Bypass ASLR by using non-aslr enabled module SEH Overwrite Egghunter is not needed as there is at least 2000 bytes for shellcode import sys print "====================================" print "DVD X Player 5.5 Pro Buffer Overflow" print " SEH Overwrite - Bypass ASLR " print "...
Adobe-Illustrator-CS5.5
ImageType AlphaChannelCount reserved bin-ascii ImageMask XI Arguments to the XI operator specify the location and size of the image, its pixel bit depth, color type, and other attributes The image matrix maps the unit square of user space, bounded by 0, 0 and 1, 1 in user space, to the boundary o...
CoolPlayer-Portable-2.19.2
Buffer overflow that bypasses ASLR by using a non-aslr module Tested against CoolPlayer Portable version 2.19.2 on Windows Vista Business 32 bit Written by Blake patched by pole Originally found by Securityxxxpert print "\n=====================================" print "CoolPlayer Portable Buffer...
Piwigo 2.7.2 - Multiple Vulnerabilities
Piwigo 2.7.2 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Piwigo 2.7.2 - SQL Injection / Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor:...
Dell EqualLogic Storage - Directory Traversal
Dell EqualLogic Storage - Directory Traversal Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage Date: 09/2013 Exploit Author: Mauricio Pampim Corr�a Vendor Homepage: www.dell.com Version: 6.0 Tested on: Equipment Model Dell EqualLogic PS4000 CVE : CVE-2013-3304 The...
WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload
WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...
Oxwall 1.7.0 - Multiple Cross-Site Request Forgery HTML Injection Vulnerabilities
Oxwall 1.7.0 - Multiple Cross-Site Request Forgery HTML Injection Vulnerabilities Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities form action="http://192.168.0.105/admin/users/roles/" method="...
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751...
D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting
D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting !/bin/bash Written and discovered by Yuval tisf Nativ The page 'dhcpinfo.html' will list all machines connected to the network with hostname, IP, MAC and IP expiration. It is possible to store an XSS in this table by changing hostname. Checks ...
Easy File Sharing FTP Server 3.5 - Remote Stack Buffer Overflow
Easy File Sharing FTP Server 3.5 - Remote Stack Buffer Overflow !/usr/bin/env python Exploit Title: Easy File Sharing FTP Server 3.5 stack buffer overflow Date: 27 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vulnerability discovered by: h07 CVE: CVE-2006-3952 OSVDB: 27646...
plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak
plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execu...
Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities
Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version:...
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation vulnerability product: MICROSENS Profi Line Modular Industrial Switch Web Manager MS652119P...
AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting
AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting Click Me, Please...\r\n NOTE: javascript html char encode = javaScRipt then you will be able to get into the victim's mailbox via the url: http://WebSite/AfterLogic/Default.aspx Phpmailer class is included in the exploit so you nee...
Joomla! Component Sexy polling 1.0.8 - answer_id SQL Injection
Joomla! Component Sexy polling 1.0.8 - answerid SQL Injection source: https://www.securityfocus.com/bid/64991/info Sexy polling extension for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...
Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities
Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the...
Vanilla Forums 2.0 2.0.18.5 - class.utilitycontroller.php PHP Object Injection
Vanilla Forums 2.0 2.0.18.5 - class.utilitycontroller.php PHP Object Injection ------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize...
Router ONO Hitron CDE-30364 - Cross-Site Request Forgery
Router ONO Hitron CDE-30364 - Cross-Site Request Forgery Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability Date: 14-9-2013 Exploit Author: Matias Mingorance Svensson - matias.msatowasp.org Vendor Homepage:...
Barracuda LB SVF WAF WEF - Multiple Vulnerabilities
Barracuda LB SVF WAF WEF - Multiple Vulnerabilities Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty...
SPBAS Business Automation Software 2012 - Multiple Vulnerabilities
SPBAS Business Automation Software 2012 - Multiple Vulnerabilities SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info...
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Locatio...
ColdFusion 9-10 - Credential Disclosure
ColdFusion 9-10 - Credential Disclosure !/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m" red = "\x1b1;31m"...