41207 matches found
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities SPSA-2016-02/ManageEngine ApplicationsManager------------------------------ SECURITY ADVISORY: SPSA-2016-02/ManageEngine Applications Manager Build No: 12700 Affected Software: ManageEngine Applications Manager Build No: 127...
Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing
Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing Software Link:http://en.browser.baidu.com/query/fullpackage.exe?lang=en Version:43.23.1000.476 Tested on:Win7/WinXP details: The baidu spark browser is vulnerable to Address Bar Spoofing in the latest version of the...
Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
Imagick 3.3.0 PHP 5.4 - Disable Functions Bypass Exploit Title: PHP Imagick disablefunctions Bypass Date: 2016-05-04 Exploit Author: RicterZ [email protected] Vendor Homepage: https://pecl.php.net/package/imagick Version: Imagick = 5.4 Test on: Ubuntu 12.04 Exploit: $ curl...
IPFire 2.19 Core Update 101 - Remote Command Execution
IPFire 2.19 Core Update 101 - Remote Command Execution Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Comman...
Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() bpf(BPF_PROG_LOAD) Privilege Escalation
Linux Kernel 4.4.x Ubuntu 16.04 - double-fdput bpfBPFPROGLOAD Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808 In Linux =4.4, when the CONFIGBPFSYSCALL config option is set and the kernel.unprivilegedbpfdisabled sysctl is not explicitly set to 1 at runtim...
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access etcshadow)
Linux Kernel Ubuntu 14.04.3 - perfeventopen Can Race with execve Access etcshadow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as...
TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 -...
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...
CMS Made Simple 1.12.1 2.1.3 - Web Server Cache Poisoning
CMS Made Simple 1.12.1 2.1.3 - Web Server Cache Poisoning ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugi...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
OpenSSL - Padding Oracle in AES-NI CBC MAC Check Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39768.zip You can...
McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption
McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase...
NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities
NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities Title: ==== NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-6023, CVE-2015-6024 Date: ====...
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting 1. Introduction Exploit Title: Acunetix WP Security 3.0.3 XSS Date: May.03.2016 Exploit Author: Johto Robbie Facebook: https://www.facebook.com/johto.robbie Vendor: VN Hacker News Tested On: Apache 2.4.17 / PHP 5.6.16 /...
Imagick 3.3.0 (PHP 5.4) - disable_functions Bypass
Imagick 3.3.0 PHP 5.4 - disablefunctions Bypass Exploit Title: PHP Imagick disablefunctions Bypass Date: 2016-05-04 Exploit Author: RicterZ [email protected] Vendor Homepage: https://pecl.php.net/package/imagick Version: Imagick = 5.4 Test on: Ubuntu 12.04 Exploit: $ curl...
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Linux Kernel Ubuntu 16.04 - Reference Count Overflow Using BPF Maps Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=809 Most things in the kernel use 32-bit reference counters, relying on the fact that the memory constraints of real computers make it impossible to create enough...
ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities
ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9...
Alibaba Clone B2B Script - Admin Authentication Bypass
Alibaba Clone B2B Script - Admin Authentication Bypass Exploit Title: Alibaba Clone B2B Script Admin Authentication Bypass Date: 2016-05-03 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://alibaba-clone.com/ Version: All Versions Exploit : For enter...
QSEE - PRDiag* Commands Privilege Escalation
QSEE - PRDiag Commands Privilege Escalation Sources: https://bits-please.blogspot.ca/2016/05/qsee-privilege-escalation-vulnerability.html https://github.com/laginimaineb/cve-2015-6639 Qualcomm's Secure Execution Environment QSEE Privilege Escalation Exploit using PRDiag commands CVE-2015-6639 Pro...
WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download
WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download Exploit Title: WordPress Export to Ghost Unrestricted Export Download Date: 28-04-2016 Software Link: https://wordpress.org/plugins/ghost Exploit Author: Josh Brody Contact: http://twitter.com/joshmn Website: http://josh.mn/ Category:...
Acunetix WVS 10 - Remote Command Execution
Acunetix WVS 10 - Remote Command Execution ''' Acunetix WVS 10 - Remote command execution SYSTEM privilege - Author: Daniele Linguaglossa Overview ========= Acunetix WVS 10 1 is an enterprise web vulnerability scanner developer by Acunetix Inc. Two major flaws exists in the last version of...
Wireshark - ett_zbee_zcl_pwr_prof_enphases Static Out-of-Bounds Read
Wireshark - ettzbeezclpwrprofenphases Static Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=806 The following crashes due to a static out-of-bounds memory read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to...
Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash
Rough Auditing Tool for Security RATS 2.3 - Array Out of Block Crash Exploit Title: RATS 2.3 Array Out of Block Crash Date: 29th April 2016 Exploit Author: David Silveiro Author Contact: twitter.com/davidsilveiro Website: Xino.co.uk Software Link:...
Wireshark - alloc_address_wmem Assertion Failure
Wireshark - allocaddresswmem Assertion Failure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=804 The following crash due to an asserion failure can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr...
Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow
Wireshark - dissect200816security4 Stack Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=802 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tsha...
GLPi 0.90.2 - SQL Injection
GLPi 0.90.2 - SQL Injection Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 without technical details Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure:...
Observium 0.16.7533 - Cross-Site Request Forgery
Observium 0.16.7533 - Cross-Site Request Forgery & retype password instead of having to insert the older password. such an attack would look like this: -- Change admin password...
Merit Lilin IP Cameras - Multiple Vulnerabilities
Merit Lilin IP Cameras - Multiple Vulnerabilities / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the...
Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution
Observium 0.16.7533 - Authenticated Arbitrary Command Execution Exploit title: Observium Commercial - Authenticated RCE Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 28-04-2016 Vendor homepage: http://observium.org/ Software version: CE 0.16.7533 Authenticated remote code execution...
Microsoft Windows Kernel - win32k.sys TTF Processing EBLC EBSC Tables Pool Corruption (MS16-039)
Microsoft Windows Kernel - win32k.sys TTF Processing EBLC EBSC Tables Pool Corruption MS16-039 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=684 We have encountered a Windows kernel crash in the win32k.sys driver while processing a corrupted TTF font file. An example of a cras...
PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow
PHP 7.0.5 - ZipArchive::getFrom Integer Overflow Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex and getFromName methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/phpzip.c ,---- | 2679 static void...
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation MS16-048 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=692 Windows: CSRSS BaseSrvCheckVDM Session 0 Process Creation EoP Platform: Windows 8.1, not tested on Windows 10 or 7 Class:...
RomPager 4.34 (Multiple Router Vendors) - Misfortune Cookie Authentication Bypass
RomPager 4.34 Multiple Router Vendors - Misfortune Cookie Authentication Bypass Title: Misfortune Cookie Exploit RomPager = 4.34 router authentication remover Date: 17/4/2016 CVE: CVE-2015-9222 http://mis.fortunecook.ie Vendors: ZyXEL,TP-Link,D-Link,Nilox,Billion,ZTE,AirLive,... Vulnerable models...
Mach Race OSX - Local Privilege Escalation
Mach Race OSX - Local Privilege Escalation Source: https://github.com/gdbinit/machrace Mach Race OS X Local Privilege Escalation Exploit c fG! 2015, 2016, [email protected] - https://reverse.put.as A SUID, SIP, and binary entitlements universal OS X exploit CVE-2016-1757. Usage against a SUID binar...
EMC ViPR SRM - Cross-Site Request Forgery
EMC ViPR SRM - Cross-Site Request Forgery !-- EMC M&R Watch4net lacks Cross-Site Request Forgery protection Abstract It was discovered that EMC M&R Watch4net does not protect against Cross-Site Request Forgery CSRF attacks. A successful CSRF attack can compromise end user data and may allow an...
Sony Playstation 4 (PS4) 1.76 - dlclose Linux Kernel Loader
Sony Playstation 4 PS4 1.76 - dlclose Linux Kernel Loader / Code written based on info available here http://cturt.github.io/dlclose-overflow.html See attached LICENCE file Thanks to CTurt and qwertyoruiop - @kr105rlz Download:...
libgd 2.1.1 - Signedness Heap Overflow
libgd 2.1.1 - Signedness Heap Overflow Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may...
Yasr Screen Reader 0.6.9 - Local Buffer Overflow
Yasr Screen Reader 0.6.9 - Local Buffer Overflow ''' Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: General-purpose console screen reader Version: 0.6.9-5 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description:...
ImpressCMS 1.3.9 - SQL Injection
ImpressCMS 1.3.9 - SQL Injection ============================================= MGC ALERT 2016-002 - Original release date: April 8, 2016 - Last revised: April 21, 2016 - Discovered by: Manuel GarcÃa Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I...
Rough Auditing Tool for Security (RATS) 2.3 - Crash (PoC)
Rough Auditing Tool for Security RATS 2.3 - Crash PoC Exploit Title: RATS 2.3 Crash POC Date: 25th April 2016 Exploit Author: David Silveiro Author Contact: twitter.com/davidsilveiro Website: Xino.co.uk Software Link: https://code.google.com/archive/p/rough-auditing-tool-for-security/downloads...
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Remote Command Execution (Metasploit)
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated...
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities 1 Stored XSS in 'signupnote' POST parameter ---------------------------------------------- PoC: input type="hidden" name="authenticitytoken" value="0ch5v8vyarO/yzmWoLWtOK...
CompuSource Systems Real Time Home Banking - Local Privilege Escalation
CompuSource Systems Real Time Home Banking - Local Privilege Escalation Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com :...
Totemomail 4.x5.x - Persistent Cross-Site Scripting
Totemomail 4.x5.x - Persistent Cross-Site Scripting...
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit)
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever',...
PCMan FTP Server 2.0.7 - RENAME Remote Buffer Overflow (Metasploit)
PCMan FTP Server 2.0.7 - RENAME Remote Buffer Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Original Exploit Information Date: 29 Aug 2015 Exploit Author: Koby Tested on: Windows XP SP3 Link:...
CC++ Offline Compiler and C For OS - Persistent Cross-Site Scripting
CC++ Offline Compiler and C For OS - Persistent Cross-Site Scripting Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14...
Microsoft Windows 7 10 2008 2012 (x86x64) - Local Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 10 2008 2012 x86x64 - Local Privilege Escalation MS16-032 C Exploit Title: Microsoft Windows 7-10 & Server 2008-2012 - Local Privilege Escalation x32/x64 MS16-032 C Date: 2016-04-25 Author: @fdiskyou e-mail: rui at deniable.org Original exploit:...
Microsoft Windows 7 10 2008 2012 R2 (x86x64) - Local Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 10 2008 2012 R2 x86x64 - Local Privilege Escalation MS16-032 PowerShell function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD...
Gemtek CPE7000 WLTCS-106 - Multiple Vulnerabilities
Gemtek CPE7000 WLTCS-106 - Multiple Vulnerabilities !/usr/bin/python ''' Exploit Title: Gemtek CPE7000 / WLTCS-106 multiple vulnerabilities Date: 04/06/2016 Exploit Author: Federico Ramondino - framondino0x40mentat0x2eis Vendor Homepage: gemtek.com.tw Version: Firmware Version 01.01.02.082 Tested...
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities Exploit Title: phpLiteAdmin v1.9.6 - Multiple Vulnerabilities Date: 20.04.2016 Exploit Author: Ozer Goker Vendor Homepage: https://www.phpliteadmin.org Software Link: https://bitbucket.org/phpliteadmin/public/downloads/phpLiteAdminv1-9-6.zip Version:...