Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in WhitelistBlacklist

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in WhitelistBlacklist Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file Author: loneferret from Kioptrix Product: Pi-Hole Version: Web Interface 1.3 Web Interface software: https://github.com/pi-hole/AdminLTE...

WSO2 Carbon 4.4.5 - Local File Inclusion

WSO2 Carbon 4.4.5 - Local File Inclusion + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt + ISR: ApparitionSec Vendor: =============== www.wso2.com Product: ====================...

Lepton CMS 2.2.02.2.1 - PHP Code Injection

Lepton CMS 2.2.02.2.1 - PHP Code Injection + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...

WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting

WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt + ISR: ApparitionSec Vendor: ============= www.wso2.com Product:...

Lepton CMS 2.2.02.2.1 - Directory Traversal

Lepton CMS 2.2.02.2.1 - Directory Traversal + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...

WSO2 Carbon 4.4.5 - Denial of Service Cross-Site Request Forgery

WSO2 Carbon 4.4.5 - Denial of Service Cross-Site Request Forgery + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.txt + ISR: ApparitionSec Vendor: ============ www.wso2.com Product:...

Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities

Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Incident Manager Multiple Vulnerabilities Affected versions: Nagios Incident Manager...

Microsoft Word 20132016 - sprmSdyaTop Denial of Service (MS16-099)

Microsoft Word 20132016 - sprmSdyaTop Denial of Service MS16-099 Application: Microsoft Office Word Platforms: Windows, OSX Versions: Microsoft Office Word 2013,2016 Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: August 09, 2016 CVE:...

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt + ISR: ApparitionSec Vendor: ============= www.wso2.com Product:...

Zabbix 2.2.x3.0.x - SQL Injection

Zabbix 2.2.x3.0.x - SQL Injection ========================================== Title: Zabbix 3.0.3 SQL Injection Vulnerability Product: Zabbix Vulnerable Versions: 2.2.x, 3.0.x Fixed Version: 3.0.4 Homepage: http://www.zabbix.com Patch link: https://support.zabbix.com/browse/ZBX-11023 Credit:...

GitLab - impersonate Feature Privilege Escalation

GitLab - impersonate Feature Privilege Escalation Exploit Title: GitLab privilege escalation via "impersonate" feature Date: 02-05-2016 Software Link: https://about.gitlab.com/ Version: 8.2.0 - 8.2.4, 8.3.0 - 8.3.8, 8.4.0 - 8.4.9, 8.5.0 - 8.5.11, 8.6.0 - 8.6.7, 8.7.0 Exploit Author: Kaimi Website...

Claroline 1.7.7 - Arbitrary File Inclusion

Claroline 1.7.7 - Arbitrary File Inclusion Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; e...

Samsung Smart Home Camera SNH-P-6410 - Command Injection

Samsung Smart Home Camera SNH-P-6410 - Command Injection E-DB Note: source https://www.pentestpartners.com/blog/samsungs-smart-camera-a-tale-of-iot-network-security/ import urllib, urllib2, crypt, time New password for web interface webpassword = 'admin' New password for root rootpassword = 'root...

FreePBX 1314 - Remote Command Execution Privilege Escalation

FreePBX 1314 - Remote Command Execution Privilege Escalation !/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14...

ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal

ColoradoFTP 1.3 Prime Edition Build 8 - Directory Traversal 01. Advisory Information Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition Build 8 Date published: n/a Date of last update: n/a Vendors contacted: ColoradoFTP author Sergei Abramov Discovered by: Rv3Laboratory...

SquirrelMail 1.4.7 - Arbitrary Variable Overwrite

SquirrelMail 1.4.7 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: SquirrelMail Product: SquirrelMail Version: = 1.4.7 Website: http://www.squirrelmail.org BID: 19486 CVE: CVE-2006-4019 OSVDB: 27917 SECUNIA: 21354 Description: SquirrelMail is a standards-based...

EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation

EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: 3.3.21289.1311 Summary: myris® provides unparalleled security, is...

WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities

WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities Multiple vulnerabilities in WebNMS Framework Server 5.2 and 5.2 SP1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure:...

EyeLock nano NXT 3.5 - Remote Code Execution

EyeLock nano NXT 3.5 - Remote Code Execution !/usr/bin/env python EyeLock nano NXT 3.5 Remote Root Exploit Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT...

Microsoft Word 2007201020132016 - Out-of-Bounds Read Code Execution (MS16-099)

Microsoft Word 2007201020132016 - Out-of-Bounds Read Code Execution MS16-099 Application: Microsoft Office Word Platforms: Windows, OSX Versions: Microsoft Office Word 2007,2010,2013,2016 Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @SebMorin1, @COSIG...

EyeLock nano NXT 3.5 - Local File Disclosure

EyeLock nano NXT 3.5 - Local File Disclosure EyeLock nano NXT 3.5 Local File Disclosure Vulnerability Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT...

Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities + Credits: John Page hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSRF.txt + ISR: ApparitionSec Vendor: =============== www.nagios.co...

SAP SAPCAR - Multiple Vulnerabilities

SAP SAPCAR - Multiple Vulnerabilities 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP...

vBulletin 5.2.2 - Server-Side Request Forgery

vBulletin 5.2.2 - Server-Side Request Forgery ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6483 - Release date: 05.08.2016 - Severity: High ============================================= I...

Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery

Xfinity Gateway Technicolor DPC3941T - Cross-Site Request Forgery Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Date: 09/08/2016 Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The Device DPC3941T is...

Navis Webaccess - SQL Injection

Navis Webaccess - SQL Injection @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under maintenan...

WordPress Plugin Add From Server 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)

WordPress Plugin Add From Server 3.3.2 - Cross-Site Request Forgery Arbitrary File Upload Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Abstract It was discovered that Add From Server is vulnerabile to Cross-Site Request Forgery. It can be exploited by luring the...

PHPCollab CMS 2.5 - emailusers.php SQL Injection

PHPCollab CMS 2.5 - emailusers.php SQL Injection Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1898 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID VL-I...

Microsoft Windows 7 (x86x64) - Group Policy Privilege Escalation (MS16-072)

Microsoft Windows 7 x86x64 - Group Policy Privilege Escalation MS16-072 Exploit Title: Group Policy Elevation of Privilege Vulnerability Date: 08-08-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-3223 Category: Privilege Escalation SPECIAL CONFIG:...

NUUO NVRmini 2 3.0.8 - Remote Code Execution

NUUO NVRmini 2 3.0.8 - Remote Code Execution !/usr/bin/env python NUUO Remote Root Exploit Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with...

NUUO NVRmini 2 3.0.8 - strong_user.php Backdoor Remote Shell Access

NUUO NVRmini 2 3.0.8 - stronguser.php Backdoor Remote Shell Access NUUO Backdoor stronguser.php Remote Shell Access Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: fileData = file$file; $this-file = $file; else throw new Ex...

NUUO NVRmini 2 3.0.8 - Local File Disclosure

NUUO NVRmini 2 3.0.8 - Local File Disclosure NUUO Local File Disclosure Vulnerability Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 NE-4160, NT-4040 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and...

NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections

NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections NUUO Multiple OS Command Injection Vulnerabilities Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 NE-4160, NT-4040, NT-4040R DP: =04.07.0000.0030, =04.03.0000.0035 FW: =02.02.00, =1.7.0 Summary: NUUO NVRmini 2...

NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)

NUUO NVRmini 2 3.0.8 - Remote Command Injection Shellshock NUUO NVRmini 2 NE-4160 ShellShock Remote Code Execution Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: Firmware Version: 02.02.00 NVR Version: 02.02.0000.0040 Device Pack Version: 04.07.0000.0030 Summary: NUUO...

NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion

NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion NUUO Arbitrary File Deletion Vulnerability Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: ================================================================== Tested on: GNU/Linux 3.0.8 armv7l GNU/Linux 2.6.31.8 armv5tel...

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery Add Admin input type="hidden" name="password2" value=...

Davolink DV-2051 - Multiple Vulnerabilities

Davolink DV-2051 - Multiple Vulnerabilities =================================================================== Title: Unauthenticated admin password change Product: Davolink modem Tested model: DV-2051 Vulnerability Type: Missing Function Level Access Control CWE-306 Risk Level: High Solution...

Kodi Web Server 16.1 - Denial of Service

Kodi Web Server 16.1 - Denial of Service Exploit Title: Kodi 16.1 Web Server Remote DoS Date: 06/08/2016 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor Homepage: https://kodi.tv/ Software Link:...

PHP Power Browse 1.2 - Directory Traversal

PHP Power Browse 1.2 - Directory Traversal Exploit Title: PHP Power Browse v1.2 - Path Traversal Google Dork: intitle:PHP Power Browse inurl:browse.php Exploit Author: Manuel Mancera sinkmanu | sinkmanu at gmail dot com Software URL: https://github.com/arzynik/PHPPowerBrowse Version: 1.2...

zFTP Client 20061220 - Connection Name Local Buffer Overflow

zFTP Client 20061220 - Connection Name Local Buffer Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: zFTP Client Affected value: NAME under FTP connection Where in the code: Line 30 in strcpychk.c...

NUUO NVRmini2 NVRsolo Crystal Devices NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities

NUUO NVRmini2 NVRsolo Crystal Devices NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application Discovered by Pedro Ribeiro [email protected], Agile Information Security...

Subrion CMS 4.0.5 - SQL Injection

Subrion CMS 4.0.5 - SQL Injection Document Title: =============== Subrion v4.0.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1893 Release Date: ============= 2016-08-04 Vulnerability Laboratory ID VL-ID:...

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated...

ntopnbox 2.3 2.5 - Multiple Vulnerabilities

ntopnbox 2.3 2.5 - Multiple Vulnerabilities E-DB Note: Source http://carnal0wnage.attackresearch.com/2016/08/got-any-rces.html The issues were found originally in nbox 2.3 and confirmed in nbox 2.5 To make things easier, I created a Vagrantfile with provisioning so you can have your own nbox...

NASdeluxe NDL-2400r 2.01.09 - OS Command Injection

NASdeluxe NDL-2400r 2.01.09 - OS Command Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-065 Product: NASdeluxe NDL-2400r Vendor: Starline Computer GmbH Affected Versions: 2.01.10 Tested Versions: 2.01.09 Vulnerability Type: OS Command Injection CWE-78 Risk Level:...

ntop-ng 2.5.160805 - Username Enumeration

ntop-ng 2.5.160805 - Username Enumeration Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib serv...

Wireshark 1.12.0 1.12.12 - NDS Dissector Denial of Service

Wireshark 1.12.0 1.12.12 - NDS Dissector Denial of Service Sample generated with AFL Build Information: TShark 1.12.9 v1.12.9-0-gfadb421 from HEAD Copyright 1998-2015 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for...

Wireshark 2.0.0 2.0.4 - CORBA IDL Dissectors Denial of Service

Wireshark 2.0.0 2.0.4 - CORBA IDL Dissectors Denial of Service GIOP capture Build Information: Version 2.0.3 v2.0.3-0-geed34f0 from master-2.0 Copyright 1998-2016 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions...

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - RLC Dissector Denial of Service

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - RLC Dissector Denial of Service Sample PCAP Build Information: TShark Wireshark 2.0.2 SVN Rev Unknown from unknown Copyright 1998-2016 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying...

Wireshark 2.0.0 2.0.4 - MMSE WAP WBXML WSP Dissectors Denial of Service

Wireshark 2.0.0 2.0.4 - MMSE WAP WBXML WSP Dissectors Denial of Service Build Information: TShark Wireshark 2.0.2 SVN Rev Unknown from unknown Copyright 1998-2016 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions...