41207 matches found
Matrimonial Website Script 1.0.2 - SQL Injection
Matrimonial Website Script 1.0.2 - SQL Injection Application Name : Matrimonial Website Script v1.0.2 Google Dork : inurl:viewfullprofile1.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage :...
Exponent CMS 2.3.9 - Blind SQL Injection
Exponent CMS 2.3.9 - Blind SQL Injection ============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400...
Joomla! Component com_videogallerylite 1.0.9 - SQL Injection
Joomla! Component comvideogallerylite 1.0.9 - SQL Injection Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Author: Larry W. Cashdollar, @larry0 Date: 2016-09-15 Download Site: http://huge-it.com/joomla-video-gallery/ Vendor: www.huge-it.com, fixed v1.1.0 Vendor...
Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)
Kaltura 11.1.0-2 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injectio...
Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read Out-of-Bounds Write
Symantec RAR Decomposer Engine Multiple Products - Out-of-Bounds Read Out-of-Bounds Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=867 In issue 810 we pointed out to Symantec that they hadn't updated their unrar based unpacker for years, and it was vulnerable to dozens of...
Microsoft Office PowerPoint 2010 - Invalid Pointer Reference
Microsoft Office PowerPoint 2010 - Invalid Pointer Reference Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=866 The following crash was observed in Microsoft PowerPoint 2010 running under Windows 7 x86 with application verifier enabled. File versions are: mso.dll: 14.0.7166.500...
Dolphin 7.3.0 - Error-Based SQL Injection
Dolphin 7.3.0 - Error-Based SQL Injection Exploit Title: Dolphin 7.3.0 Error Based SQL Injection Date: 20-09-2016 Software Link: https://www.boonex.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...
VegaDNS 0.13.2 - Remote Command Injection
VegaDNS 0.13.2 - Remote Command Injection !/usr/bin/perl $izd= qq ██╗███████╗██╗ ██╗███╗ ██╗ █████╗ ██████╗ ██████╗ ██████╗ ██████╗ ██║╚══███╔╝██║ ██║████╗ ██║██╔══██╗ ██╔══██╗██╔══██╗██╔═══██╗██╔══██╗ ██║ ███╔╝ ██║ ██║██╔██╗ ██║███████║ ██║ ██║██████╔╝██║ ██║██████╔╝ ██║ ███╔╝ ██║...
Kajona 4.7 - Cross-Site Scripting Directory Traversal
Kajona 4.7 - Cross-Site Scripting Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: Kajona 4.7 Fixed in: 5.0 Fixed Version Link: https://www.kajona.de/en/Downloads/downloads.getkajona.html Vendor Website: https://www.kajona.de/ Vulnerability Type: XSS...
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure Exploit Title: WordPress Plugin Order Export Import for WooCommerce Link: https://wordpress.org/plugins/order-import-export-for-woocommerce/ Version: 1.0.8 Date: 19th 2016 Exploit Author: contact a david-peltier d...
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=850 As already discussed in a number of reports in this tracker 285, 286, 287, 288, 289, 292, VMware Workstation current version 12.1.1 build-3770994...
ShoreTel Connect ONSITE - Blind SQL Injection
ShoreTel Connect ONSITE - Blind SQL Injection Exploit Title: ShoreTel Connect ONSITE Blind SQL Injection Vulnerability Date: 19-09-2016 Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Exploit Author: Iraklis Mathiopoulos Contact: https://twitter.com/imath...
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation Document Title: ================ SolarWinds Kiwi CatTools Unquoted Service Path Privilege Escalation Vulnerability Author: ======== Halil Dalabasmaz Release Date: ============== 29 SEP 2016 Product & Service Introduction...
BuilderEngine 3.5.0 - Arbitrary File Upload
BuilderEngine 3.5.0 - Arbitrary File Upload...
PHP 5.0.0 - tidy_parse_file() Local Buffer Overflow
PHP 5.0.0 - tidyparsefile Local Buffer Overflow...
VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow (PoC)
VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow PoC Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=849 As already discussed in a number of reports in this tracker 285, 286, 287, 288, 289, 292, VMware Workstation current version 12.1.1 build-377099...
ZineBasic 1.1 - Arbitrary File Disclosure
ZineBasic 1.1 - Arbitrary File Disclosure Title: ZineBasic 1.1 Remote File Disclosure Exploit Author: bd0rk || East Germany former GDR Tested on: Ubuntu-Linux Vendor: http://w2scripts.com/news-publishing/ Download:...
MyBB 1.8.6 - SQL Injection
MyBB 1.8.6 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyBB 1.8.6 Fixed in: 1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes...
SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation
SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation Document Title: ================ SolarWinds Kiwi Syslog Server Unquoted Service Path Privilege Escalation Vulnerability Author: ======== Halil Dalabasmaz Release Date: ============== 29 SEP 2016 Product & Service...
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and...
EKG Gadu 1.9~pre+r2855-3+b1 - Local Buffer Overflow
EKG Gadu 1.9pre+r2855-3+b1 - Local Buffer Overflow Exploit developed using Exploit Pack v6.01 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: EKG Gadu Affected value: USERNAME Version: 1:1.9pre+r2855-3+b1 Tested and developed under: Kali Linux 2....
Cisco ASA 9.2(3) - EXTRABACON Authentication Bypass
Cisco ASA 9.23 - EXTRABACON Authentication Bypass Cisco ASA 9.23 Authentication Bypass EXTRABACON Module Copyright: c 2016 RiskSense, Inc. https://risksense.com License: http://opensource.org/licenses/MIT Release Date: September 15, 2016 Authors: Sean Dillon 2E3C8D72353C9B8C9FF797E753EC4C9876D572...
Joomla! Component Catalog 1.0.7 - SQL Injection
Joomla! Component Catalog 1.0.7 - SQL Injection Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Author: Larry W. Cashdollar, @larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-catalog/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact:...
AnoBBS 1.0.1 - Remote File Inclusion
AnoBBS 1.0.1 - Remote File Inclusion Exploitcode for Copy&Paste AnoBBS 1.0.1 Remote File Inclusion Exploit var dir="/progs/" var file="/bbsauth.php?" var parameter ="progdir=" var shell="Insert your shellcode here" function command if document.rfi.target1.value=="" alert"Exploit failed..."; retur...
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection Title: Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Joomla extension v1.0.6 Author: Larry W. Cashdollar, @larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-portfolio-gallery/ Vendor: huge-it.com Vendor Notified...
Cisco EPC 3925 - Multiple Vulnerabilities
Cisco EPC 3925 - Multiple Vulnerabilities Title: Cisco EPC 3925 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco EPC3925 EuroDocsis 3.0 2-PORT Voice Gateway Date: 15.09.2016 Author: Patryk Bogdan ======== Vulnerability list: 1. HTTP Response Injection via 'Lang'...
Google Android - getpidcon Usage binder Service Replacement Race Condition
Google Android - getpidcon Usage binder Service Replacement Race Condition Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=851 This is very similar to forshaw's bug , . The servicemanager, when determining whether the sender of a binder transaction is authorized to register a...
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
PrivateTunnel Client 2.7.0 x64 - Local Credentials Disclosure PrivateTunnel Client v2.7.0 x64 Local Credentials Disclosure After Sign out Exploit Tested on Windows Windows 7 64bit, English Vendor Homepage @ https://www.privatetunnel.com Date 14/09/2016 Bug Discovery by: Yakir Wizman...
Apache Mina 2.0.13 - Remote Command Execution
Apache Mina 2.0.13 - Remote Command Execution Source: https://remoteawesomethoughts.blogspot.com/2016/09/apache-mina-2013-remote-command.html Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this expression is...
Inteno EG101R1 VoIP Router - DNS Change
Inteno EG101R1 VoIP Router - DNS Change !/bin/bash Inteno EG101R1 VoIP Router Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is...
Contrexx CMS egov Module 1.0.0 - SQL Injection
Contrexx CMS egov Module 1.0.0 - SQL Injection Exploit Title: Contrexx CMS:egov moudle SQL injection Google Dork: inurl:?section=egov Date: 12/9/2016 Exploit Author: hamidreza borghei Software Link: https://www.cloudrexx.com/de/index.php?section=downloads&cmd=7&category=8 Version: 1.0.0 Tested on...
Zapya Desktop 1.803 - ZapyaService.exe Local Privilege Escalation
Zapya Desktop 1.803 - ZapyaService.exe Local Privilege Escalation Exploit Title: Zapya Desktop Version 'ZapyaService.exe' Privilege Escalation Date: 2016/9/12 Exploit Author: Arash Khazaei Vendor Homepage: http://www.izapya.com/ Software Link:...
Cherry Music 0.35.1 - Arbitrary File Disclosure
Cherry Music 0.35.1 - Arbitrary File Disclosure Exploit Title: Cherry Music v0.35.1 directory traversal vulnerability allows authenticated users to download arbitrary files Date: 11-09-2016 Exploit Author: feedersec Contact: [email protected] Vendor Homepage:...
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation Exploit Title: Multiple Icecream Apps Local Privilege Escalation Date: 13/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: icecreamapps.com Software...
ASUS DSL-X11 ADSL Router - DNS Change
ASUS DSL-X11 ADSL Router - DNS Change !/bin/bash ASUS DSL-X11 ADSL Router Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is accessible...
PLANET VDR-300NU ADSL Router - DNS Change
PLANET VDR-300NU ADSL Router - DNS Change !/bin/bash PLANET VDR-300NU ADSL ROUTER Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is...
Exper EWM-01 ADSLMODEM - DNS Change
Exper EWM-01 ADSLMODEM - DNS Change !/bin/bash Exper EWM-01 ADSL/MODEM Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is accessible...
Tenda ADSL22+ Modem 963281TAN - DNS Change
Tenda ADSL22+ Modem 963281TAN - DNS Change !/bin/bash Tenda ADSL2/2+ Modem 963281TAN Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is...
Open-Xchange App Suite 7.8.2 - Cross-Site Scripting
Open-Xchange App Suite 7.8.2 - Cross-Site Scripting Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status:...
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation Exploit Title: Battle.Net 1.5.0.7963 Local Privilege Escalation Date: 11/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: www.battle.net Software Link:...
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free body background-color:lime; font-color:red; ; / Exploit Title: Internet Explorer 11 Use After Free Date: 05/09/2016 - 11/09/2016 Exploit Author: Marcin Ressel Vendor Homepage: https://www.microsoft.com/pl-pl/ Version: 11.0.9600.18482...
PIKATEL 96338WS_ 96338L-2M-8M - DNS Change
PIKATEL 96338WS 96338L-2M-8M - DNS Change !/bin/bash PIKATEL 96338WS, 96338L-2M-8M Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is...
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
WinSMS 3.43 - Insecure File Permissions Privilege Escalation Exploit Title: WinSMS 3.43 Local Privilege Escalation Date: 13/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.winsms.co.za Software Link:...
wdCalendar 2 - SQL Injection
wdCalendar 2 - SQL Injection Exploit Title: wdcalendar version 2 sql injection vulnerability Google Dork: allinurl:"wdcalendar/edit.php" Date: 12/09/2016 Exploit Author: Alfonso Castillo Angel Software Link: https://github.com/ronisaha/wdCalendar Version: Version 2 Tested on: Windows 7 ultimate...
COMTREND ADSL Router CT-5367 C01_R12 CT-5624 C01_R03 - DNS Change
COMTREND ADSL Router CT-5367 C01R12 CT-5624 C01R03 - DNS Change !/bin/bash COMTREND ADSL Router CT-5367 C01R12, CT-5624 C01R03 Unauthenticated Remote DNS Change Exploit Copyright 2016 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The...
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed...
MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation
MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation !/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski...
Airmail 3.0.2 - Cross-Site Scripting
Airmail 3.0.2 - Cross-Site Scripting Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X...
LamaHub 0.0.6.2 - Remote Buffer Overflow
LamaHub 0.0.6.2 - Remote Buffer Overflow Exploit Title: LamaHub-0.0.6.2 BufferOverflow Date: 09/09/09 Exploit Author: Pi3rrot Vendor Homepage: http://lamahub.sourceforge.net/ Software Link: http://ovh.dl.sourceforge.net/sourceforge/lamahub/LamaHub-0.0.6.2.tar.gz Version: 0.0.6.2 Tested on: Debian...
Vodafone Mobile Wifi - Reset Admin Password
Vodafone Mobile Wifi - Reset Admin Password import urllib2 import json from datetime import datetime, timedelta import time import httplib from threading import Thread from Queue import Queue from multiprocessing import process print """ Vodafone Mobile WiFi - Password reset exploit Daniele...