41207 matches found
Adobe Flash - Transform.colorTranform Getter Infomation Leak
Adobe Flash - Transform.colorTranform Getter Infomation Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=845 There is an info leak in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter will...
Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=840 There's an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch...
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure Apple iCloud Desktop Client v5.2.1.0 Local Credentials Disclosure After Sign Out Exploit Tested on Windows Windows 7 64bit, English Vendor Homepage @ https://www.apple.com/ Product Homepage @ https://support.apple.com/en-us/HT2042...
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
LogMeIn Client 1.3.2462 x64 - Local Credentials Disclosure LogMeIn Client v1.3.2462 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://secure.logmein.com/home/en Date 06/09/2016 Bug Discovery by: Alexander Korznikov...
Adobe Flash - Method Calls Use-After-Free
Adobe Flash - Method Calls Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=846 If a method is called on a MovieClip, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a...
Jobberbase 2.0 - Multiple Vulnerabilities
Jobberbase 2.0 - Multiple Vulnerabilities Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
Dropbox Desktop Client 9.4.49 x64 - Local Credentials Disclosure Dropbox Desktop Client v9.4.49 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.dropbox.com Date 06/09/2016 Bug Discovery by: Yakir Wizman...
Zabbix 2.0 3.0.3 - SQL Injection
Zabbix 2.0 3.0.3 - SQL Injection Exploit Title: 2.0 Zabbix 3.0.4 SQL Injection Python PoC Data: 20-08-2016 Software Link: www.zabbix.com Exploit Author: Unknownhttp://seclists.org/fulldisclosure/2016/Aug/82 Version: Zabbix 2.0-3.0.x3.0.4 PoC Author: Zzzians Contact: [email protected] Test on: Lin...
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
TeamViewer 11.0.65452 x64 - Local Credentials Disclosure TeamViewer 11.0.65452 64 bit Local Credentials Disclosure Tested on Windows 7 64bit, English Vendor Homepage @ https://www.teamviewer.com/ Date 07/09/2016 Bug Discovered by Alexander Korznikov https://www.linkedin.com/in/nopernik...
FreePBX 13.0.x 13.0.154 - Remote Command Execution
FreePBX 13.0.x 13.0.154 - Remote Command Execution Vulnerable software : Freepbx Tested versions : 13.0.x $this-commandline = $commandline; $this-cwd = $cwd; Line 275 $commandline = $this-commandline; if '\' === DIRECTORYSEPARATOR && $this-enhanceWindowsCompatibility $commandline = 'cmd /V:ON...
SugarCRM 6.5.23 - REST PHP Object Injection (Metasploit)
SugarCRM 6.5.23 - REST PHP Object Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This...
CumulusClips 2.4.1 - Multiple Vulnerabilities
CumulusClips 2.4.1 - Multiple Vulnerabilities Exploit Title: CumulusClips Session fixation Google Dork: inurl:/cumulusclips/videos/ Date: 2.09.2016 Exploit Author: kor3k / Łukasz Korczyk Vendor Homepage: http://cumulusclips.org/ Software Link: http://cumulusclips.org/cumulusclips.zip Version: 2.4...
Adobe ColdFusion 11 Update 10 - XML External Entity Injection
Adobe ColdFusion 11 Update 10 - XML External Entity Injection ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...
WIN-911 7.17.00 - Multiple Vulnerabilities
WIN-911 7.17.00 - Multiple Vulnerabilities Title: WIN-911 - Insecure File Permissions EoP CWE Class: CWE-276: Incorrect Default Permissions Date: 05/09/2016 Vendor: Win911 Product: WIN-911 Type: Alarm Notification Software Version: V7.17.00 Download URL: through Rockwell Automation downloads:...
Sony Playstation 4 (PS4) 3.15 3.55 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 3.15 3.55 - WebKit Code Execution PoC PS4 3.55 Unsigned Code Execution ============== This GitHub Repository contains all the necessary tools for getting PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55. This Exploit, is based-off Henkaku'...
PHPIPAM 1.2.1 - Multiple Vulnerabilities
PHPIPAM 1.2.1 - Multiple Vulnerabilities PHPIPAM 1.2.1 Multiple Vulnerabilities Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: 06 Sep 2016 Tested Version: phpipam-1.2.1 Latest Version - modified on 2016-02-13 Vendor: http://phpipam.net/ Product URL:...
glibc - getaddrinfo Remote Stack Buffer Overflow
glibc - getaddrinfo Remote Stack Buffer Overflow / add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html -...
MySQL 5.5.45 (x64) - Local Credentials Disclosure
MySQL 5.5.45 x64 - Local Credentials Disclosure MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman...
WordPress Plugin RB Agency 2.4.7 - Local File Disclosure
WordPress Plugin RB Agency 2.4.7 - Local File Disclosure Exploit Title : WordPress RB Agency 2.4.7 Plugin - Local File Disclosure Exploit Author : Persian Hack Team Vendor Homepage : http://rbplugin.com/ Category Webapps Tested on Win Version : 2.4.7 Date 2016/09/03 PoC The Vulnerable page is...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL...
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
Navicat Premium 11.2.11 x64 - Local Database Password Disclosure Navicat Premium 11.2.11 64bit Local Password Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.navicat.com/ Date 05/09/2016 Bug Discovered by Yakir Wizman...
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
Belkin F9K1122v1 1.00.30 - Buffer Overflow via Cross-Site Request Forgery import socket, sys , base64, struct, string, urllib from getopt import getopt as GetOpt, GetoptError from uuid import getnode as getmac import SimpleHTTPServer, SocketServer TIMELINE ''' 3/16/2016 - First Submission to Belk...
FortiClient SSLVPN 5.4 - Credentials Disclosure
FortiClient SSLVPN 5.4 - Credentials Disclosure ''' Title : Extracting clear text passwords from running processesFortiClient CVE-ID : none Product : FortiClient SSLVPN Service : FortiTray.exe Affected : =5.4 Impact : Critical Remote : No Website link : http://forticlient.com/ Reported : 31/08/20...
PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service
PHP 7.0 - JsonSerializable::jsonSerialize jsonencode Local Denial of Service...
PHP 5.0.0 - snmpwalk() Local Denial of Service
PHP 5.0.0 - snmpwalk Local Denial of Service...
PHP 5.0.0 - snmpset() Local Denial of Service
PHP 5.0.0 - snmpset Local Denial of Service...
PHP 7.0 - AppendIterator::append Local Denial of Service
PHP 7.0 - AppendIterator::append Local Denial of Service append$tmp; // Crash ?...
ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)
ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery Add Superadmin...
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform:...
PHP 5.0.0 - snmprealwalk() Local Denial of Service
PHP 5.0.0 - snmprealwalk Local Denial of Service...
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.5.3 Build 00...
PHP 5.0.0 - fbird_[p]connect() Local Denial of Service
PHP 5.0.0 - fbirdpconnect Local Denial of Service...
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...
PHP 5.0.0 - snmpwalkoid() Local Denial of Service
PHP 5.0.0 - snmpwalkoid Local Denial of Service...
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting...
ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.6 3.0.1.5 160622 3.0.1.1...
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version:...
PHP 5.0.0 - html_doc_file() Local Denial of Service
PHP 5.0.0 - htmldocfile Local Denial of Service...
PHP 5.0.0 - hw_docbyanchor() Local Denial of Service
PHP 5.0.0 - hwdocbyanchor Local Denial of Service...
RSS News AutoPilot Script 1.0.13.0.3 - Cross-Site Request Forgery
RSS News AutoPilot Script 1.0.13.0.3 - Cross-Site Request Forgery Exploit Title: RSS News AutoPilot Script 1.0.1 / 3.0.3 - CSRF to Persistent XSS and RCE Through Unrestricted File Upload Date: 30 August 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link:...
PHP 5.0.0 - imap_mail() Local Denial of Service
PHP 5.0.0 - imapmail Local Denial of Service...
NScan 0.9.1 - Target Local Buffer Overflow
NScan 0.9.1 - Target Local Buffer Overflow ''' + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NECROSCAN-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: =================== nscan.hypermart.net Product:...
Adobe Flash - Selection.setFocus Use-After-Free
Adobe Flash - Selection.setFocus Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=841 There is a user-after-free in Selection.setFocus. It is a static method, but if it is called with a this object, it will be called on that object's thread. Then, if it calls into...
FreePBX 13.0.35 - SQL Injection
FreePBX 13.0.35 - SQL Injection Vulnerable software : Freepbx Tested version : 13.0.35 vendor : freepbx.org Author : i-Hmx Email : [email protected] Home : sec4ever.com Freepbx suffer from unauthenticated sql injection flaw due to insufficient sanitization of "display" parameter File :...
Intellinet IP Camera INT-L100M20N - Unauthorized Admin Credential Change
Intellinet IP Camera INT-L100M20N - Unauthorized Admin Credential Change !/bin/bash INTELLINET IP Camera INT-L100M20N remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is fo...
Adobe Flash - MovieClip Transform Getter Use-After-Free
Adobe Flash - MovieClip Transform Getter Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=844 There is a use-after-free in the MovieClip Transform getter. If the Transform constructor is replaced with a getter using addProperty, this getter can free the MovieClip...
Adobe Flash - BitmapData.copyPixels Use-After-Free
Adobe Flash - BitmapData.copyPixels Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=843 There is a use-after-free in BitmapData.copyPixels. If the method is called on a MovieClip, and the MovieClip is deleted during parameter conversions, it is used to convert...
PHP 5.0.0 - xmldocfile() Local Denial of Service
PHP 5.0.0 - xmldocfile Local Denial of Service...
Adobe Flash - Use-After-Free When Returning Rectangle
Adobe Flash - Use-After-Free When Returning Rectangle Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=842 Several methods in flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a...
PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure
PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure Date: 28/08/2016 Exploit Author: Rahul Raz Affected Model : GPN2.4P21-C-CNFrimware- W2001EN-00 Vendor: ChinaMobile Tested on: Ubuntu Linux GET...