Groovy Media Player 3.2.0 - .mp3 Buffer Overflow

Groovy Media Player 3.2.0 - .mp3 Buffer Overflow Title: ==== Groovy Media Player 3.2.0 Buffer Overflow Vulnerability Credit: ====== Name: Akshaysinh Vaghela Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== CVE-2013-2760 Reserved Date: ==== 21-03-2013...

MailOrderWorks 5.907 - Multiple Vulnerabilities

MailOrderWorks 5.907 - Multiple Vulnerabilities Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System:...

Polycom HDX - Telnet Authentication Bypass (Metasploit)

Polycom HDX - Telnet Authentication Bypass Metasploit ======================================================================== = Polycom HDX Telnet Authorization Bypass = = Vendor Website: = www.polycom.com = = Affected Version: = Polycom HDX devices: = All releases prior to and including...

WordPress Plugin Portable phpMyAdmin - Authentication Bypass

WordPress Plugin Portable phpMyAdmin - Authentication Bypass 'portable-phpMyAdmin WordPress Plugin' Authentication Bypass CVE-2012-5469 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- portable-phpMyAdmin doesn't verify an existing WordPress session...

Splunk 4.3.1 - Denial of Service

Splunk 4.3.1 - Denial of Service source: https://www.securityfocus.com/bid/56581/info Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause...

Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass

Invision Power Board IP.Board 3.3.4 - Unserialize Regex Bypass ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring...

Template CMS 2.1.1 - Multiple Vulnerabilities

Template CMS 2.1.1 - Multiple Vulnerabilities Advisory ID: HTB23115 Product: Template CMS Vendor: template-cms.ru Vulnerable Versions: 2.1.1 and probably prior Tested Version: 2.1.1 Vendor Notification: September 12, 2012 Public Disclosure: October 3, 2012 Vulnerability Type: Cross-Site Scripting...

Fortigate UTM WAF Appliance - Multiple Vulnerabilities

Fortigate UTM WAF Appliance - Multiple Vulnerabilities Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System:...

jira 4.4.3 greenhopper 5.9.8 - Multiple Vulnerabilities

jira 4.4.3 greenhopper 5.9.8 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2012-1500, Stored XSS in JIRA v4.4.3663-r165197, GreenHopper Resolved in Version 5.9.8, Proof of Concept External References: CVE-2112-1500 CVE-2112-1500 XSS.Cx Blog GHS-5642 Reported to...

CommPort 1.01 - Multiple Vulnerabilities

CommPort 1.01 - Multiple Vulnerabilities -------------------------------------------- CommPort 1.01 Vendor information: "A 'Community Portal' generator that can be tailored for any location. Each user gets a personal portal page to which they can add their own 'channels' or select from a growing...

Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow (PoC)

Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow PoC !/usr/bin/perl Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC Vendor: NCH Software Product web page: http://www.nchsoftware.com Affected version: 4.58 Summary: Express Burn is a program that allows you t...

xt:Commerce VEYTON 4.0.15 - products_name_de Script Insertion

xt:Commerce VEYTON 4.0.15 - productsnamede Script Insertion xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability input type="hidden" name="dat...

Wireshark 1.6.01.8.2 - Buffer Overflow (PoC)

Wireshark 1.6.01.8.2 - Buffer Overflow PoC / WireShark Buffer Overflow 0day author: X-h4ck,[email protected],www.pirate.al greetz to people that i love and my girlfriend , and yes imm proud to be albanian.only the poc, no exploit available so i wont confuse the script kiddies, eax,ecx,edx,ebx...

am4ss Support System 1.2 - PHP Code Injection

am4ss Support System 1.2 - PHP Code Injection 10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/...

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037MS12-039MS12-050)

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass MS12-037MS12-039MS12-050 toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory -...

Kajona - getAllPassedParams() Multiple Cross-Site Scripting Vulnerabilities

Kajona - getAllPassedParams Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/54391/info Kajona is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execu...

IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities

IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities Vendor: IBM Corporation Product web page: http://www.ibm.com Affected version: 4.8.6 Summary: Through its extraordinary flexibility, reliability, and...

XOOPS Cube PROJECT FileManager - xupload.php Arbitrary File Upload

XOOPS Cube PROJECT FileManager - xupload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53945/info FileManager is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An...

DecisionTools SharpGrid - ActiveX Control Remote Code Execution

DecisionTools SharpGrid - ActiveX Control Remote Code Execution Application: DecisionTools SharpGrid ActiveX Control Code Execution Vulnerability Platforms: Windows Secunia: SA48571 Date: 2012-05-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitte...

BulletProof FTP Client 2010 - Buffer Overflow (PoC)

BulletProof FTP Client 2010 - Buffer Overflow PoC Title: ====== BulletProof FTP Client 2010 - Buffer Overflow Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=475 VL-ID: ===== 475 Introduction: ============= BPFTP Client is a fully...

Open Journal Systems (OJS) 2.3.6 - index.php?authors[][url] Cross-Site Scripting

Open Journal Systems OJS 2.3.6 - index.php?authorsurl Cross-Site Scripting source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletio...

Pandora Fms 4.0.1 - Local File Inclusion

Pandora Fms 4.0.1 - Local File Inclusion Title: ====== Pandora FMS v4.0.1 - Local File Include Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=435 VL-ID: ===== 435 Introduction: ============= Pandora FMS is a monitoring Open Source...

Tube Ace - q Cross-Site Scripting

Tube Ace - q Cross-Site Scripting source: https://www.securityfocus.com/bid/52046/info Tube Ace is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Webkit Normalize Bug - Android 2.2

Webkit Normalize Bug - Android 2.2 LOADING... var elem1 = document.getElementById"test1"; var elem2 = document.getElementById"test2"; var elem3 = document.getElementById"test3"; function spray for var i = 0; i 180000; i++ var s = new Stringunescape"\u0052\u0052"; // "\u0056\u0056" FOR EMULATOR va...

CoDeSys SCADA 2.3 - Remote Buffer Overflow

CoDeSys SCADA 2.3 - Remote Buffer Overflow / See Also: http://aluigi.altervista.org/adv/codesys1-adv.txt CoDeSys v2.3 Industrial Control System Development Software Remote Buffer Overflow Exploit for CoDeSys Scada webserver Author : Celil UNUVER, SignalSEC Labs www.signalsec.com Tested on WinXP S...

webERP 4.3.8 - reportwriterReportMaker.php?reportid SQL Injection

webERP 4.3.8 - reportwriterReportMaker.php?reportid SQL Injection source: https://www.securityfocus.com/bid/50713/info webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may...

glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation

glibc - LDAUDIT Arbitrary DSO Load Privilege Escalation !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file...

Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)

Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service PoC source: https://www.securityfocus.com/bid/50421/info The Opera Web Browser is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to...

Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Remote Overflow

Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Remote Overflow Sunway Force Control SCADA httpsvr.exe Exploit Exploitable with simple SEH Overwrite technique Tested on XP SP0 English Probably will work on XP SP3 if you find none-safeseh dll for p/p/r pointer Canberk BOLAT | @cnbrkbolat...

Simple Machines Forum (SMF) 1.1.142.0 - [img] BBCode Tag Cross-Site Request Forgery

Simple Machines Forum SMF 1.1.142.0 - img BBCode Tag Cross-Site Request Forgery source: https://www.securityfocus.com/bid/49311/info Simple Machines Forum is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative...

VideoDB 3.1.0 - SQL Injection

VideoDB 3.1.0 - SQL Injection DORK:allinurl:borrow.php?diskid= DORK:allintitle:videodb Vendor: http://www.videodb.net/blog/ $ ----------- | S3C0VERUN | & ------------@ along with this i was able in some sites to determine that you can overwrite the databse contents and also if you look in the...

ABBS Electronic Flashcards 2.1 - Local Buffer Overflow (Metasploit)

ABBS Electronic Flashcards 2.1 - Local Buffer Overflow Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize...

vBulletin 4.0.x 4.1.2 - search.php SQL Injection

vBulletin 4.0.x 4.1.2 - search.php SQL Injection ==================================================================== vBulletin 4.0.x = 4.1.2 search.php SQL Injection Vulnerability ==================================================================== 888 d8 888 888 ,d d8 e88\888 d88 888-\ 888 e...

frame-oshop - SQL Injection

frame-oshop - SQL Injection product: frame-oshop vendor: http://www.sdaxx.de/ date: 15.05.2011 status: 0day version: i dunno... PoC: http://www.host.com/shop/main.php?id=1111&show=rubrik&rid=-1%20union%20select%201,2,3,4,version,6,7,8,9,10,11,12 Dork: "2006 by Sdaxx Rostock" intitle:"frame-oshop"...

cPassMan 1.82 - Arbitrary File Download

cPassMan 1.82 - Arbitrary File Download Sense of Security - Security Advisory - SOS-11-004 Release Date. 15-Apr-2011 Last Update. - Vendor Notification Date. 7-Mar-2011 Product. Collaborative Passwords Manager cPassMan Platform. Independent PHP Affected versions. 1.82 verified, and possibly other...

Longshine Multiple Print Servers - Cross-Site Scripting

Longshine Multiple Print Servers - Cross-Site Scripting GotGeek Labs http://www.gotgeek.com.br/ Longshine Multiple Print Servers Cross-site Scripting Vulnerability + Description LCS-PS110: The LCS-PS110 Parallel-Port-Printserver enables you to share your printer in the whole network from every...

EasyPHP 5.3.5.0 - index.php Arbitrary File Download

EasyPHP 5.3.5.0 - index.php Arbitrary File Download source: https://www.securityfocus.com/bid/47145/info EasyPHP is prone to a vulnerability that lets attackers to download arbitrary files because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this iss...

Movavi VideoSuite 8.0 Slideshow - .jpg Local Crash (PoC)

Movavi VideoSuite 8.0 Slideshow - .jpg Local Crash PoC !/usr/bin/perl Title : Movavi VideoSuite 8.0 SlideShow.exe Local Crash PoC Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : Windows Impact : Crashs...

Quicktech - SQL Injection

Quicktech - SQL Injection + Exploit Title : Quicktech Sql Injection Vulnerability + Author : eXeSoul + Contact : [email protected] + Date : 02-03-2011 + category: Web Apps SQli + HomePage : www.indishell.in + Version : all + Tested on : windows/linux + Vulnerability Style : PHP Sql Injection...

Geomi CMS 1.23.0 - SQL Injection

Geomi CMS 1.23.0 - SQL Injection + Exploit Title : Geomi CMS by Tridan IT Sql Injection Vunerability Author : ThunDEr HeaD Contact : [email protected] Date : 11-01-2011 HomePage : www.indishell.in Version : 1.2 , 3.0 Tested on : PBL Technology Vulnerability Style : PHPCMS Sql Injection...

Virtual Store Open 3.0 - Acess SQL Injection

Virtual Store Open 3.0 - Acess SQL Injection !/usr/bin/perl Script Name: Virtual Store Open = 3.0 Link1 : http://www.virtuastore.com.br/shopping.asp?link=ShoppingVirtuaStore Link2 : http://www.virtuastore2010.com.br/ Link3 Yahoo Group : http://br.groups.yahoo.com/group/virtuastore/ Bug: Acess Sql...

MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting

MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $...

WSN Links - SQL Injection

WSN Links - SQL Injection 'WSN Links' SQL Injection Vulnerability CVE-2010-4006 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portion...

Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC)

Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow PoC !/usr/local/bin/perl Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 1.2.6.8491 Standalone Summary:...

Fozzcom Shopping 7.94 8.04 - Multiple Vulnerabilities

Fozzcom Shopping 7.94 8.04 - Multiple Vulnerabilities Exploit Title:FozzCom shopping / / / / / / / / . ||/ | .. / | / // / | | \ \ \ \ \ / || |||| / | || \ /|| / / / /...

Front Accounting 2.3RC2 - Multiple SQL Injections

Front Accounting 2.3RC2 - Multiple SQL Injections Advisory Name: Multiple SQL Injections in Front Accounting Internal Cybsec Advisory Id: 2010-1003-Multiple SQL Injections in Front Accounting Vulnerability Class: SQL Injection Affected Applications: Front Accounting v2.3RC2; other versions may al...

Pulse Pro 1.4.3 - Persistent Cross-Site Scripting

Pulse Pro 1.4.3 - Persistent Cross-Site Scripting Exploit Title: Pulse Pro 1.4.3 Persistent XSS Vulnerability Date: 24-10-2010 Author: Th3 RDX Software Link: http://pulsecms.com/ Version: 1.4.3 Tested on: Demo Site category: webapp Code : n/a...

Microsoft ASP.NET - Padding Oracle (MS10-070)

Microsoft ASP.NET - Padding Oracle MS10-070 Source: http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html !/usr/bin/perl Webconfig Bruter - exploit tool for downloading Web.config FOr use this script you need Pudbuster. Padbuster is a great tool and Brian Holyfield...

Adobe Acrobat and Reader - Array Indexing Remote Code Execution

Adobe Acrobat and Reader - Array Indexing Remote Code Execution nSense Vulnerability Research Security Advisory NSENSE-2010-001 --------------------------------------------------------------- Affected Vendor: Adobe Affected Product: Adobe Reader 9.3.4 for Macintosh Platform: OS X Impact: User...