41207 matches found
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities Exploit Title: phpLiteAdmin v1.9.6 - Multiple Vulnerabilities Date: 20.04.2016 Exploit Author: Ozer Goker Vendor Homepage: https://www.phpliteadmin.org Software Link: https://bitbucket.org/phpliteadmin/public/downloads/phpLiteAdminv1-9-6.zip Version:...
Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)
Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure Metasploit Exploit Title: Symantec Brightmail ldap credential Grabber Date: 18/04/2016 Exploit Author: Fakhir Karim Reda Vendor Homepage:...
PHPBack 1.3.0 - SQL Injection
PHPBack 1.3.0 - SQL Injection / + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: ================ www.phpback.org Product: ================ PHPBack v1.3.0 Vulnerability Type: ===================...
Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write MS16-039 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=707 The attached testcases crashes Windows 7 64-bit while attempting to write to an unmapped memory region. On 32-bit Windows 7 it triggers a null pointer read. Proof o...
Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow
Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=688 This function is reachable by sending a RNDIS Set request with OID 0x01010209 OID8023MULTICASTLIST from the Guest to the Host. This...
modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection
modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection Title: Blind Injection modified eCommerce 2.0.0.0 rev 9678 Date: 16.04.2016 Category: webapps Vendor Homepage: http://www.modified-shop.org/download Software Link:...
Webutler CMS 3.2 - Cross-Site Request Forgery
Webutler CMS 3.2 - Cross-Site Request Forgery Dear OffSec, Here is the vulnerability detail as I submitted Exploit Title: Webutler CMS Cross-Site Request Forgery Date: 18 April 2016 Exploit Author: Keerati T. Post Vendor Homepage: http://webutler.de/en Software Link:...
WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page...
TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials
TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage:...
pfSense Community Edition 2.2.6 - Multiple Vulnerabilities
pfSense Community Edition 2.2.6 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. PfSense Community Edition Multiple Vulnerabilities Affected versions: PfSense Community...
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The...
Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free
Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free body background-color:lime; font-color:white; ; / Title: MSHTML!CMarkupPointer::UnEmbed Use After Free Author: Marcin Ressel @resselm Date: 15.04.2016 Vendor Homepage: www.microsoft.com Software Link: n/a Version: IE11...
AirOS 6.x - Arbitrary File Upload
AirOS 6.x - Arbitrary File Upload EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
Microsoft Excel - Out-of-Bounds Read Code Execution MS16-042 Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution Application: Microsoft Office Excel Affected Products: Microsoft Office Excel 2007,2010,2013,2016 Software Link: https://products.office.com/en-ca/excel Date: April...
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery Exploit Title: pfSense Firewall Stop NTPD service: Restart NTPD service: POC: input type="submit" value...
PHPmongoDB 1.0.0 - Multiple Vulnerabilities
PHPmongoDB 1.0.0 - Multiple Vulnerabilities Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link:...
Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112)
Microsoft Internet Explorer 91011 - CDOMStringDataList::InitFromString Out-of-Bounds Read MS15-112 !-- CVE-2015-6086 Out Of Bound Read Vulnerability Address Space Layout Randomization ASLR Bypass Improper handling of new line and white space character caused Out of Bound Read in...
Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload
Oracle Application Testing Suite ATS 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload Exploit Title: Oracle Application Testing Suite Authentication Bypass and Arbitrary File Upload Remote Exploit Exploit Author: Zhou Yu Vendor Homepage: http://www.oracle.com/ Software Link:...
Texas Instrument Emulator 3.03 - Local Buffer Overflow
Texas Instrument Emulator 3.03 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Texas Instruments calculators emulator without GDB Version: 3.03-nogdb+dfsg-3 Tested and developed under: Kali Linux 2.0 x86 -...
Ovidentia troubleticketsModule 7.6 - Remote File Inclusion
Ovidentia troubleticketsModule 7.6 - Remote File Inclusion Title: Ovidentia Module troubletickets 7.6 GLOBALSbabInstallPath Remote File Inclusion Vulnerability Author: bd0rk || SCHOOL-OF-HACK.NET eMail: bd0rkathackermail.com Website: http://www.school-of-hack.net Download:...
OpenCart 2.1.0.2 2.2.0.0 - json_decode Function Remote Code Execution
OpenCart 2.1.0.2 2.2.0.0 - jsondecode Function Remote Code Execution OpenCart jsondecode function Remote PHP Code Execution Author: Naser Farhadi Twitter: @naserfarhadi Date: 9 April 2016 Version: 2.1.0.2 to 2.2.0.0 Latest version Vendor Homepage: http://www.opencart.com/ Vulnerability:...
WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery
WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt Vendor: =========== wpn-xm.org Product: ============================================== WPN-XM Serverstack for Windows ...
RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities
RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities Exploit Title: RockMongo v1.1.8 - PHP MongoDB Administrator Multiple Vulnerabilities Date: 11.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://rockmongo.com Software Link: https://github.com/iwind/rockmongo Version: ap...
Hikvision Digital Video Recorder - Cross-Site Request Forgery
Hikvision Digital Video Recorder - Cross-Site Request Forgery 3tes2ttest2password...
Google Android - IMemory Native Interface is Insecure for IPC Use
Google Android - IMemory Native Interface is Insecure for IPC Use Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=706 Android: IMemory Native Interface is insecure for IPC use Platform: Tested on Android 6.0.1 January patches Class: Elevation of Privilege Summary: The IMemory...
CAM UnZip 5.1 - .ZIP File Directory Traversal
CAM UnZip 5.1 - .ZIP File Directory Traversal + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CAMUNZIP-ARCHIVE-PATH-TRAVERSAL.txt Vendor: ================= www.camunzip.com Product: ============== CAM UnZip v5.1 Vulnerability Type:...
Google Android - IOMX getConfiggetParameter Information Disclosure
Google Android - IOMX getConfiggetParameter Information Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information...
Novell ServiceDesk 6.57.0.37.1.0 - Multiple Vulnerabilities
Novell ServiceDesk 6.57.0.37.1.0 - Multiple Vulnerabilities...
Axis Network Cameras - Multiple Vulnerabilities
Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...
Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation
Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation / ░▀█▀░█▀█░█░░░█▀█░█▀▀░░░█░█░█░█░█░░░█▀█░█▀▄░█▀▀░█░█░ ░░█░░█▀█░█░░░█░█░▀▀█░░░▀▄▀░█░█░█░░░█░█░█░█░█▀▀░▀▄▀░ ░░▀░░▀░▀░▀▀▀░▀▀▀░▀▀▀░░░░▀░░▀▀▀░▀▀▀░▀░▀░▀▀░░▀▀▀░░▀░░ T A L O S V U L N D E V Proof-of-Concept Exploit Advisory:...
Express Zip 2.40 - Directory Traversal
Express Zip 2.40 - Directory Traversal !/usr/bin/python -w Title : Express Zip = 2.40 Path Traversal Date : 07/04/2016 Author : R-73eN Tested on : Windows Xp / Windows 7 Ultimate Software Link : http://www.nchsoftware.com/zip/ Download Link: http://www.nchsoftware.com/zip/zipplus.exe Vulnerable...
op5 7.1.9 - Remote Command Execution
op5 7.1.9 - Remote Command Execution + Credits: hyp3rlinx + Website: http://hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/OP5-REMOTE-CMD-EXECUTION.txt Vendor: ============ www.op5.com Product: =========== op5 v7.1.9 op5 Monitor is a software product for server,...
Mess Emulator 0.154-3.1 - Local Buffer Overflow
Mess Emulator 0.154-3.1 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Multi Emulator Super System MESS Version: 0.154-3.1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description: MESS is...
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-06 www.orwelllabs.com Twitter:@orwelllabs mantra: ...not affect a product that is in...
Panda Security URL Filtering 4.3.1.9 - Local Privilege Escalation
Panda Security URL Filtering 4.3.1.9 - Local Privilege Escalation CVE: CVE-2015-7378 Vendor: Panda Security Reported by: Kyriakos Economou Date of Release: 05/04/2016 Affected Products: Multiple Affected Version: Panda Security URL Filtering v4.3.1.9 Fixed Version: Panda Security URL Filtering...
SocialEngine 4.8.9 - SQL Injection
SocialEngine 4.8.9 - SQL Injection Advisory ID: HTB23286 Product: SocialEngine Vendor: Webligo Vulnerable Versions: 4.8.9 and probably prior Tested Version: 4.8.9 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Public Disclosure: April 6,...
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities Vendor: Asbru Ltd. Product web page: http://www.asbrusoft.com Affected version: 9.2.7 Summary: Ready to use, full-featured, database-driven web content...
Panda Endpoint Administration Agent 7.50.00 - Local Privilege Escalation
Panda Endpoint Administration Agent 7.50.00 - Local Privilege Escalation CVE: CVE-2016-3943 Vendor: Panda Security Reported by: Kyriakos Economou Date of Release: 05/04/2016 Affected Products: Multiple Affected Version: Panda Endpoint Administration Agent v7.50.00 Fixed Version: Panda Endpoint...
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Linux Kernel x86 - Disable ASLR by Setting the RLIMITSTACK Resource to Unlimited Source: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Authors: Hector Marco & Ismael Ripoll CVE: CVE-2016-3672...
Microsoft Windows Kernel - win32k.sys Local Privilege Escalation (MS14-058)
Microsoft Windows Kernel - win32k.sys Local Privilege Escalation MS14-058 Sources: https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf https://github.com/sam-b/CVE-2014-4113 EDB Mirror:...
Microsoft Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)
Microsoft Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free MS16-023 k 10 ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 0bb14b64 6ad180b8 vrfcore!VerifierStopMessageEx+0x571 0bb14b88 67fec434...
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities Systems Affected Product : ManageEngine Password Manager Pro Company : ZOHO Corp. Build Number : 8.1 to 8.3 and probably earlier versions Affected Versions : 8102 to 8302 and probably earlier versions Product Description...
Xion Audio Player 1.5 (build 160) - .mp3 Crash (PoC)
Xion Audio Player 1.5 build 160 - .mp3 Crash PoC Exploit Title: Xion Audio Player new'legit.mp3'; whatever mp3 you got handy $mp3-titleset'A' x 5000; title/artist tags $mp3-artistset'A' x 5000; may vary although both seems to be needed $mp3-updatetags; $mp3-close; print " Completed.\n";...
Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow
Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow !/usr/bin/python Meta information Exploit Title: Hexchat IRC client - CAP LS Handling Stack Buffer Overflow Date: 2016-02-07 Exploit Author: PizzaHatHacker Vendor Homepage: https://hexchat.github.io/index.html Software Link:...
Hexchat IRC Client 2.11.0 - Directory Traversal
Hexchat IRC Client 2.11.0 - Directory Traversal !/usr/bin/python Meta information Exploit Title: Hexchat IRC client - Server name log directory traversal Date: 2016-01-26 Exploit Author: PizzaHatHacker Vendor Homepage: https://hexchat.github.io/index.html Software Link:...
PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities
PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview...
DameWare Remote Controller 12.0.0.520 - Remote Code Execution
DameWare Remote Controller 12.0.0.520 - Remote Code Execution Exploit Title: Dameware Remote Controller RCE Date: 3-04-2016 Exploit Author: Securifera Vendor Homepage: http://www.dameware.com/products/mini-remote-control/product-overview.aspx Version: 12.0.0.520 Website:...
49hrGModoD97YwB
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Adobe Flash - Color.setTransform Use-After-Free
Adobe Flash - Color.setTransform Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=451 If Color.setTransform is set to a transform that deletes the field it is called on, a UaF occurs. A PoC is as follows: var tf:TextField = this.createTextField"tf",1,1,1,4,4 var n ...