41207 matches found
Just Dial Clone Script - fid SQL Injection
Just Dial Clone Script - fid SQL Injection x========================================================================================================================================x | Title : Just Dial Clone Script SQL & XSS Vulnerabilities | Software : Just Dial Clone | Vendor :...
MLM Unilevel Plan Script 1.0.2 - SQL Injection
MLM Unilevel Plan Script 1.0.2 - SQL Injection Application Name : MLM Unilevel Plan Script v1.0.2 Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://www.i-netsolution.com/ Vulnerable Type : SQL Injection Date :...
Exagate WEBPack Management System - Multiple Vulnerabilities
Exagate WEBPack Management System - Multiple Vulnerabilities Document Title: ================ Exagate WEBpack Management System Multiple Vulnerabilities Author: ======== Halil Dalabasmaz Release Date: ============== 07 OCT 2016 Product & Service Introduction: ================================...
Disk Sorter Enterprise 9.0.24 - Login Remote Buffer Overflow
Disk Sorter Enterprise 9.0.24 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Sorter Enterprise 9.0.24 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT...
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion Title: Cisco Firepower Threat Management Console Local File Inclusion Advisory ID: KL-001-2016-006 Publication Date: 2016.10.05 Publication URL:...
Abyss Web Server X1 2.11.1 - Unquoted Service Path Privilege Escalation
Abyss Web Server X1 2.11.1 - Unquoted Service Path Privilege Escalation Exploit Title: Abyss Web Server X1 2.11.1 Multiple Local Privilege Escalation Date: 05/10/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Author twitter: @tulpasecurity Vend...
Witbe - Remote Code Execution
Witbe - Remote Code Execution !/usr/bin/python Exploit Title: Witbe RCE Remote Code Execution Exploit Author: BeLmar Date: 05/10/2016 DEMO : https://youtu.be/ooUFXfUfIs0 Contact : [email protected] Vendor Homepage: http://www.witbe.net Tested on: Windows7/10 & BackBox Category: Remote Exploits...
Dup Scout Enterprise 9.0.28 - Login Remote Buffer Overflow
Dup Scout Enterprise 9.0.28 - Login Remote Buffer Overflow !/usr/bin/python print "Dup Scout Enterprise 9.0.28 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYST...
Disk Savvy Enterprise 9.0.32 - Login Remote Buffer Overflow
Disk Savvy Enterprise 9.0.32 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Savvy Enterprise 9.0.32 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT...
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date:...
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Title: Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Advisory ID:...
Picosafe Web GUI - Multiple Vulnerabilities
Picosafe Web GUI - Multiple Vulnerabilities - Title : Picosafe Web Gui - Multiple Vulnerabilities - Author : Shahab Shamsi - Vendor : https://github.com/embeddedprojects/picosafewebgui - Category : Webapps - Date : 01.October.2016 Vulnerable page :...
Fortitude HTTP 1.0.4.0 - Unquoted Service Path Privilege Escalation
Fortitude HTTP 1.0.4.0 - Unquoted Service Path Privilege Escalation Exploit Title: Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege Date: 05/10/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Author twitter: @tulpasecurity...
VX Search Enterprise 9.0.26 - Login Remote Buffer Overflow
VX Search Enterprise 9.0.26 - Login Remote Buffer Overflow !/usr/bin/python print "VX Search Enterprise 9.0.26 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYST...
Sync Breeze Enterprise 8.9.24 - Login Remote Buffer Overflow
Sync Breeze Enterprise 8.9.24 - Login Remote Buffer Overflow !/usr/bin/python print "Sync Breeze Enterprise 8.9.24 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT...
ISC BIND 9 - Denial of Service
ISC BIND 9 - Denial of Service import socket import struct TARGET = '192.168.200.10', 53 QA = 1 QTSIG = 250 DNSMESSAGEHEADERLEN = 12 def buildbindnukequestion="\x06google\x03com\x00", udpsize=512: queryA = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16QA + "\x00\x01"...
Mambo 4.5.4 - SQL Injection
Mambo 4.5.4 - SQL Injection Mambo SQL Injection Vendor: Miro International Pty Ltd Product: Mambo Version: = 4.5.4 Website: http://www.mamboserver.com/ BID: 20366 OSVDB: 50002 Description: Mambo is a popular Open Source Content Management System released under the GNU General Public license GNU...
Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation
Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation Exploit Title: Windows Firewall Control Unquoted Service Path Privilege Escalation Date: 24/09/2016 Exploit Author: [email protected] Vendor Homepage: http://www.binisoft.org Version: 4.8.6.0 Tested on: Windows 7...
Street Fighter 5 - Capcom.sys Kernel Execution (Metasploit)
Street Fighter 5 - Capcom.sys Kernel Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class MetasploitModule...
DWebPro 8.4.2 - Multiple Vulnerabilities
DWebPro 8.4.2 - Multiple Vulnerabilities Exploit Title: DWebPro 8.4.2 Remote Binary Execution Date: 01/10/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Author twitter: @tulpasecurity Vendor Homepage: http://www.dwebpro.com/ Software Link:...
Disk Pulse Enterprise 9.0.34 - Login Remote Buffer Overflow
Disk Pulse Enterprise 9.0.34 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Pulse Enterprise 9.0.34 Buffer Overflow Exploit" print "Author: Tulpa // tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpa-security.com Exploit will land you NT...
Google Android - Insufficient Binder Message Verification Pointer Leak
Google Android - Insufficient Binder Message Verification Pointer Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=860 When frameworks/native/libs/binder/Parcel.cpp reads e.g. a string from a parcel, it does not verify that the string doesn't overlap with any byte range that...
Apache Tomcat 876 (Debian-Based Distros) - Local Privilege Escalation
Apache Tomcat 876 Debian-Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High...
NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation
NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation Exploit Title: Netgear Genie 2.4.32 Unquoted Service Path Elevation of Privilege Date: 30/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: www.netgear.com...
KeepNote 0.7.8 - Command Execution
KeepNote 0.7.8 - Command Execution Title : KeepNote 0.7.8 Remote Command Execution Date : 29/09/2016 Author : R-73eN Twitter : https://twitter.com/r73en Tested on : KeepNote 0.7.8 Kali Linux , and Windows 7 Software : http://keepnote.org/index.shtmldownload Vendor : DESCRIPTION: When the KeepNote...
Grandsteam GXV3611_HD - SQL Injection
Grandsteam GXV3611HD - SQL Injection Exploit Title: Grandstream GXV3611HD Telnet SQL Injection and backdoor command Exploit Author: pizza1337 Vendor Homepage: http://www.grandstream.com/ Version: GXV3611HD Core 1.0.3.6, 1.0.4.3 GXV3611IRHD Core 1.0.3.5 Tested on: -GXV3611HD Bootloader Version:...
Symantec Messaging Gateway 10.6.1 - Directory Traversal
Symantec Messaging Gateway 10.6.1 - Directory Traversal Title : Symantec Messaging Gateway = 10.6.1 Directory Traversal Date : 28/09/2016 Author : R-73eN Tested on : Symantec Messaging Gateway 10.6.1 Latest Software : https://www.symantec.com/products/threat-protection/messaging-gateway Vendor :...
Glassfish Server - Unquoted Service Path Privilege Escalation
Glassfish Server - Unquoted Service Path Privilege Escalation Title: Glassfish Server - Unquoted Service Path Privilege Escalation Date: 28/09/2016 Author: s0nk3y Software link: https://glassfish.java.net/download.html Tested: Windows Server 2008 r2 Metasploitable3 1. Description Glassfish Server...
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow Exploit Title: VLC Media Player 2.2.1 Buffer Overflow 2016-09-28 Author: sultan albalawi Software Link: https://www.videolan.org/vlc/releases/2.2.1.html Tested on:win7 video...
NetMan 204 - Backdoor Account
NetMan 204 - Backdoor Account NetMan 204 - Backdoor Account Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NetMan 204 Vendor: http://www.riello-ups.com Product URL: http://www.riello-ups.com/products/4-software-connectivity/85-netman-204 Quick Reference Installation Manual :...
TP-Link Archer CR-700 - Cross-Site Scripting
TP-Link Archer CR-700 - Cross-Site Scripting Exploit Title: TP-Link Archer CR-700 XSS vulnerability Google Dork: N/A Date: 09/07/2016 Exploit Author: Ayushman Dutta Vendor Homepage: http://www.tp-link.us/ Software Link: N/A Version: 1.0.6 REQUIRED Tested on: Linux CVE : N/A Exploit Information:...
FreePBX 13.0.188 - Remote Command Execution (Metasploit)
FreePBX 13.0.188 - Remote Command Execution Metasploit Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details...
Microsoft Windows 8.1 Update 2 10 10586 (x86x64) - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)
Microsoft Windows 8.1 Update 2 10 10586 x86x64 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation MS16-111 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=865 Windows: NtLoadKeyEx User Hive Attachment Point EoP Platform: Windows 10 10586 32/64 and 8.1 Update 2, not...
Iperius Remote 1.7.0 - Unquoted Service Path Privilege Escalation
Iperius Remote 1.7.0 - Unquoted Service Path Privilege Escalation Exploit Title: Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage:...
Joomla! Component Event Booking 2.10.1 - SQL Injection
Joomla! Component Event Booking 2.10.1 - SQL Injection Exploit Title : Joomla Event Booking Component - SQL Injection Exploit Author : Persian Hack Team Homepage : http://persian-team.ir Vendor Homepage : http://extensions.joomla.org/extension/event-booking Category Webapps Tested on Win Version ...
MSI - NTIOLib.sys WinIO.sys Local Privilege Escalation
MSI - NTIOLib.sys WinIO.sys Local Privilege Escalation Exploit Title: MSI NTIOLib.sys, WinIO.sys local privilege escalation Date: 2016-09-26 Exploit Author: ReWolf Vendor Homepage: http://www.msi.com Version: too many Tested on: Windows 10 x64 TH2, RS1 Full description:...
Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation
Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation Exploit Title: Elantech Smart-Pad Unquoted Service Path Privilege Escalation Date: 24/09/2016 Exploit Author: [email protected] Vendor Homepage: http://www.emc.com.tw/eng/ Version: 11.9.0.0 Tested on: Windows 7 64bit...
NetDrive 2.6.12 - Unquoted Service Path Privilege Escalation
NetDrive 2.6.12 - Unquoted Service Path Privilege Escalation Exploit Title: NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege Date: 24/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.netdrive.net/ Softwa...
Macro Expert 4.0 - Multiple Privilege Escalations
Macro Expert 4.0 - Multiple Privilege Escalations Exploit Title: Macro Expert 4.0 Multiple Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.macro-expert.com/ Software Link:...
Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111)
Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation MS16-111 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=870 Windows: RegLoadAppKey Hive Enumeration EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summar...
Wise Care 365 4.27 Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation
Wise Care 365 4.27 Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation Exploit Title: Wisecleaner Software Multiple Unquoted Service Path Elevation of Privilege Date: 23/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor...
Adobe Flash - Crash When Freeing Memory After AVC decoding
Adobe Flash - Crash When Freeing Memory After AVC decoding Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=859 There is a crash when the AVC decoder attempts to free memory, likely indicating memory corruption. Fixed in the September update Proof of Concept:...
Linux SELinux - W+X Protection Bypass via AIO
Linux SELinux - W+X Protection Bypass via AIO / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=854 SELinux has a set of permissions that can be used to prevent processes from creating executable memory mappings that contain data controlled by the process PROCESSEXECMEM,...
Adobe Flash - Video Decompression Memory Corruption
Adobe Flash - Video Decompression Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=857 The attached fuzz file causes memory corruption when decompressing embedded video content. Fixed in the September update Proof of Concept:...
Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation
Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation Exploit Title: Zortam Mp3 Media Studio 21.15 Insecure File Permissions Privilege Escalation Date: 23/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepag...
Microix Timesheet Module - SQL Injection
Microix Timesheet Module - SQL Injection Exploit Title: Microix timesheet module SQL Injection Google Dork: "Copyright by Microix" inurl:"/microixcloud/" Date: 2016-09-06 Software Link: http://www.microix.net/workflow-modules/timesheet-module/ Exploit Author: Anthony Cole Contact:...
Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)
Microsoft Windows Kerberos - Security Feature Bypass MS16-101 Exploit Title: Kerberos Security Feature Bypass Vulnerability Kerberos to NTLM Fallback Date: 22-09-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 and Windows 10 x64 CVE : CVE-2016-3237 Category: Local...
JCraftJSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal
JCraftJSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 Version: 0.3 Date: Aug 31st, 2016 Complete Proof of Concept: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725...
AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation
AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation Exploit Title: AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege Date: 22/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://anydesk.com Software Link:...
Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities
Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been...