41207 matches found
Valve Steam 3.42.16.13 - Local Privilege Escalation
Valve Steam 3.42.16.13 - Local Privilege Escalation Exploit Title: Valve Steam 3.42.16.13 Local Privilege Escalation CVE-ID: CVE-2016-5237 Date: 5/11/52016 Exploit Author: gsX Contact: [email protected] Vendor Homepage: http://www.valvesoftware.com/ Software Link:...
WordPress Plugin Simple Backup 2.7.11 - Multiple Vulnerabilities
WordPress Plugin Simple Backup 2.7.11 - Multiple Vulnerabilities Meta information Exploit Title: Wordpress plugin simple-backup - Multiple vulnerabilities Date: 2016-06-02 Exploit Author: PizzaHatHacker A gmail . com Vendor Homepage: DEAD LINK https://wordpress.org/plugins/simple-backup/ Software...
Nagios XI 5.2.7 - Multiple Vulnerabilities
Nagios XI 5.2.7 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios XI Multiple Vulnerabilities Affected versions: Nagios XI = 5.2.7 PDF:...
WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting
WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS,...
WordPress Plugin WP PRO Advertising System 4.6.18 - SQL Injection
WordPress Plugin WP PRO Advertising System 4.6.18 - SQL Injection Vendor Homepage: http://wordpress-advertising.com/ Software Link: http://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693 Version: 4.6.18 Tested on: Debian 8, PHP 5.6.17-3 Type: SQLi, Unserialize, File...
Notilus Travel Solution Software 2012 R3 - SQL Injection
Notilus Travel Solution Software 2012 R3 - SQL Injection Exploit Title: Notilus SQL injection Product: Notilus travel solution software Vulnerable Versions: 2012 R3 Tested Version: 2012 R3 Advisory Publication: 03/06/2016 Vulnerability Type: Improper Neutralization of Special Elements used in an...
WordPress Theme Newspaper 6.7.1 - Privilege Escalation
WordPress Theme Newspaper 6.7.1 - Privilege Escalation Vendor Homepage: http://tagdiv.com/newspaper/ Software Link: http://themeforest.net/item/newspaper/5489609 Version: 6.7.1 Tested on: Debian 8, PHP 5.6.17-3 Type: WP Options Overwrite, Possible more Time line: Found 23-APR-2016, Vendor notifie...
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock)
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection Shellshock Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop Google Dork: intitle:Install the Sun Secure Global Desktop Native Client Date: 6/4/2016 Exploit Author: [email protected]...
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)
Websockify C Implementation 0.8.0 - Buffer Overflow PoC Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product:...
Liferay CE 6.2 CE GA6 - Persistent Cross-Site Scripting
Liferay CE 6.2 CE GA6 - Persistent Cross-Site Scripting CVE-2016-3670 Stored Cross Site Scripting in Liferay CE 1. Vulnerability Properties Title: Stored Cross-Site Scripting Liferay CE CVE ID: CVE-2016-3670 CVSSv3 Base Score: 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Vendor: Liferay Inc Products:...
Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities
Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities Information ------------------------------ Advisory by ADEO Security Team Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension Affected Software : SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possib...
Relay Ajax Directory Manager relayb01-0717061.5.11.5.3 - Arbitrary File Upload
Relay Ajax Directory Manager relayb01-0717061.5.11.5.3 - Arbitrary File Upload Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution A vulnerability within the Relay Ajax Directory Manager web application allows unauthenticated attackers to...
AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities
AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECUTION.txt + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx:...
Wireshark - erf_meta_read_tag SIGSEGV
Wireshark - erfmetareadtag SIGSEGV Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=803 The following SIGSEGV crash due to an invalid memory read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr...
TCPDump 4.5.1 - Crash (PoC)
TCPDump 4.5.1 - Crash PoC Exploit Title: tcpdump 4.5.1 Access Violation Crash Date: 31st May 2016 Exploit Author: David Silveiro Vendor Homepage: http://www.tcpdump.org Software Link: http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz Version: 4.5.1 Tested on: Ubuntu 14 LTS from subprocess impor...
ProcessMaker 3.0.1.7 - Multiple Vulnerabilities
ProcessMaker 3.0.1.7 - Multiple Vulnerabilities Exploit Title: ProcessMaker v3.0.1.7 Multiple vulnerabilities Date: 31/05/2016 Author: Mickael Dorigny @ information-security.fr Vendor or Software Link: http://www.processmaker.com/ Version: 3.0.1.7 Category: Multiple Vulnerabilities ProcessMaker...
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution Metasploit Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/...
Flatpress 1.0.3 - Cross-Site Request Forgery Arbitrary File Upload
Flatpress 1.0.3 - Cross-Site Request Forgery Arbitrary File Upload FlatPress 1.0.3 CSRF Arbitrary File Upload RCE PoC function exec var command = document.getElementById"exec"; var url = "http://localhost/flatpress/fp-content/attachs/test.php?cmd="; var cmdexec...
CCextractor 0.80 - Crash (PoC)
CCextractor 0.80 - Crash PoC Exploit Title: CCextractor 0.80 Access Violation Crash Date: 31st May 2016 Exploit Author: David Silveiro Xino.co.uk Vendor Homepage: http://www.ccextractor.org/ Software Link: http://www.ccextractor.org/download-ccextractor.html Version: 0.80 Tested on: Ubuntu 14 LTS...
AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities
AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pabl...
MySQL 5.5.45 - procedure analyse Function Denial of Service
MySQL 5.5.45 - procedure analyse Function Denial of Service !/usr/bin/env python Title: MySQL Procedure Analyse DoS Exploit Author: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Version: Vulnerable upto MySQL 5.5.45 Original Write-up:...
Open Source Real Estate Script 3.6.0 - SQL Injection
Open Source Real Estate Script 3.6.0 - SQL Injection Exploit Title: real-estate classified script Sql Injection Date: 2015-05-29 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/open-source-real-estate-script/ Version:...
FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC)
FreeBSD Kernel FreeBSD 10.2 x64 - sendmsg Kernel Heap Overflow PoC include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym;...
FreeBSD Kernel (FreeBSD 10.2 10.3 x64) - SETFKEY (PoC)
FreeBSD Kernel FreeBSD 10.2 10.3 x64 - SETFKEY PoC include include include include include include include include include include include include int kprintfconst char fmt, ...; char ostype; uint64t originalRip; uint64t originalRbp; void resolvechar name struct kldsymlookup ksym; ksym.version =...
PHP Realestate Script Script 4.9.0 - SQL Injection
PHP Realestate Script Script 4.9.0 - SQL Injection Exploit Title: Property Agent RealeState Script Sql Injection Date: 2015-05-27 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/php-realestate-script/ Version: 4.9.0...
VideoLAN VLC Media Player 2.2.1 - DecodeAdpcmImaQT Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - DecodeAdpcmImaQT Buffer Overflow In modules/codec/adpcm.c, VLC can be made to perform an out-of-bounds write with user-controlled input. The function DecodeAdpcmImaQT at adpcm.c:595 allocates a buffer which is filled with bytes from the input stream. However, it...
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=749 The following crash due to a heap-based buffer overflow can be observed in a slightly modified ASAN build of the standard Graphite2 gr2FontTest utility git trunk, triggere...
EduSec 4.2.5 - SQL Injection
EduSec 4.2.5 - SQL Injection EduSec 4.2.5 Multiple SQL Injection Vulnerabilities Vendor: Rudra Softech Product web page: http://www.rudrasoftech.com Affected version: 4.2.5 Summary: EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is...
Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads
Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=756 We have encountered several different crashes in the graphite2::NameTable::getName method, observed in an ASAN build of the standard Graphite2 gr2FontTest utility...
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=755 The following crash due to a heap-based buffer overread can be observed in an ASAN build of the standard Graphite2 gr2FontTest utility git trunk, triggered with the...
Real Estate Portal 4.1 - Multiple Vulnerabilities
Real Estate Portal 4.1 - Multiple Vulnerabilities Real Estate Portal v4.1 Remote Code Execution Vulnerability Vendor: NetArt Media Product web page: http://www.netartmedia.net Affected version: 4.1 Summary: Real Estate Portal is a software written in PHP, allowing you to launch powerful and...
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=752 The following crash due to a heap-based buffer overread can be observed in an ASAN build of the standard Graphite2 gr2FontTest utility git trunk, triggered with the followi...
Graphite2 - GlyphCache::Loader Heap Overreads
Graphite2 - GlyphCache::Loader Heap Overreads Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=751 The following crashes due to two different heap-based buffer overreads can be observed in an ASAN build of the standard Graphite2 gr2FontTest utility git trunk, triggered with the...
HP Data Protector A.09.00 - Arbitrary Command Execution
HP Data Protector A.09.00 - Arbitrary Command Execution !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...
PowerFolder Server 10.4.321 - Remote Code Execution
PowerFolder Server 10.4.321 - Remote Code Execution Mogwai Security Advisory MSA-2016-01 ---------------------------------------------------------------------- Title: PowerFolder Remote Code Execution Vulnerability Product: PowerFolder Server Affected versions: 10.4.321 Linux/Windows Other versio...
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro...
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities Operation Technology ETAP 14.1.0 Multiple Stack Buffer Overrun Vulnerabilities Vendor: Operation Technology, Inc. Product web page: http://www.etap.com Affected version: 14.1.0.0 Summary: Enterprise Software Solution...
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
XenAPI 1.4.1 for XenForo - Multiple SQL Injections RCESEC-2016-002 XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI...
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
Operation Technology ETAP 14.1.0 - Local Privilege Escalation Operation Technology ETAP 14.1.0 Local Privilege Escalation Vendor: Operation Technology, Inc. Product web page: http://www.etap.com Affected version: 14.1.0.0 Summary: Enterprise Software Solution for Electrical Power Systems. ETAP is...
WordPress Plugin Job Script by Scubez - Remote Code Execution
WordPress Plugin Job Script by Scubez - Remote Code Execution !C:/Python27/python.exe -u JobScript Remote Code Execution Exploit Vendor: Jobscript Product web page: http://www.jobscript.in Affected version: Unknown Summary: JobScript is inbuilt structured website was developed in PHP and MySQL...
SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection
SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP...
VirIT Explorer Lite Pro 8.1.68 - Local Privilege Escalation
VirIT Explorer Lite Pro 8.1.68 - Local Privilege Escalation / Full title: VirIT Explorer Lite & Pro v.8.1.68 Local Privilege Escalation System/Arbitrary Code Execution Exploit Author: Paolo Stagno - [email protected] Vendor Homepage: http://www.tgsoft.it Version: VirIT Explorer Lite & Pro...
Apple QuickTime - .mov Parsing Memory Corruption
Apple QuickTime - .mov Parsing Memory Corruption Application: Apple Quicktime Platforms: OSX Author: Francis Provencher of COSIG Website: http://www.protekresearchlab.com/ Twitter: @COSIG @protekresearch CVE-2016-1848 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1...
4digits 1.1.4 - Local Buffer Overflow (PoC)
4digits 1.1.4 - Local Buffer Overflow PoC 4digits 1.1.4 Local Buffer Overflow Privilege Escalation if setuid/setgid Discoverd by NA , NA at tutanota.com Downloaded and tested upon Kali Linux Vendor has been notified. Description ------------- 4digits is a guess-the-number puzzle game. It's also...
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016...
Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File
Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // ...
Adobe Flash - SetNative Use-After-Free
Adobe Flash - SetNative Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=800 There is a use-after-free in SetNative. If a watch is placed on a native that is initialized by SetNative, it can delete the object the set is being called on, leading to a use-after-free....
Adobe Flash - Heap Overflow in ATF Processing Image Reading
Adobe Flash - Heap Overflow in ATF Processing Image Reading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=789 There is a large heap overflow in reading an ATF image to a Bitmap object. To reproduce the issue, load the attach file '4' using LoadImage.swf as follows:...
Adobe Flash - addProperty Use-After-Free
Adobe Flash - addProperty Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=801 There is a use-after-free in addProperty. If a property is added to a MovieClip object that already has a watch defined, and the watch deleted the MovieClip, it is used after it is freed...