Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - WSP Dissector Denial of Service

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - WSP Dissector Denial of Service Sample generated with AFL Build Information: TShark Wireshark 2.0.4 Copyright 1998-2016 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions...

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - PacketBB Dissector Denial of Service

Wireshark 1.12.0 1.12.12 2.0.0 2.0.4 - PacketBB Dissector Denial of Service Sample generated by AFL Build Information: TShark 1.12.9 v1.12.9-0-gfadb421 from HEAD Copyright 1998-2015 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty;...

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

Open Upload 0.4.2 - Cross-Site Request Forgery Add Admin ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

Halliburton LogView Pro 9.7.5 - .cgm .tif .tiff .tifh Crash (PoC)

Halliburton LogView Pro 9.7.5 - .cgm .tif .tiff .tifh Crash PoC Exploit Title: Haliburton LogView Pro v9.7.5 Exploit Author: Karn Ganeshen Download link: http://www.halliburton.com/public/lp/contents/InteractiveTools/web/Toolkits/lp/HalliburtonLogViewer.exe Version: Current version 9.7.5 Tested o...

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploite...

WordPress Plugin Booking Calendar 6.2 - SQL Injection

WordPress Plugin Booking Calendar 6.2 - SQL Injection SQL injection vulnerability in Booking Calendar WordPress Plugin Abstract An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected...

WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (AddImport Arbitrary Subscribers)

WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery AddImport Arbitrary Subscribers Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This iss...

WebKit - TypedArray.copyWithin Memory Corruption

WebKit - TypedArray.copyWithin Memory Corruption length; long to = argumentClampedIndexFromStartOrEndexec, 0, length; long from = argumentClampedIndexFromStartOrEndexec, 1, length; long final = argumentClampedIndexFromStartOrEndexec, 2, length, length; if final thisValue; long count =...

phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution

phpMyAdmin 4.6.2 - Authenticated Remote Code Execution !/usr/bin/env python """cve-2016-5734.py: PhpMyAdmin 4.3.0 - 4.6.2 authorized user RCE exploit Details: Working only at PHP 4.3.0-5.4.6 versions, because of regex break with null byte fixed in PHP 5.4.7. CVE: CVE-2016-5734 Author:...

Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)

Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Web Application Firewall 'Barracuda Web Application Firewall %q This module exploits a remote command execution vulnerability in the Barracuda Web Application Firweall firmwar...

WebKit - TypedArray.fill Memory Corruption

WebKit - TypedArray.fill Memory Corruption length; unsigned begin = argumentClampedIndexFromStartOrEndexec, 1, length; unsigned end = argumentClampedIndexFromStartOrEndexec, 2, length, length; if end thisValue; if !thisObject-setRangeToValueexec, begin, end, valueToInsert return...

Trend Micro Deep Discovery 3.73.8 SP1 (3.81)3.8 SP2 (3.82) - hotfix_upload.cgi Filename Remote Code Execution

Trend Micro Deep Discovery 3.73.8 SP1 3.813.8 SP2 3.82 - hotfixupload.cgi Filename Remote Code Execution Version: TDA 2.6.1062r1 Summary: The hotfixupload.cgi file contains a flaw allowing a user to execute commands under the context of the root user. Details: The hotfixupload.cgi file is used to...

Linux Kernel (ARMARM64) - perf_event_open() Arbitrary Memory Read

Linux Kernel ARMARM64 - perfeventopen Arbitrary Memory Read perfeventopen offers to collect various pieces of information when an event occurs, including a user stack backtrace PERFSAMPLECALLCHAIN. To collect a user stack backtrace, the kernel grabs the userland register state if the event occure...

AXIS (Multiple Products) - devtools (Authenticated) Remote Command Execution

AXIS Multiple Products - devtools Authenticated Remote Command Execution / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information...

VUPlayer 2.49 - .pls File Stack Buffer Overflow (DEP Bypass)

VUPlayer 2.49 - .pls File Stack Buffer Overflow DEP Bypass !/usr/bin/python import os,sys Tested Windows 7 Home x86 & Windows 10 Home x86x64 badchars \x00\x0a\x1a\x20\x40 msfvenom -a x86 --platform windows -p windows/exec CMD=calc.exe -b "\x00\x0a\x1a\x20\x40" -f python buf = "" buf +=...

AppArmor securityfs 4.8 - aa_fs_seq_hash_show Reference Count Leak

AppArmor securityfs 4.8 - aafsseqhashshow Reference Count Leak / There's a reference count leak in aafsseqhashshow that can be used to overflow the reference counter and trigger a kernel use-after-free static int aafsseqhashshowstruct seqfile seq, void v struct aareplacedby r = seq-private; struc...

WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection

WordPress Plugin Ultimate Product Catalog 3.9.8 - doshortcode via ajax Blind SQL Injection Exploit Title: Wordpress Ultimate-Product-Catalog getrow"SELECT FROM $cataloguestablename WHERE CatalogueID=" . $id; $CatalogueItems = $wpdb-getresults"SELECT FROM $catalogueitemstablename WHERE CatalogueID...

mySCADAPro 7 - Local Privilege Escalation

mySCADAPro 7 - Local Privilege Escalation mySCADAProv7 Local Privilege Escalation Vendor: mySCADA Technologies s.r.o. Product web page: https://www.myscada.org/ Affected application: myscadaPro Affected version: v7 Current version Vulnerability discovered by: Karn Ganeshen Description: myscadaPro...

Barracuda Web App Firewall 8.0.1.008Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)

Barracuda Web App Firewall 8.0.1.008Load Balancer 5.4.0.004 - Authenticated Remote Command Execution Metasploit 3 Exploit Title: Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit 3 Date: 07/28/16 Exploit Author: xort [email protected] Vendor Homepage:...

Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH)

Easy File Sharing Web Server 7.2 - Remote Overflow Egghunter SEH !/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 SEH Overflow with Egghunter Date: July 29, 2016 Exploit Author: ch3rn0byl Vendor Homepage: http://www.sharing-file.com/ Software Link:...

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF...

Barracuda Web App Firewall 8.0.1.007Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)

Barracuda Web App Firewall 8.0.1.007Load Balancer 5.4.0.004 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit 2 Date: 07/25/16 Exploit Author: xort [email protected] Vendor Homepage:...

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/irisaccesssystem/irisaccess4000/...

Iris ID IrisAccess ICU 7000-2 - Remote Command Execution

Iris ID IrisAccess ICU 7000-2 - Remote Command Execution Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS:...

PHP File Vault 0.9 - Directory Traversal

PHP File Vault 0.9 - Directory Traversal PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description...

Ubee EVW3226 ModemRouter 1.0.20 - Multiple Vulnerabilities

Ubee EVW3226 ModemRouter 1.0.20 - Multiple Vulnerabilities ''' Ubee EVW3226 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Ubee EVW3226, 1.0.20 - Product page: http://www.ubeeinteractive.com/products/cable/evw322...

Barracuda Spam Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)

Barracuda Spam Virus Firewall 5.1.3.007 - Remote Command Execution Metasploit Exploit Title: Barracuda Spam & Virus Firewall Post Auth Remote Root Exploit Date: 07/21/16 Exploit Author: xort [email protected] Vendor Homepage: https://www.barracuda.com/ Software Link:...

Rapid7 AppSpider 6.12 - Local Privilege Escalation

Rapid7 AppSpider 6.12 - Local Privilege Escalation Rapid7 AppSpider 6.12 Web Application Vulnerability Scanner Elevation Of Privilege Vendor: Rapid7, Inc. Product web page: https://www.rapid7.com Affected version: 6.12.10.1 Summary: While today's malicious attackers pursue a variety of goals,...

CodoForum 3.2.1 - SQL Injection

CodoForum 3.2.1 - SQL Injection 1. Advisory Information ======================================== Title : CodoForum = 3.2.1 Remote SQL Injection Vulnerability Vendor Homepage : https://codoforum.com/ Remotely Exploitable : Yes Versions Affected : Prior to 3.2.1 Tested on : Ubuntu Apache | PHP 5.5....

GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload

GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload Exploit Title: GRR = 3.0.0-RC1 all versions RCE with privilege escalation through file upload filter bypass authenticated Date: January 7th, 2016 Exploit Author: kmkz Bourbon Jean-marie | @kmkzsecurity Vendo...

PHP gettext 1.0.12 - gettext.php Code Execution

PHP gettext 1.0.12 - gettext.php Code Execution CVE-2016-6175 gettext.php | @kmkzsecurity Project Homepage: https://launchpad.net/php-gettext/ Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz Version: 1.0.12 latest release Tested on: Linux Debian, PHP...

CoolPlayer+ Portable 2.19.6 - .m3u File Stack Overflow (Egghunter + ASLR Bypass)

CoolPlayer+ Portable 2.19.6 - .m3u File Stack Overflow Egghunter + ASLR Bypass Exploit Title: CoolPlayer+ Portable build 2.19.6 - .m3u Stack Overflow Egghunter+ASLR bypass Exploit Author: Karn Ganeshen Download link:...

Hitron CGNV4 ModemRouter 4.3.9.9-SIP-UPC - Multiple Vulnerabilities

Hitron CGNV4 ModemRouter 4.3.9.9-SIP-UPC - Multiple Vulnerabilities Hitron CGNV4 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page:...

Mediacoder 0.8.43.5852 - .m3u (SEH)

Mediacoder 0.8.43.5852 - .m3u SEH Exploit Title: MediaCoder 0.8.43.5852 - .m3u SEH Exploit Exploit Author: Karn Ganeshen Vendor Homepage: http://www.mediacoderhq.com Download link: http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.45.5852.exe Version: Current version 0.8.43.58.52 Teste...

Barracuda Web App Firewall 8.0.1.007Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)

Barracuda Web App Firewall 8.0.1.007Load Balancer 5.4.0.004 - Remote Command Execution Metasploit Exploit Title: Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit Date: 07/21/16 Exploit Author: xort [email protected] Vendor Homepage: https://www.barracuda.com/ Software...

Micro Focus Filr 2 2.0.0.4211.2 1.2.0.846 - Multiple Vulnerabilities

Micro Focus Filr 2 2.0.0.4211.2 1.2.0.846 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Micro Focus former Novell Filr Appliance vulnerable version: Filr 2...

Technicolor TC7200 ModemRouter STD6.02.11 - Multiple Vulnerabilities

Technicolor TC7200 ModemRouter STD6.02.11 - Multiple Vulnerabilities ''' Technicolor TC7200 modem/router multiple vulnerabilities -------------------------------------------------------- Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page:...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Drupal Module CODER 2.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploi...

BelliniSupercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities

BelliniSupercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities ''' Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities Reported By: ================================== James McLean - Primary: james dot mclean at gmail dot com Secondary: labs at juicedigital dot net Device Overview:...

Compal CH7465LG-LC ModemRouter CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities

Compal CH7465LG-LC ModemRouter CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check 3 hours of the Mercury modem. We...

PHP 5.5.375.6.237.0.8 - bzread() Out-of-Bounds Write

PHP 5.5.375.6.237.0.8 - bzread Out-of-Bounds Write ''' PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its bzread' function: php-7.0.8/ext/bz2/bz2.c ,---- | 364 static PHPFUNCTIONbzread | 365 | ... | 382 ZSTRLENdata = phpstreamreadstream, ZSTRVALdata, ZSTRLENdata; | 383...

Drupal Module Coder 7.x-1.37.x-2.6 - Remote Code Execution

Drupal Module Coder 7.x-1.37.x-2.6 - Remote Code Execution array "coderupgrade" = array "module" = "color", "files" = array"color.module" , "extensions" = array"module", "items" = array array"olddir"="test; $cmd;", "newdir"="test", "paths" = array "modulesbase" = "../../../", "filesbase" =...

TFTP Server 1.4 - WRQ Remote Buffer Overflow (Egghunter)

TFTP Server 1.4 - WRQ Remote Buffer Overflow Egghunter Exploit Title: TFTP Server 1.4 - WRQ Buffer Overflow Exploit Egghunter Exploit Author: Karn Ganeshen Vendor Homepage: http://sourceforge.net/projects/tftp-server/ Version: 1.4 Tested on: Windows Vista SP2 Coded this for Vista Ultimate, Servic...

NetBSD - mail.local(8) Local Privilege Escalation

NetBSD - mail.local8 Local Privilege Escalation // Source: http://akat1.pl/?id=2 include include include include include include include include define ATRUNPATH "/usr/libexec/atrun" define MAILDIR "/var/mail" static int overwriteatrunvoid char script = "! /bin/sh\n" "cp /bin/ksh /tmp/ksh\n" "chm...

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download 1. ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitiv...

WordPress Plugin Video Player 1.5.16 - SQL Injection

WordPress Plugin Video Player 1.5.16 - SQL Injection !-- Multiple SQL injection vulnerabilities in WordPress Video Player Abstract It was discovered that WordPress Video Player is affected by multiple blind SQL injection vulnerabilities. Using these issues it is possible for a logged on Contribut...

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza...

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release:...

OpenSSH 7.2p2 - Username Enumeration

OpenSSH 7.2p2 - Username Enumeration !/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-19 Purpose: User na...

Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

Drupal Module RESTWS 7.x - PHP Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Drupal RESTWS Module 7.x Remote PHP Code Execution',...