Veritas NetBackup 45 - Volume Manager Daemon Remote Buffer Overflow

Veritas NetBackup 45 - Volume Manager Daemon Remote Buffer Overflow / DESCRIPTION Veritas NetBackup Stack Overflow tcp/13701 "Volume Manager Daemon" Module Advisories http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336 http://www.frsirt.com/english/advisories/2005/2349 USAGE...

Golden FTP Server 1.92 - APPE Remote Overflow (Metasploit)

Golden FTP Server 1.92 - APPE Remote Overflow Metasploit Written by Tim Shelton [email protected] GoldenFTPd package Msf::Exploit::goldenftpdappe; use base "Msf::Exploit"; use strict; use Pex::Text; my $advanced = ; my $info = 'Name' = 'GoldenFTPd APPE '$Revision: 1.0 $', 'Authors' = 'Tim Shelt...

phpCOIN 1.2.2 - phpcoinsessid SQL Injection Remote Code Execution

phpCOIN 1.2.2 - phpcoinsessid SQL Injection Remote Code Execution this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu:"When these five kinds of spy are all at work, none can discover the secret system. This is called "divine manipulation of the...

Microsoft Windows Metafile - mtNoObjects Denial of Service (MS05-053)

Microsoft Windows Metafile - mtNoObjects Denial of Service MS05-053 / Author: Winny Thomas Pune, INDIA The crafted metafile WMF from this code when viewed in explorer crashes it. The issue is seen when the field 'mtNoObjects' in the Metafile header is set to 0x0000. The code was tested on Windows...

BEA WebLogic 7.08.1 - Administration Console LoginForm.jsp Cross-Site Scripting

BEA WebLogic 7.08.1 - Administration Console LoginForm.jsp Cross-Site Scripting source: https://www.securityfocus.com/bid/13793/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitiz...

WordPress 1.2.11.2.2 - link-categories.php?cat_id Cross-Site Scripting

WordPress 1.2.11.2.2 - link-categories.php?catid Cross-Site Scripting source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of...

Microsoft Windows - JPEG GDI+ Remote Heap Overflow (MS04-028)

Microsoft Windows - JPEG GDI+ Remote Heap Overflow MS04-028 / GDI+ JPEG Remote Exploit By John Bissell A.K.A. HighT1mes Exploit Name: ============= JpegOfDeath.c v0.5 Date Exploit Released: ====================== Sep, 23, 2004 Description: ============ Exploit based on FoToZ exploit but kicks the...

Polar Helpdesk 3.0 - Cookie Based Authentication Bypass

Polar Helpdesk 3.0 - Cookie Based Authentication Bypass source: https://www.securityfocus.com/bid/10775/info Polar Helpdesk is reported prone to a cookie based authentication system bypass vulnerability. It is reported that the authentication and privilege system for Polar Helpdesk is based...

e107 website system 0.6 - usersettings.php?avmsg Cross-Site Scripting

e107 website system 0.6 - usersettings.php?avmsg Cross-Site Scripting source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web si...

Microsoft Windows - ASN.1 Remote (MS04-007)

Microsoft Windows - ASN.1 Remote MS04-007 Microsoft ASN.1 remote exploit for CVE-2005-1935 // MS04-007 Solar Eclipse solareclipse at phreedom dot org https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/3022.tar.gz 12262006-killbill.tar.gz milw0rm.com 2004-03-26...

NetWin DBabble 2.5 i - Cross-Site Scripting

NetWin DBabble 2.5 i - Cross-Site Scripting source: https://www.securityfocus.com/bid/8637/info A cross-site scripting problem has been reported in NetWin DBabble. This could make it possible for an attacker to potentially execute code in the security context of a site using the vulnerable...

FTP Service 1.2 - Multiple Vulnerabilities

FTP Service 1.2 - Multiple Vulnerabilities FTP Service Multiple Vulnerabilities Vendor: Pablo Software Solutions Product: FTP Service Version: = 1.2 Website: http://www.pablovandermeer.nl/ftpservice.html BID: 7799 7801 Description: FTPService.exe is a service-version of Pablo's FTP Server. This...

Mandrake 789 RedHat 6.x7 Bonobo EFSTool - Commandline Argument Buffer Overflow (3)

Mandrake 789 RedHat 6.x7 Bonobo EFSTool - Commandline Argument Buffer Overflow 3 // source: https://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. A...

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 2 source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string...

WU-FTPD 2.6.1 - Remote Command Execution

WU-FTPD 2.6.1 - Remote Command Execution / 7350wurm - x86/linux wuftpd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third...

PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution

PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution source: https://www.securityfocus.com/bid/3552/info Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interfac...

Active Classifieds 1.0 - Arbitrary Code Execution

Active Classifieds 1.0 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds tha...

mICQ 0.4.6 - Remote Buffer Overflow

mICQ 0.4.6 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/2254/info micq is a chat program for Linux systems. micq-0.4.6 running on Linux/ix86 Slackware 7.1 - RedHat 6.1 is vulnerable to a remote buffer overflow attack. Other versions on other platforms may also be...

Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service

Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service source: https://www.securityfocus.com/bid/1999/info Network Associates WebShield SMTP is an email virus scanner designed for internet gateways. In the event that WebShield SMTP receives an outgoing email...

News Update 1.1 - Change Admin Password

News Update 1.1 - Change Admin Password / newsexp.c - description ------------------- begin : Sat Oct 21 2000 copyright : C 2000 by Morpheusbd email : [email protected] advisory : www.brightdarkness.de Exploit code for the News Update 1.1 by Morpheusbd For more information see my advisory which...

Samba 2.0.7 - SWAT Symlink (1)

Samba 2.0.7 - SWAT Symlink 1 // source: https://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes als...

xsoldier (FreeBSD 3.3Linux Mandrake 7.0) - Local Buffer Overflow (2)

xsoldier FreeBSD 3.3Linux Mandrake 7.0 - Local Buffer Overflow 2 / source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid...

WU-FTPD 2.4.22.5 .02.6.02.6.12.6.2 - FTP Conversion

WU-FTPD 2.4.22.5 .02.6.02.6.12.6.2 - FTP Conversion source: https://www.securityfocus.com/bid/2240/info Some FTP servers provide a "conversion" service that pipes a requested file through a program, for example a decompression utility such as "tar", before it is passed to the remote user. Under...

Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service (1)

Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service 1 source: https://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will...

Oracle 8 8.1.5 - Intelligent Agent (1)

Oracle 8 8.1.5 - Intelligent Agent 1 source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...

Virtual Freer 1.58 - Remote Command Execution

Virtual Freer 1.58 - Remote Command Execution Exploit title : Virtual Freer 1.58 - Remote Command Execution Exploit Author : SajjadBnd Date : 2020-02-17 Vendor Homepage : http://freer.ir/virtual/ Software Link : http://www.freer.ir/virtual/download.php?action=get Software Linkmirror :...

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin Strong Testimonials 2.40.0 - Persistent Cross-Site Scripting Date: 2020-01-23 Vendor Homepage: https://strongtestimonials.com Vendor Changelog:...

CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting

CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Google Dork: In Shodan search engine, the filter is "CHIYU" Date: 2020-02-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.chiyu-t.com.tw/en/ Version: BF4...

DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow

DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps t...

Disk Sorter Enterprise 12.4.16 - Disk Sorter Enterprise Unquoted Service Path

Disk Sorter Enterprise 12.4.16 - Disk Sorter Enterprise Unquoted Service Path Exploit Title: Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.disksorter.com Software Link:...

usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init

usersctp - Out-of-Bounds Reads in sctploadaddressesfrominit ''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to...

Google Invisible RECAPTCHA 3 - Spoof Bypass

Google Invisible RECAPTCHA 3 - Spoof Bypass Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit...

Complaint Management System 4.0 - Remote Code Execution

Complaint Management System 4.0 - Remote Code Execution Exploit Title: Complaint Management System 4.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Category:...

NVMS 1000 - Directory Traversal

NVMS 1000 - Directory Traversal Title: NVMS-1000 - Directory Traversal Date: 2019-12-12 Author: Numan Türle Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html POC --------- GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1...

Nsauditor 3.1.8.0 - Key Denial of Service (PoC)

Nsauditor 3.1.8.0 - Key Denial of Service PoC Exploit Title: Nsauditor 3.1.8.0 - 'Key' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0 Vulnerabilit...

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 88e4.30f4: Access violatio...

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 a...

Aida64 6.10.5200 - Buffer Overflow (SEH)

Aida64 6.10.5200 - Buffer Overflow SEH Exploit Title: Aida64 6.10.5200 - Buffer Overflow SEH Date: 2019-10-28 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.aida64.com Software Link: https://www.aida64.com/downloads/OTAwMmVmNTE= Version: AIDA64 Enginner 6.10.5200 Tested on: Window...

iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Date: 2019-10-29 Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor:...

Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList

Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific...

Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure

Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs...

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76...

Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - ticket.php Arbitrary File Deletion

Joomla! Component JS Support Ticket comjssupportticket 1.1.6 - ticket.php Arbitrary File Deletion Exploit Title: Joomla! component comjssupportticket - Authenticated Arbitrary File Deletion Dork: inurl:"index.php?option=comjssupportticket" Date: 10.08.19 Exploit Author: qw3rTyTy Vendor Homepage:...

Open-School 3.0 Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0 Community Edition 2.3 - Cross-Site Scripting Exploit Title: title Date: 2019 08 06 Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE : CVE-2019-14696 Open-School 3.0, and...

WordPress Plugin JoomSport 3.3 - SQL Injection

WordPress Plugin JoomSport 3.3 - SQL Injection Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link:...

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com CVE: CVE-2019-12624 Description : The applicatio...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage:...

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Unbounded iFD

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Unbounded iFD -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

SuperDoctor5 - NRPE Remote Code Execution

SuperDoctor5 - NRPE Remote Code Execution SuperMicro implemented a Remote Command Execution plugin in their implementation of NRPE in SuperDocter 5, which is their monitoring utility for SuperMicro chassis'. This is an intended feature but leaves the system open by default to unauthenticated remo...

Nvidia GeForce Experience Web Helper - Command Injection

Nvidia GeForce Experience Web Helper - Command Injection //Send request to local GFE server function submitRequestport,secret var xhr = new XMLHttpRequest; xhr.open"POST", "http://127.0.0.1:"+port+"/gfeupdate/autoGFEInstall/", true; xhr.setRequestHeader"Accept",...