Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation

Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation input type="hidden" name="version" value="0"...

Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery (Add Advanced Admin)

Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery Add Advanced Admin input type...

WebsphereJBossOpenNMSSymantec Endpoint Protection Manager - Java Deserialization Remote Code Execution

WebsphereJBossOpenNMSSymantec Endpoint Protection Manager - Java Deserialization Remote Code Execution ! /bin/bash/env python3 / | | | | | \ \ / \ '| |/ | |/ | / | '| | / | | | | | | | | || | | |/ || ||,||,|\/|| By Nikhil Sreekumar @roo7break import sys import base64 import httplib2 import...

Wowza Streaming Engine 4.5.0 - Local Privilege Escalation

Wowza Streaming Engine 4.5.0 - Local Privilege Escalation Wowza Streaming Engine 4.5.0 Local Privilege Escalation Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: Wowza Streaming Engine 4.5.0 build 18676 Wowza Streaming Engine Manager 4.5.0 build 18676...

NewsP Free News Script 1.4.7 - User Credentials Disclosure

NewsP Free News Script 1.4.7 - User Credentials Disclosure Exploit Title: Free News Script User Password Download File Date: 2016-07-18 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.newsp.eu/index.php?pt=ns Version: All Version Download Link ...

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String

Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...

newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure

newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure Exploit Title: PHP calendar script Password Download File Date: 2016-07-18 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.newsp.eu/calendarscript.php?pt=st Version: All Version...

OpenSSHd 7.2p2 - Username Enumeration

OpenSSHd 7.2p2 - Username Enumeration Source: http://seclists.org/fulldisclosure/2016/Jul/51 -------------------------------------------------------------------- User Enumeration using Open SSHD =Latest version. ------------------------------------------------------------------- Abstract:...

Meinberg NTP Time Server ELX800GPS M4x V5.30p - Remote Command Execution Escalate Privileges

Meinberg NTP Time Server ELX800GPS M4x V5.30p - Remote Command Execution Escalate Privileges !/usr/bin/python EDB Note: Source https://github.com/securifera/CVE-2016-3962-Exploit EDB Note: More info https://www.securifera.com/blog/2016/07/17/time-to-patch-rce-on-meinberg-ntp-time-server/ 271 -...

Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure

Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure - Exploit Title: clear voyager hotspot IMW-C910W - file disclosure - Date: 2016/jul/15 - Exploit Author: Damaster - Vendor Homepage: https://www.sprint.com/ - Software Link:...

Joomla! Component Guru Pro - Itemid SQL Injection

Joomla! Component Guru Pro - Itemid SQL Injection Exploit Title: Joomla Guru Pro comguru Component - SQL Injection Exploit Author: s0nk3y Date: 14/07/2016 Vendor Homepage: https://www.ijoomla.com Software Link:...

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor...

Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption

Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption Application: Adobe Flash Player Platforms: Windows,OSX Versions: 22.0.0.192 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE-2016-4175 COSIG-2016-22 1...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (3)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 3 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE:...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (5)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 5 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE:...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (1)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 1 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin and Pier-Luc Maltais of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: Ju...

Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption

Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption Application: Adobe Flash Player Platforms: Windows,OSX Versions: 22.0.0.192 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE-2016-4179 COSIG-2016-23...

Adobe Flash Player 22.0.0.192 - TAG Memory Corruption

Adobe Flash Player 22.0.0.192 - TAG Memory Corruption Application: Adobe Flash Player Platforms: Windows,OSX Versions: 22.0.0.192 and earlier Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/avis/ Twitter: @COSIG Date: 12 juillet 2016 CVE-2016-4176 COSIG-2016-20 1 Introductio...

Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Apache Archiva Vendor URL: https://archiva.apache.org Type: Cross-Site Request Forgery CWE-253 Date found: 2016-05-...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (7)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 7 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE:...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (2)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 2 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin and Pier-Luc Maltais of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: Ju...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (4)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 4 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE:...

Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption

Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption Application: Adobe Flash Player Platforms: Windows,OSX Versions: 22.0.0.192 and earlier Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/avis/ Twitter: @COSIG Date: 12 juillet 2016 CVE-2016-4177 COSIG-2016-21...

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption (6)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font .ttf Memory Corruption 6 Application: Adobe Acrobat Reader DC Platforms: Windows,OSX Versions: 15.016.20045 and earlier Author: Sébastien Morin of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: July 12, 2016 CVE:...

WordPress Plugin All in One SEO Pack 2.3.6.1 - Persistent Cross-Site Scripting

WordPress Plugin All in One SEO Pack 2.3.6.1 - Persistent Cross-Site Scripting Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin David Vaartjes Abstract A stored Cross-Site Scripting vulnerability was found in the Bot Blocker functionality of the All in One SEO Pack WordPres...

Adobe Flash - LMZA Property Decoding Heap Corruption

Adobe Flash - LMZA Property Decoding Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows:...

Beauty Parlour SPA Saloon Management System - Blind SQL Injection

Beauty Parlour SPA Saloon Management System - Blind SQL Injection Vulnerability Title : Beauty Parlour & SPA Saloon Management System Unauthenticated Blind SQL Injection booking.php age Vulnerability Date : 11/07/2016 Exploit Author : Yakir Wizman Vendor Homepage :...

Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass

Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass ''' Exploit Title: Belkin Router AC1200, Firmware: 1.00.27 - Authentication Bypass Date: 5/11/2016 Exploit Author: Gregory Smiley Contact: [email protected] Vendor Homepage: http://www.belkin.com Version: Firmware: 1.00.27 Tested...

Adobe Flash - JXR Processing Double-Free

Adobe Flash - JXR Processing Double-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788 There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to...

WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting

WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting Persistent Cross-Site Scripting in WordPress Activity Log plugin Han Sahin Abstract A stored Cross-Site Scripting XSS vulnerability has been found in the WordPress Activity Log plugin. By using this vulnerability an attacker ca...

Tiki Wiki CMS 15.0 - Arbitrary File Download

Tiki Wiki CMS 15.0 - Arbitrary File Download Exploit Title: Tiki Wiki CMS 15.0 Arbitrary File Download Date: 11-07-2016 Software Link: https://tiki.org Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Using...

Clinic Management System - Blind SQL Injection

Clinic Management System - Blind SQL Injection Vulnerability Title : Clinic Management System Unauthenticated Blind SQL Injection apointment.php age Vulnerability Date : 11/07/2016 Exploit Author : Yakir Wizman Vendor Homepage : http://rexbd.net/software/clinic-management-system Version : All...

Tiki Wiki 15.1 - File Upload (Metasploit)

Tiki Wiki 15.1 - File Upload Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tiki Wiki Unauthenticated File Upload Vulnerability', 'Description' = %q This module...

Adobe Flash - ATF Image Packing Overflow

Adobe Flash - ATF Image Packing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=793 There is a heap overflow in ATF impage packing. To reproduce the issue, load the attach file '129' using LoadImage.swf as follows: LoadImage.swf?img=129 Proof of Concept:...

IPS Community Suite 4.1.12.3 - PHP Code Injection

IPS Community Suite 4.1.12.3 - PHP Code Injection --------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404...

Adobe Flash - ATF Processing Overflow

Adobe Flash - ATF Processing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=786 The attached ATF file causes a heap overflow in ATF processing. To reproduce this issue, put LoadImage.swf and test.png on a remote server, and visit...

WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)

WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery Add Catetory Exploit Title : WordPress Lazy content Slider Plugin - CSRF Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/support/view/plugin-reviews/lazy-content-slider Category: Webapps...

Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash (PoC)

Microsoft Process Kill Utility kill.exe 6.3.9600.17298 - Crash PoC ''' + Credits: HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product:...

PHP Real Estate Script 3 - Arbitrary File Disclosure

PHP Real Estate Script 3 - Arbitrary File Disclosure Exploit Title: php Real Estate Script Arbitrary File Disclosure Date: 2016-07-08 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.realestatescript.eu/ Version: v.3 Download Link :...

InstantHMI 6.1 - Local Privilege Escalation

InstantHMI 6.1 - Local Privilege Escalation Title: InstantHMI - EoP: User to ADMIN CWE Class: CWE-276: Incorrect Default Permissions Date: 01/06/2016 Vendor: Software Horizons Product: InstantHMI Version: 6.1 Download link: http://www.instanthmi.com/ihmisoftware.htm Tested on: Windows 7 x86, full...

Hide.Me VPN Client 1.2.4 - Local Privilege Escalation

Hide.Me VPN Client 1.2.4 - Local Privilege Escalation Title: Hide.Me VPN Client - EoP: User to SYSTEM CWE Class: CWE-276: Incorrect Default Permissions Date: 01/06/2016 Vendor: eVenture Product: Hide.Me VPN Client Version: 1.2.4 Download link: https://hide.me/en/software/windows Tested on: Window...

CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval

CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval Vendor: CyberPower Systems, Inc. Product web page: https://www.cyberpowersystems.com Affected version: 3.1.2 37567 Business Edition Summary: The...

Streamo Online Radio And TV Streaming CMS - SQL Injection

Streamo Online Radio And TV Streaming CMS - SQL Injection Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage :...

Microsoft WinDbg - logviewer.exe Crash (PoC)

Microsoft WinDbg - logviewer.exe Crash PoC + Credits: HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDBG-LOGVIEWER-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ==================== WinDbg...

OPAC KpwinSQL - Multiple Vulnerabilities

OPAC KpwinSQL - Multiple Vulnerabilities OPAC KpwinSQL LFI/XSS Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Website : http://www.kpsys.cz/ Affected version: All -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Description: KpwinSQL suffers from an unauthenticated file inclusion...

GE Proficy HMISCADA CIMPLICITY 8.2 - Local Privilege Escalation

GE Proficy HMISCADA CIMPLICITY 8.2 - Local Privilege Escalation / Exploit Title: GE Proficy HMI/SCADA CIMPLICITY 8.2 Local Privilege Escalation Exploit0 day Vulnerability Discovery and Exploit Author: Zhou Yu Email: Version: 8.2 Tested on: Windows 7 SP1 X32 CVE : None Vulnerability Description:...

Tiki Wiki 15.1 - File Upload

Tiki Wiki 15.1 - File Upload !/usr/bin/python недействительный 31337 Team p4yl04d = https://bethebeast.pl/?p=953 ::ch4n6e 1p:: import requests import json from requests.auth import HTTPBasicAuth url = 'http://192.168.1.152:8080/tiki/vendorextra/elfinder/php/connector.minimal.php' headers = 'Host'...

Samsung Android JACK - Local Privilege Escalation

Samsung Android JACK - Local Privilege Escalation Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=796 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be...

OpenFire 3.10.2 4.0.1 - Multiple Vulnerabilities

OpenFire 3.10.2 4.0.1 - Multiple Vulnerabilities Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 Product Description OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime...

PaKnPost Pro 1.14 - Multiple Vulnerabilities

PaKnPost Pro 1.14 - Multiple Vulnerabilities Exploit Title: PaKnPost Pro Arbitrary File Upload & Remote Code Execution Date: 2016-07-06 Product: PaKnPost Pro Vendor Homepage: http://www.paknpost.org Software Link: https://sourceforge.net/projects/paknpost/ Version: =1.14 Tested on: Windows, Linux...