41207 matches found
24online SMS_2500i 8.3.6 build 9.0 - SQL Injection
24online SMS2500i 8.3.6 build 9.0 - SQL Injection Exploit Title: SQL Injection In 24 Online Billing API Date: 03/07/2016 Exploit Author: Rahul Raz Vendor Homepage: http://24onlinebilling.com Software Name:24online Model SMS2500i Version: 8.3.6 build 9.0 Tested on: Ubuntu Linux Potentially others...
GNU Wget 1.18 - Arbitrary File Upload Remote Code Execution
GNU Wget 1.18 - Arbitrary File Upload Remote Code Execution ============================================= - Release date: 06.07.2016 - Discovered by: Dawid Golunski - Severity: High - CVE-2016-4971 ============================================= I. VULNERABILITY ------------------------- GNU Wget...
CIMA DocuClass ECM - Multiple Vulnerabilities
CIMA DocuClass ECM - Multiple Vulnerabilities Exploit Title: CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities Date: July 15, 2016 Exploit Author: Karn Ganeshen ipositivesecurity.blogspot.com Vendor Homepage: cima-software.com Version: app version All Tested on: Microsoft...
Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities
Advanced Webhost Billing System AWBS 2.9.6 - Multiple Vulnerabilities AWBS v2.9.6 Multiple Remote Vulnerabilities Vendor: Total Online Solutions, Inc. Product web page: http://www.awbs.com Affected version: 2.9.6 Platform: PHP Summary: Whether starting new or looking to expand your existing web...
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
Ktools Photostore 4.7.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ktools Photostore = 4.7.5 Multiple Vulnerabilities Bug discovered by Yakir Wizman Date 01/07/2016 Affected versions prior to 4.7.5 Vendor Homepage - http://www.ktools.net...
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset Local Privilege Escalation
Linux Kernel 4.4.0-21 Ubuntu 16.04 x64 - netfilter targetoffset Local Privilege Escalation / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root...
WebCalendar 1.2.7 - Multiple Vulnerabilities
WebCalendar 1.2.7 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt + ISR: ApparitionSec Vendor: ========================== www.k5n.us/webcalendar.php...
eCardMAX 10.5 - Multiple Vulnerabilities
eCardMAX 10.5 - Multiple Vulnerabilities Advisory ID: ZSL-2016-5336 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5336.php eCardMAX 10.5 SQL Injection and XSS Vulnerabilities Software - eCardMAX 10.5 Vendor - eCardMAX.COM - http://www.ecardmax.com/ Vendor Product Description...
Exim 4 (Debian 8 Ubuntu 16.04) - Spool Privilege Escalation
Exim 4 Debian 8 Ubuntu 16.04 - Spool Privilege Escalation / -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello List, This is just a minor issue in Exim, no replies so far, so publication should be OK. Introduction: ============ Exim4 in some variants is started as root but switches to uid/gid...
WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities
WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities + POCExploit CodeCanyon Real3D FlipBook WordPress Plugin + http://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587 + Multiple Vulnerabilities Found by: Mukarram Khalid +...
XpoLog Center 6 - Remote Command Execution Cross-Site Request Forgery
XpoLog Center 6 - Remote Command Execution Cross-Site Request Forgery XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management...
Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping
Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping VuNote ============ Author: Version: 0.2 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping mitm Overview -------- Name: python Vendor: python software foundation References: https://www.python.org/ 1 Version: 2.7.1...
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Linux Kernel 4.4.0-21 Ubuntu 16.04 x64 - Netfilter targetoffset Out-of-Bounds Privilege Escalation / Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40053.zip / --------------------------------------------------- decr.c...
Phoenix Exploit Kit - Remote Code Execution
Phoenix Exploit Kit - Remote Code Execution Exploit Title: Phoenix Exploit Kit - Remote Code Execution Exploit Author: CrashBandicot @DosPerl Date: 2016-06-30 Tested on: MSWin32 Vuln file : geoip.php 492. isset$GET'bdr' ? eval$GET'bdr' : explode'nop','nop nop nop'; PoC :...
Ktools Photostore 4.7.5 - Blind SQL Injection
Ktools Photostore 4.7.5 - Blind SQL Injection Title : Ktools Photostore = 4.7.5 Pre-Authentication Blind SQL Injection CVE-ID : CVE-2016-4337 Google Dork: inurl:mgr.login.php Product : Photostore Affected : Versions prior to 4.7.5 Impact : Critical Remote : Yes Website link: http://www.ktools.net...
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product:...
WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection
WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment...
Symantec AntiVirus - TNEF Decoder Integer Overflow
Symantec AntiVirus - TNEF Decoder Integer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=819 Simple fuzzing found an integer overflow in the dec2tnef library. This allocation from Attachment::setDataFromAttachment doesn't verify that the attacker controlled value doesn...
Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC)
Core FTP LE 2.2 - Path Field Local Buffer Overflow PoC ''' Exploit Title: Core FTP Server v2.2 - BufferOverflow POC Date: 2016-6-28 Exploit Author: Netfairy Vendor Homepage: http://www.coreftp.com/ Software Link: ftp://ftp.coreftp.com/coreftplite.exe Version: 2.2 Tested on: Windows7 Professional...
Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)
Ubiquiti Administration Portal - Remote Command Execution via Cross-Site Request Forgery !-- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date:...
Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC)
Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow PoC Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=823 A PowerPoint PPT file is a complicated OLE compound document comprising of a series of streams. The format is described by Microsoft in...
Symantec AntiVirus - Heap Overflow Modifying MIME Messages
Symantec AntiVirus - Heap Overflow Modifying MIME Messages Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=818 Symantec attempts to clean or remove components from archives or other multipart containers that they detect as malicious. The code that they use to remove components...
Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions
Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=810 A major component of the Symantec Antivirus scan engine is the "Decomposer", responsible for unpacking various archive formats such as ZIP, RAR, and so on. T...
Symantec AntiVirus - dec2lha Library Remote Stack Buffer Overflow (PoC)
Symantec AntiVirus - dec2lha Library Remote Stack Buffer Overflow PoC Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=814 The dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::getheader routine has a trivial stack buffer overflow...
Concrete5 CMS 5.7.3.1 - Application::dispatch Method Local File Inclusion
Concrete5 CMS 5.7.3.1 - Application::dispatch Method Local File Inclusion ------------------------------------------------------------------------------- Concrete5 installed 329. $response = $this-getEarlyDispatchResponse; 330. 331. if !isset$response 332. $collection = Route::getList; 333...
Lenovo ThinkPad - System Management Mode Arbitrary Code Execution
Lenovo ThinkPad - System Management Mode Arbitrary Code Execution Source: https://github.com/Cr4sh/ThinkPwn Lenovo ThinkPad System Management Mode arbitrary code execution exploit For more information about this project please read the following article:...
Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)
Microsoft Windows 7 SP1 x86 - Local Privilege Escalation MS16-014...
Symantec AntiVirus - Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink
Symantec AntiVirus - Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=821 A major component of the Symantec Antivirus scan engine is the "Decomposer", responsible for unpacking various archive formats such as ZI...
Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution
Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution -- coding: utf8 -- """ Exploit Title: Cuckoo Sandbox Guest XMLRPC Privileged RCE PoC Date: June 28th 2016 Exploit Author: Rémi ROCHER Vendor Homepage: https://cuckoosandbox.org/ Software Link:...
Untangle NGFW 12.1.0 Beta - execEvil() Command Injection
Untangle NGFW 12.1.0 Beta - execEvil Command Injection !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: [email protected] Disclosure Timeline: 22/4/2016 Attempted t...
HNB 1.9.18-10 - Local Buffer Overflow
HNB 1.9.18-10 - Local Buffer Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: HNB - Organizer Version: 1.9.18-10 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program...
CodoForum 3.4 - Persistent Cross-Site Scripting
CodoForum 3.4 - Persistent Cross-Site Scripting Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting Stored XSS Google Dork: intext:"powered by codoforum" Date: 01/06/2016 Exploit Author: Ahmed Sherif OffensiveBits Vendor Homepage: http://codologic.com/page/ Software Link:...
WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload
WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Option CloudGate CG0192-11897 - Multiple Vulnerabilities Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...
BigTree CMS 4.2.11 - SQL Injection
BigTree CMS 4.2.11 - SQL Injection 1. ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange = sqlfetchsqlquery"SELECT id FROM...
Panda Security (Multiple Products) - Local Privilege Escalation
Panda Security Multiple Products - Local Privilege Escalation Exploit Title: Panda Security Privilege Escalation Date: 27/6/2016 Exploit Author: Security-Assessment.com Vendor Homepage: http://www.pandasecurity.com Version: Panda Global Protection 2016 16.1.2,Panda Antivirus Pro 2016 16.1.2,Panda...
My Little Forum 2.3.5 - PHP Command Injection
My Little Forum 2.3.5 - PHP Command Injection / + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt + ISR: APPARITIONSEC Vendor: ================= mylittleforum.net Download:...
Mediacoder 0.8.43.5830 - .m3u Local Buffer Overflow (SEH)
Mediacoder 0.8.43.5830 - .m3u Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Mediacoder 0.8.43.5830 - Buffer Overflow SEH Exploit .m3u Date: 25-June-2016 Exploit Author: Sibusiso Sishi Email: sibusiso at IronSky dot co.za Vendor Homepage: http://www.mediacoderhq.com/ Software Link:...
SugarCRM 6.5.18 - PHP Code Injection
SugarCRM 6.5.18 - PHP Code Injection --------------------------------------------------------- SugarCRM $val 104. $str.= overridevaluetostringrecursive2$newArrayName, $key, $val, $saveempty; 105. 106. return $str; 107. else 108. if!$saveempty && empty$value 109. return; 110. else 111. return...
Riverbed SteelCentral NetProfiler NetExpress 10.8.7 - Multiple Vulnerabilities
Riverbed SteelCentral NetProfiler NetExpress 10.8.7 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities...
Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm
Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm Exploit Title: Magnet Networks – Weak WPA-PSK passphrases used in Tesley CPVA 642 Router Google Dork: Date: 01/06/2016 Author: Matt O'Connor Advisory Link: https://www.rgb.ie/magnet-broadband-weak-wpa-psk-algorithm.pdf...
OPAC KpwinSQL - SQL Injection
OPAC KpwinSQL - SQL Injection @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - OPAC KpwinSQL - SQL Injection Date - 6/24/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.kpsys.cz/ Product Download - http://www.kpsys.cz/kpwinsql/demo.html Product Version - / All...
Kagao 3.0 - Multiple Vulnerabilities
Kagao 3.0 - Multiple Vulnerabilities Application Name : Kagao v3.0 - Professional Classified Market Google Dork : inurl:/cat1.php?id2= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Vendor Homepage : http://kogaoscript.com/ Vulnerable Type : SQL Injection & Cross Site Scripting...
PInfo 0.6.9-5.1 - Local Buffer Overflow
PInfo 0.6.9-5.1 - Local Buffer Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: PInfo - File viewer Version: 0.6.9-5.1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program...
VUPlayer 2.49 (Windows 7) - .m3u Local Buffer Overflow (DEP Bypass)
VUPlayer 2.49 Windows 7 - .m3u Local Buffer Overflow DEP Bypass !/usr/bin/env python Exploit Title: VUPlayer =2.49 .M3u Buffer overflow exploit with DEP bypass Date: 26-06-2016 Exploit Author: secfigo Vendor Homepage: http://vuplayer.com/ Software Link:...
iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting
iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you...
XuezhuLi FileSharing - Directory Traversal
XuezhuLi FileSharing - Directory Traversal Exploit Title: XuezhuLi FileSharing - Path Traversal Vulnerability Date: 2016-06-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/XuezhuLi Software Link:...
Getsimple CMS 3.3.10 - Arbitrary File Upload
Getsimple CMS 3.3.10 - Arbitrary File Upload Exploit Title: Getsimple CMS 2. An attacker login to the admin page and uploading the backdoor 3. The uploaded file will be under the "/data/uploads/" folder Report Timeline ======================== 2016-06-23 : Vulnerability reported to...
XuezhuLi FileSharing - Cross-Site Request Forgery (Add User)
XuezhuLi FileSharing - Cross-Site Request Forgery Add User document.forms.csrfpoc.submit; cat /srv/userlists.txt aaaa csrftest --...
FinderView - Multiple Vulnerabilities
FinderView - Multiple Vulnerabilities Exploit Title: FinderView - Multiple VulnerabilityPath Traversal/Reflected XSS Date: 2016-06-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/proin/ Software Link:...