41207 matches found
Joomla! Component J-CruiseReservation Standard 3.0 - city SQL Injection
Joomla! Component J-CruiseReservation Standard 3.0 - city SQL Injection Exploit Title: Joomla! Component J-CruiseReservation Standard v3.0 - SQL Injection Google Dork: inurl:index.php?option=comjcruisereservation Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy:...
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection Exploit Title: Joomla! Component Directorix Directory Manager v1.1.1 - SQL Injection Google Dork: inurl:index.php?option=comdirectorix Date: 21.02.2017 Vendor Homepage: http://informafix.fr/ Software Buy:...
Microsoft Office PowerPoint 2010 - MSO!Ordinal5429 Missing Length Check Heap Corruption
Microsoft Office PowerPoint 2010 - MSO!Ordinal5429 Missing Length Check Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=949 Platform: Microsoft Office 2010 on Windows 7 x86 Class: heap memory corruption The following crash was observed in Microsoft Office 2010...
Joomla! Component J-HotelPortal 6.0.2 - review_id SQL Injection
Joomla! Component J-HotelPortal 6.0.2 - reviewid SQL Injection Exploit Title: Joomla! Component J-HotelPortal v6.0.2 - SQL Injection Google Dork: inurl:index.php?option=comjhotelreservation Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy:...
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - review_id SQL Injection
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - reviewid SQL Injection Exploit Title: Joomla! Component J-MultipleHotelReservation Standard v6.0.2 - SQL Injection Google Dork: inurl:index.php?option=comjcruisereservation Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/...
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery Digisol Router CSRF Exploit - Indrajith A.N history.pushState'', '', '/' input type="hidden" name="basicrates" value...
Microsoft Office PowerPoint 2010 - GDI GDI32!ConvertDxArray Insufficient Bounds Check
Microsoft Office PowerPoint 2010 - GDI GDI32!ConvertDxArray Insufficient Bounds Check Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was observed in...
Adobe Flash - MP4 AMF Parsing Overflow
Adobe Flash - MP4 AMF Parsing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. Proof of Concept:...
Microsoft Office PowerPoint 2010 - MSOOART Heap Out-of-Bounds Access
Microsoft Office PowerPoint 2010 - MSOOART Heap Out-of-Bounds Access Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=950 Platform: Microsoft Office 2010 on Windows 7 x86 Class: Time of check time of use leading to memory corruption The following crash was observed in Microsoft...
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection Exploit Title: Joomla! Component Eventix Events Calendar v1.0 - SQL Injection Google Dork: inurl:index.php?option=comeventix Date: 21.02.2017 Vendor Homepage: http://informafix.fr/ Software Buy:...
Joomla! Component PayPal IPN for DOCman 3.1 - id SQL Injection
Joomla! Component PayPal IPN for DOCman 3.1 - id SQL Injection Exploit Title: Joomla! Component PayPal IPN for DOCman v3.1 - SQL Injection Google Dork: inurl:index.php?option=comdocmanpaypal Date: 20.02.2017 Vendor Homepage: http://shopfiles.com/ Software Buy:...
Album Lock 4.0 iOS - Directory Traversal
Album Lock 4.0 iOS - Directory Traversal Document Title: =============== Album Lock v4.0 iOS - Directory Traversal Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2033 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-I...
Joomla! Component MaQma Helpdesk 4.2.7 - id SQL Injection
Joomla! Component MaQma Helpdesk 4.2.7 - id SQL Injection Exploit Title: Joomla! Component MaQma Helpdesk v4.2.7 - SQL Injection Google Dork: inurl:index.php?option=commaqmahelpdesk Date: 20.02.2017 Vendor Homepage: http://componentslab.com/ Software Buy:...
PHPShell 2.4 - Session Fixation
PHPShell 2.4 - Session Fixation + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-SESSION-FIXATION.txt + ISR: ApparitionSec Vendor: ================================== sourceforge.net/projects/phpshell/...
Joomla! Component Joomloc-Lite 1.3.2 - site_id SQL Injection
Joomla! Component Joomloc-Lite 1.3.2 - siteid SQL Injection Exploit Title: Joomla! Component Joomloc-Lite v1.3.2 - SQL Injection Google Dork: inurl:index.php?option=comjoomloc Date: 18.02.2017 Vendor Homepage: http://www.joomloc.fr.nf/ Software Buy:...
Joomla! Component OS Services Booking 2.5.1 - SQL Injection
Joomla! Component OS Services Booking 2.5.1 - SQL Injection Exploit Title: Joomla! Component OS Services Booking v2.5.1 - SQL Injection Google Dork: inurl:index.php?option=comosservicesbooking Date: 18.02.2017 Vendor Homepage: https://www.joomdonation.com/ Software Buy:...
Joomla! Component Joomloc-CAT 4.1.3 - ville SQL Injection
Joomla! Component Joomloc-CAT 4.1.3 - ville SQL Injection Exploit Title: Joomla! Component Joomloc-CAT v4.1.3 - SQL Injection Google Dork: inurl:index.php?option=comjoomloc Date: 18.02.2017 Vendor Homepage: http://www.joomloc.fr.nf/ Software Buy:...
Joomla! Component Google Map Store Locator 4.4 - SQL Injection
Joomla! Component Google Map Store Locator 4.4 - SQL Injection Exploit Title: Joomla! Component Google Map Store Locator v4.4 - SQL Injection Google Dork: inurl:index.php?option=comgooglemaplocator Date: 18.02.2017 Vendor Homepage: http://matamko.com/ Software Buy:...
WordPress Plugin Mail Masta 1.0 - SQL Injection
WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...
Sawmill Enterprise 8.7.9 - Authentication Bypass
Sawmill Enterprise 8.7.9 - Authentication Bypass + Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt + ISR: ApparitionSec Vendor: =============== www.sawmill.net Product:...
Joomla! Component Bazaar Platform 3.0 - SQL Injection
Joomla! Component Bazaar Platform 3.0 - SQL Injection Exploit Title: Joomla! Component Bazaar Platform v3.0 - SQL Injection Google Dork: inurl:index.php?option=combazaar Date: 18.02.2017 Vendor Homepage: http://matamko.com/ Software Buy: http://matamko.com/products/bazaar/live-demo Demo:...
Joomla! Component Room Management 1.0 - SQL Injection
Joomla! Component Room Management 1.0 - SQL Injection Exploit Title: Joomla! Component Room Management v1.0 - SQL Injection Google Dork: inurl:index.php?option=comroommgmt Date: 18.02.2017 Vendor Homepage: http://matamko.com/ Software Buy: http://matamko.com/products/room-management/live-demo Dem...
Joomla! Component OS Property 3.0.8 - SQL Injection
Joomla! Component OS Property 3.0.8 - SQL Injection Exploit Title: Joomla! Component OS Property v3.0.8 - SQL Injection Google Dork: inurl:index.php?option=comosproperty Date: 18.02.2017 Vendor Homepage: https://www.joomdonation.com/ Software Buy:...
NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution
NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...
Joomla! Component EShop 2.5.1 - id SQL Injection
Joomla! Component EShop 2.5.1 - id SQL Injection Exploit Title: Joomla! Component EShop v2.5.1 - SQL Injection Google Dork: inurl:index.php?option=comeshop Date: 18.02.2017 Vendor Homepage: https://www.joomdonation.com/ Software Buy:...
Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection
Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection Exploit Title: Joomla! Component Most Wanted Real Estate v1.1.0 - SQL Injection Google Dork: inurl:index.php?option=commostwantedrealestate Date: 18.02.2017 Vendor Homepage: http://mostwantedrealestatesites.com/ Software Buy:...
Joomla! Component JomWALL 4.0 - wuid SQL Injection
Joomla! Component JomWALL 4.0 - wuid SQL Injection Exploit Title: Joomla! Component JomWALL v4.0 - SQL Injection Google Dork: inurl:index.php?option=comawdwall Date: 18.02.2017 Vendor Homepage: http://dashbite.com/ Software Buy:...
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference Source: http://seclists.org/oss-sec/2017/q1/458 Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output: mujstest...
Joomla! Component Team Display 1.2.1 - filter_category SQL Injection
Joomla! Component Team Display 1.2.1 - filtercategory SQL Injection Exploit Title: Joomla! Component Team Display v1.2.1 - SQL Injection Google Dork: inurl:index.php?option=comteamdisplay Date: 17.02.2017 Vendor Homepage: http://addonstreet.com/ Software Buy:...
Joomla! Component WMT Content Timeline 1.0 - id SQL Injection
Joomla! Component WMT Content Timeline 1.0 - id SQL Injection Exploit Title: Joomla! Component WMT Content Timeline v1.0 - SQL Injection Google Dork: inurl:index.php?option=comwmtcontenttimeline Date: 17.02.2017 Vendor Homepage: http://devecostudio.com Software Buy:...
Joomla! Component Groovy Gallery 1.0.0 - SQL Injection
Joomla! Component Groovy Gallery 1.0.0 - SQL Injection Exploit Title: Joomla! Component Groovy Gallery v1.0.0 - SQL Injection Google Dork: inurl:index.php?option=comgroovygallery Date: 17.02.2017 Vendor Homepage: http://addonstreet.com/ Software Buy:...
Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection
Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection Exploit Title: Joomla! Component Spider FAQ Lite v1.3.1 - SQL Injection Google Dork: inurl:index.php?option=comspiderfaq Date: 16.02.2017 Vendor Homepage: http://web-dorado.com/ Software Buy:...
Joomla! Component Spider Facebook 1.6.1 - SQL Injection
Joomla! Component Spider Facebook 1.6.1 - SQL Injection Exploit Title: Joomla! Component Spider Facebook v1.6.1 - SQL Injection Google Dork: inurl:index.php?option=comspiderfacebook Date: 16.02.2017 Vendor Homepage: http://web-dorado.com/ Software Buy:...
Joomla! Component JEmbedAll 1.4 - SQL Injection
Joomla! Component JEmbedAll 1.4 - SQL Injection Exploit Title: Joomla! Component JEmbedAll v1.4 - SQL Injection Google Dork: inurl:index.php?option=comjembedall Date: 16.02.2017 Vendor Homepage: http://www.goldengravel.eu/ Software Buy:...
Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection
Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection Exploit Title: Joomla! Component Spider Calendar Lite v3.2.16 - SQL Injection Google Dork: inurl:index.php?option=comspidercalendar Date: 16.02.2017 Vendor Homepage: http://web-dorado.com/ Software Buy:...
WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting
WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting Exploit Title: Authorized Stored XSS at WordPress Corner-Ad plugin. Google Dork: inurl:/wp-content/plugins/corner-ad Date: 16-02-17 Exploit Author: Atik Rahman Vendor Homepage: https://wordpress.org/plugins/corner-ad/ Software Link:...
dotCMS 3.6.1 - Blind Boolean SQL Injection
dotCMS 3.6.1 - Blind Boolean SQL Injection : ' Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experience...
Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection
Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection Exploit Title: Joomla! Component Spider Catalog Lite v1.8.10 - SQL Injection Google Dork: inurl:index.php?option=comspidercatalog Date: 16.02.2017 Vendor Homepage: http://web-dorado.com/ Software Buy:...
Joomla! Component JSP Store Locator 2.2 - id SQL Injection
Joomla! Component JSP Store Locator 2.2 - id SQL Injection Exploit Title: Joomla! Component JSP Store Locator v2.2 - SQL Injection Google Dork: inurl:index.php?option=comjsplocation Date: 15.02.2017 Vendor Homepage: http://joomlaserviceprovider.com Software Buy:...
Geutebruck 5.02024 G-CamEFD-2250 - testaction.cgi Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-CamEFD-2250 - testaction.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Geutebruck testaction.cgi Remote Command...
GOM Player 2.3.10.5266 - .fpx Denial of Service
GOM Player 2.3.10.5266 - .fpx Denial of Service Exploit Title: GOM Player 2.3.10.5266 - Remote heap corruption .fpx Date: 2017-02-15 Exploit Author: Peter Baris Exploit link: http://www.saptech-erp.com.au/resources/PoC.zip Software Link: http://player.gomlab.com/download.gom?language=eng CVE:...
Coppermine Gallery 1.5.44 - Directory Traversal
Coppermine Gallery 1.5.44 - Directory Traversal Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagic...
Microsoft Windows - gdi32.dll EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads Memory Disclosure
Microsoft Windows - gdi32.dll EMRSETDIBITSTODEVICE Heap Out-of-Bounds Reads Memory Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=992 In issue 757, I described multiple bugs related to the handling of DIBs Device Independent Bitmaps embedded in EMF records, as...
NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds ReadWrite
NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds ReadWrite Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=985 The DxgkDdiEscape handler for 0x100008b accepts a user supplied size as the limit for a loop, leading to OOB reads and writes. The supplied PoC passes an...
NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission
NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments...
Cisco ASA - WebVPN CIFS Handling Buffer Overflow
Cisco ASA - WebVPN CIFS Handling Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=998 The WebVPN http server exposes a way of accessing files from CIFS with a url hook of the form: https://portal/+webvpn+/CIFSR/shareserver/sharename/file. When someone logged into...
Joomla! Component JoomBlog 1.3.1 - SQL Injection
Joomla! Component JoomBlog 1.3.1 - SQL Injection Exploit Title: Joomla! Component JoomBlog v1.3.1 - SQL Injection Google Dork: inurl:index.php?option=comjoomblog Date: 15.02.2017 Vendor Homepage: http://joomplace.com/ Software Buy:...
OpenText Documentum D2 - Remote Code Execution
OpenText Documentum D2 - Remote Code Execution / CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Description: Document D2 contains vulnerable...
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
LG G4 - lgdrmserver Binder Service Multiple Race Conditions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=986 The lgdrmserver binder service /system/bin/lgdrmserver implements a handle system to store pointers to objects allocated by the drm implementation...
Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)
Microsoft Edge - TypedArray.sort Use-After-Free MS16-145 !-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=983 There is a use-after-free in TypedArray.sort. In TypedArrayCompareElementsHelper...