HelpDeskZ 1.0.2 - Arbitrary File Upload

HelpDeskZ 1.0.2 - Arbitrary File Upload ''' Updated Exploit Provided by Drew Griess Exploit Title HelpDeskZ = v1.0.2 - Unauthenticated Shell Upload Google Dork intextHelp Desk Software by HelpDeskZ Date 2016-08-26 Exploit Author Lars Morgenroth - @krankoPwnz Vendor Homepage httpwww.helpdeskz.com...

Goron WebServer 2.0 - Multiple Vulnerabilities

Goron WebServer 2.0 - Multiple Vulnerabilities """ Exploit Title: Goron Web Server 2.0 - Multiple Vulnerabilities Date: 26/08/2016 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor Homepage:...

PHP 7.0 - Object Cloning Local Denial of Service

PHP 7.0 - Object Cloning Local Denial of Service obj = clone $this; return $this-obj; $obj = new MyCloneableClass; $obj2 = clone $obj; ?...

PHP 5.0.0 - domxml_open_file() Local Denial of Service

PHP 5.0.0 - domxmlopenfile Local Denial of Service...

PHP 5.0.0 - simplexml_load_file() Local Denial of Service

PHP 5.0.0 - simplexmlloadfile Local Denial of Service...

FreePBX 13.0.35 - Remote Command Execution

FreePBX 13.0.35 - Remote Command Execution Vulnerable software : Freepbx Tested version : 13.0.35 vendor : freepbx.org Author : Ahmed sultan 0x4148 Email : [email protected] Summary : FreePBX is a web-based open source GUI graphical user interface that controls and manages Asterisk PBX, an open...

Adobe Flash - Stage.align Setter Use-After-Free

Adobe Flash - Stage.align Setter Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=838 There is a use-after-free in the Stage.align property setter. When the setter is called, the parameter is converted to a string early, as a part of the new use-after-free preventi...

CubeCart 3.0.12 - Multiple Vulnerabilities

CubeCart 3.0.12 - Multiple Vulnerabilities CubeCart Multiple Vulnerabilities Vendor: Devellion Limited Product: CubeCart Version: = 3.0.12 Website: http://www.cubecart.com BID: 19782 CVE: CVE-2006-4525 OSVDB: 28279 28280 28281 SECUNIA: 21659 Description: CubeCart is a very popular web application...

WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File DisclosureArbitrary File Upload

WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File DisclosureArbitrary File Upload Exploit Title: WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload Link: https://wordpress.org/plugins/cysteme-finder/ Version: 1.3 Date: August 23rd 2016 Exploit Author: T0w3ntu...

SimplePHPQuiz - Blind SQL Injection

SimplePHPQuiz - Blind SQL Injection Exploit Title: SimplePHPQuiz - Blind SQL Injection Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/valokafor/SimplePHPQuiz Software Link: https://github.com/valokafor/SimplePHPQuiz/archive/master.z...

WordPress Plugin Mail Masta 1.0 - Local File Inclusion

WordPress Plugin Mail Masta 1.0 - Local File Inclusion + Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to...

chatNow - Multiple Vulnerabilities

chatNow - Multiple Vulnerabilities Exploit Title: chatNow - Multiple Vulnerabilities Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://chatnow.thiagosf.net/ Software Link: https://github.com/thiagosf/chatNow/archive/master.zip Version: Latest comm...

Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write

Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write Exploit Title: Gnome Eye of Gnome Out-of-bounds-write Exploit Author: Kaslov Dmitri Vendor Homepage: https://wiki.gnome.org/Apps/EyeOfGnome Version: 3.10.2 Tested on: Ubuntu 14.04 LTS CVE: CVE-2016-6855 Proof of Concept:...

Ocomon 2.0 - SQL Injection

Ocomon 2.0 - SQL Injection Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 Date: 2016.08.18 Exploit Author: Jonatas Fil a.k.a pwx Vendor Homepage: ninj4c0d3r.github.io Version: Latest 2.0RC6 Tested on:...

ObiHai ObiPhone 10321062 5-0-0-3497 - Multiple Vulnerabilities

ObiHai ObiPhone 10321062 5-0-0-3497 - Multiple Vulnerabilities ObiHai ObiPhone - Multiple Vulnerabilities ------------------------------------------ Introduction ============ Multiple vulnerabilities were discovered in the web management interface of the ObiHai ObiPhone products. The...

JVC IP-Camera VN-T216VPRU - Local File Disclosure

JVC IP-Camera VN-T216VPRU - Local File Disclosure 1. Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Local File Inclusion Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product References :...

Honeywell IP-Camera HICC-1100PT - Local File Disclosure

Honeywell IP-Camera HICC-1100PT - Local File Disclosure 1. Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Local File Inclusion Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Tested on Camera types :...

VideoIQ Camera - Local File Disclosure

VideoIQ Camera - Local File Disclosure "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n"; $pack.= "Host:...

WordPress 4.5.3 - Directory Traversal Denial of Service

WordPress 4.5.3 - Directory Traversal Denial of Service Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to...

Vanderbilt IP-Camera CCPW3025-IR CVMW3025-IR - Local File Disclosure

Vanderbilt IP-Camera CCPW3025-IR CVMW3025-IR - Local File Disclosure 1. Advisory Information ======================================== Title : Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR Local File Inclusion Vendor Homepage : https://is.spiap.com/ Remotely Exploitable : Yes Tested on Camera typ...

Sakai 10.7 - Multiple Vulnerabilities

Sakai 10.7 - Multiple Vulnerabilities Sakai 10.7 Multiple Vulnerabilities Vendor: Apereo Foundation Product web page: https://www.sakaiproject.org Affected version: 10.7 Kernel 10.7 Summary: Sakai is a free, community source, educational software platform designed to support teaching, research an...

TOSHIBA IP-Camera IK-WP41A - Authentication Bypass Configuration Download

TOSHIBA IP-Camera IK-WP41A - Authentication Bypass Configuration Download TOSHIBA IK-WP41A IP-Camera auth bypass configuration download Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational...

Vanderbilt IP-Camera CCPW3025-IR CVMW3025-IR - Credentials Disclosure

Vanderbilt IP-Camera CCPW3025-IR CVMW3025-IR - Credentials Disclosure 1. Advisory Information ======================================== Title : Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR Remote Credentials Disclosure Vendor Homepage : https://is.spiap.com/ Remotely Exploitable : Yes Tested on...

Fortigate Firewalls - EGREGIOUSBLUNDER Remote Code Execution

Fortigate Firewalls - EGREGIOUSBLUNDER Remote Code Execution Exploit Title: Fortigate Firewalls - Remote Code Execution EGREGIOUSBLUNDER Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: https://www.fortinet.com/products/fortigate/ Full Exploit:...

TOPSEC Firewalls - ELIGIBLEBACHELOR Remote Command Execution

TOPSEC Firewalls - ELIGIBLEBACHELOR Remote Command Execution Exploit Title: TOPSEC Firewalls - Remote Exploit ELIGIBLEBACHELOR Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.topsec.com.cn/ Full Exploit:...

TOPSEC Firewalls - ELIGIBLECONTESTANT Remote Code Execution

TOPSEC Firewalls - ELIGIBLECONTESTANT Remote Code Execution Exploit Title: TOPSEC Firewalls - Remote Code Execution ELIGIBLECONTESTANT Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.topsec.com.cn/ Full Exploit:...

Watchguard Firewalls - ESCALATEPLOWMAN ifconfig Privilege Escalation

Watchguard Firewalls - ESCALATEPLOWMAN ifconfig Privilege Escalation Exploit Title: WatchGuard Firewalls - ifconfig Privilege Escalation ESCALATEPLOWMAN Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.watchguard.com/ Full Exploit:...

SIEMENS IP Cameras (Multiple Models) - Credential Disclosure Configuration Download

SIEMENS IP Cameras Multiple Models - Credential Disclosure Configuration Download Multiple SIEMENS IP Cameras auth bypass configuration download Tested: SIEMENS IP Camera CCID1410-ST X.1.0.24 SIEMENS IP Camera CCMW1025 x.2.2.1798 SIEMENS IP Camera CCMS2025 x.2.2.1798 SIEMENS IP Camera CVMS2025-IR...

TOPSEC Firewalls - ELIGIBLECANDIDATE Remote Code Execution

TOPSEC Firewalls - ELIGIBLECANDIDATE Remote Code Execution Exploit Title: TOPSEC Firewalls - Remote Code Execution ELIGIBLECANDIDATE Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.topsec.com.cn/ Full Exploit:...

MESSOA IP Cameras (Multiple Models) - Password Change

MESSOA IP Cameras Multiple Models - Password Change Multiple MESSOA IP-Cameras auth bypass admin user/password changer Tested: MESSOA NIC 835 Release: X.2.1.8 MESSOA NIC 835-HN5 Release: X.2.1.17 MESSOA NIC 836 Release: X.2.1.7 MESSOA NDZ 860 Release: X.3.0.6.1 MESSOA Copyright 2016 c Todor Donev...

Cisco ASA PIX - EPICBANANA Local Privilege Escalation

Cisco ASA PIX - EPICBANANA Local Privilege Escalation Exploit Title: Cisco ASA / PIX - Privilege Escalation EPICBANANA Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.cisco.com/ Full Exploit:...

TOPSEC Firewalls - ELIGIBLEBOMBSHELL Remote Code Execution

TOPSEC Firewalls - ELIGIBLEBOMBSHELL Remote Code Execution Exploit Title: TOPSEC Firewalls - Remote Code Execution ELIGIBLEBOMBSHELL Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.topsec.com.cn/ Full Exploit:...

tcPbX - tcpbx_lang Local File Inclusion

tcPbX - tcpbxlang Local File Inclusion Vulnerable hardware : tcpbx voip distro Vendor : www.tcpbx.org Author : Ahmed sultan @0x4148 Email : [email protected] Summary : According to the vendor's site , tcPbX is a complete and functional VoIP phone system based on Asterisk open source software and...

ZYCOO IP Phone System - Remote Command Execution

ZYCOO IP Phone System - Remote Command Execution Vulnerable hardware : ZYCOO IP phone system Vendor : zycoo.com Author : Ahmed sultan @0x4148 Email : [email protected] Summary : According to the vendor's site , CooVox Series IP Phone System is the most innovative solution for VoIP telecommunicatio...

C2S DVR Management IRDOME-II-C2S IRBOX-II-C2S DVR - Credentials Disclosure Authentication Bypass

C2S DVR Management IRDOME-II-C2S IRBOX-II-C2S DVR - Credentials Disclosure Authentication Bypass 1. Advisory Information ======================================== Title : C2S DVR Management Remote Credentials Disclosure & Authentication Bypass Vendor Homepage : http://www.cash2s.com/en/ Remotely...

MESSOA IP-Camera NIC990 - Authentication Bypass Configuration Download

MESSOA IP-Camera NIC990 - Authentication Bypass Configuration Download MESSOA NIC990 IP-Camera auth bypass configuration download Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose...

Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)

Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Windows Escalate UAC Protection Bypass with...

JVC IP-Camera VN-T216VPRU - Credentials Disclosure

JVC IP-Camera VN-T216VPRU - Credentials Disclosure 1. Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Remote Credentials Disclosure Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product...

Honeywell IP-Camera HICC-1100PT - Credentials Disclosure

Honeywell IP-Camera HICC-1100PT - Credentials Disclosure 1. Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Unauthenticated Remote Credentials Disclosure Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Test...

Cisco ASA 8.x - EXTRABACON Authentication Bypass

Cisco ASA 8.x - EXTRABACON Authentication Bypass Exploit Title: Cisco ASA 8.X Authentication Bypass Date: 17-08-2016 Exploit Author: Equation Group Vendor Homepage: Cisco Software Link: Cisco Version: Cisco ASA 8.X Tested on: Cisco ASA 8.4.2 CVE : Not sure Requirements: SNMP read public string...

X-Cart 4.1.3 - Arbitrary Variable Overwrite

X-Cart 4.1.3 - Arbitrary Variable Overwrite X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic quotes gpc settings ...

Linux Kernel - TCP Related Read Use-After-Free

Linux Kernel - TCP Related Read Use-After-Free // Source: https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html // to build clang derp4.c -o derp4 -static include include include include include include ifndef SYSmmap define SYSmmap 9 endif ifndef SYSsocke...

SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change

SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change !/bin/bash SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is...

Microsoft Windows - GDI+ EMR_EXTTEXTOUTA EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097)

Microsoft Windows - GDI+ EMREXTTEXTOUTA EMRPOLYTEXTOUTA Heap Buffer Overflow MS16-097 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=828 The Microsoft GDI+ implementation of the EMF format supports records corresponding to the ExtTextOutA and PolyTextOutA API functions. Both...

SIEMENS IP-Camera CVMS2025-IR CCMS2025 - Credentials Disclosure

SIEMENS IP-Camera CVMS2025-IR CCMS2025 - Credentials Disclosure 1. Advisory Information ======================================== Title : SIEMENS IP-Camera Unauthenticated Remote Credentials Disclosure Vendor Homepage : https://www.siemens.com Remotely Exploitable : Yes Versions Affected :...

Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)

Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads MS16-097 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, whi...

Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)

Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write MS16-097 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=824 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF...

Nagios Log Server 1.4.1 - Multiple Vulnerabilities

Nagios Log Server 1.4.1 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Log Server Multiple Vulnerabilities Affected versions: Nagios Log Server = 1.4.1 PDF:...

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV function eventhandler1 CollectGarbage; function eventhandler5 try /FileReader/ var var00063 = new FileReader; catcherr //line 68 try /Blob/ var var00064 = new Blob; catcherr //line 69 try...

Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities

Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer =...