Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents

Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=762 In COleMemFile::LoadDiFatList, values from the header are used to parse the document FAT. If header.csectDif is very high, the calculation overflows...

WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion

WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion Exploit Title: Wordpress Dharma booking File Inclusion Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage:https://wordpress.org/plugins/dharma-booking/ Software Link : https://wordpress.org/plugins/dharma-booking/ Version:...

WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download

WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download Exploit Title: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download Exploit Author: CrashBandicot Date: 2016-03-22 Google Dork : inurl:/wp-content/plugins/hb-audio-gallery-lite Vendor Homepage:...

WordPress Plugin Brandfolder 3.0 - LocalRemote File Inclusion

WordPress Plugin Brandfolder 3.0 - LocalRemote File Inclusion Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link:...

WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download

WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download Exploit Title: Arbitrary file download in Memphis Document Library 3.1.5 Google Dork: inurl:"mdocs-posts" -site:wordpress.org Date: 22/03/2016 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://wordpress.org...

CoolPlayer (Standalone) build 2.19 - .m3u Local Stack Overflow

CoolPlayer Standalone build 2.19 - .m3u Local Stack Overflow Exploit Title: CoolPlayer Standalone build 2.19 - .m3u Stack Overflow Date: 22-03-2016 Software Link: https://sourceforge.net/projects/coolplayer/files/Coolplayer/219/CoolPlayer219Bin.zip Exploit Author: Charley Celice stmerry Contact:...

Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection Exploit Title : Joomla Easy Youtube Gallery 1.0.2 SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/easy-youtube-gallery Google Dork : inurl:comeasyyoutubegallery...

Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)

Xoops 2.5.7.2 - Cross-Site Request Forgery Arbitrary User Deletions var c=-1 var amttodelete=100 var id=document.getElementById"ids" var frm=document.getEleme...

ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities

ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: Multiple persistent XSS in ProjectSend Discovery Date: 2016/02/19 Public Disclosure Date: 2016/03/17 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x Project Homepage: http://www.projectsend.org/...

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

D-Link DWR-932 Firmware 4.00 - Authentication Bypass D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)

Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution SEH Exploit Title: Sysax Multi Server 6.50 HTTP File Share SEH Overflow RCE Exploit Date: 03/21/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.sysax.com/ Vulnerable Version Download...

WordPress Plugin Import CSV 1.0 - Directory Traversal

WordPress Plugin Import CSV 1.0 - Directory Traversal Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested...

WordPress Plugin eBook Download 1.1 - Directory Traversal

WordPress Plugin eBook Download 1.1 - Directory Traversal Exploit Title: Wordpress eBook Download 1.1 | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/ebook-download.zip Version: 1.1 Tested on: Xampp on...

WordPress Plugin Abtest - Local File Inclusion

WordPress Plugin Abtest - Local File Inclusion Exploit Title: Wordpress Plugin Abtest - Local File Inclusion Date: 2016-03-19 Google Dork : inurl:/wp-content/plugins/abtest/ Exploit Author: CrashBandicot Vendor Homepage: https://github.com/wp-plugins/abtest Tested on: Chrome Vulnerable File :...

Internet Download Manager 6.25 Build 14 - Find file Unicode (SEH)

Internet Download Manager 6.25 Build 14 - Find file Unicode SEH !/usr/bin/python Exploit Title: Internet Download Manager 6.25 Build 14 - 'Find file' SEH Buffer Overflow Unicode Date: 20-3-2016 Exploit Author: Rakan Alotaibi Contact: https://twitter.com/hxteam Software Link:...

Disc ORGanizer (DORG) - Multiple Vulnerabilities

Disc ORGanizer DORG - Multiple Vulnerabilities Exploit Title: DORG - Disc Organization System SQL Injection And Cross Site Scripting Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=479 Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 20-3-20...

Dating Pro Genie 2015.7 - Cross-Site Request Forgery

Dating Pro Genie 2015.7 - Cross-Site Request Forgery Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Versions: Genie 2015.7 and probably prior Tested Version: Genie 2015.7 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 20...

iTop 2.2.1 - Cross-Site Request Forgery

iTop 2.2.1 - Cross-Site Request Forgery Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016...

Microsoft Windows 8.110 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)

Microsoft Windows 8.110 x86 - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation MS16-032...

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is...

XOOPS 2.5.7.2 - Directory Traversal Bypass

XOOPS 2.5.7.2 - Directory Traversal Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type:...

Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass

Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass Exploit Title: Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass Date: 09.02.16 Exploit Author: Tal Solomon of Palantir Security Vendor Homepage:...

PivotX 2.3.11 - Directory Traversal

PivotX 2.3.11 - Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/20...

ZenPhoto 1.4.11 - Remote File Inclusion

ZenPhoto 1.4.11 - Remote File Inclusion Security Advisory - Curesec Research Team 1. Introduction Affected Product: Zenphoto 1.4.11 Fixed in: 1.4.12 Fixed Version Link: https://github.com/zenphoto/zenphoto/archive/ zenphoto-1.4.12.zip Vendor Website: http://www.zenphoto.org/ Vulnerability Type: R...

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Exploit Title: AKIPS Network Monitor 15.37-16.6 OS Command Injection Date: 03-14-2016 Exploit Author: BrianWGray Contact: https://twitter.com/BrianWGray WebPage: http://somethingbroken.com/ Vendor Homepage: https://www.akips.com/...

Netwrix Auditor 7.1.322.0 - ActiveX sourceFile Stack Buffer Overflow

Netwrix Auditor 7.1.322.0 - ActiveX sourceFile Stack Buffer Overflow Netwrix Auditor 7.1.322.0 ActiveX sourceFile Stack Buffer Overflow Vulnerability Vendor: Netwrix Corporation Product web page: http://www.netwrix.com Affected version: 7.1 Build 322 Summary: Netwrix Auditor is an IT audit...

Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)

Cisco UCS Manager 2.11b - Remote Command Injection Shellshock !/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory:...

Monstra CMS 3.0.3 - Multiple Vulnerabilities

Monstra CMS 3.0.3 - Multiple Vulnerabilities Exploit Title: Monstra CMS 3.0.3 - Privilege Escalation / Remote Password Change Google Dork: intext:"Powered by Monstra"/users/registration Date: 2016-03-28 Exploit Author: Sarim Kiani Vendor Homepage: http://monstra.org Software Link:...

FreeBSD 10.2 (x64) - amd64_set_ldt Heap Overflow

FreeBSD 10.2 x64 - amd64setldt Heap Overflow / 1. Advisory Information Title: FreeBSD Kernel amd64setldt Heap Overflow Advisory ID: CORE-2016-0005 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64setldt-heap-overflow Date published: 2016-03-16 Date of last update: 2016-03-14...

OpenSSH 7.2p1 - (Authenticated) xauth Command Injection

OpenSSH 7.2p1 - Authenticated xauth Command Injection ''' Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor:...

Kaltura Community Edition 11.1.0-2 - Multiple Vulnerabilities

Kaltura Community Edition 11.1.0-2 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Kaltura Community Edition Multiple Vulnerabilities Affected versions: Kaltura Community...

Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - snd-usb-audio Crash (PoC)

Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - snd-usb-audio Crash PoC OS-S Security Advisory 2016-17 Linux snd-usb-audio Multiple Free Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat...

Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - iowarrior Driver Crash (PoC)

Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - iowarrior Driver Crash PoC OS-S Security Advisory 2016-15 Linux iowarrior Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local...

TeamPass 2.1.24 - Multiple Vulnerabilities

TeamPass 2.1.24 - Multiple Vulnerabilities Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: :...

Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)

Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout MS16-023 :before content:countercounter-0 close-quote url?; column-count:1; position:fixed; k ChildEBP RetAddr 0c2c9688 60ca029e MSHTML!Layout::LayoutBuilderDriver::BuildPageLayout+0x6f2093 0c2c974c...

Microsoft Windows Kernel - ATMFD.dll OTF Font Processing Stack Corruption (MS16-026)

Microsoft Windows Kernel - ATMFD.dll OTF Font Processing Stack Corruption MS16-026 Source: https://code.google.com/p/google-security-research/issues/detail?id=682 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: ---...

Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)

Zortam Mp3 Media Studio 20.15 - Overflow PoC SEH -- coding: utf-8 -- Exploit Title : Zortam Mp3 Media Studio 20.15 - SEH overflow DOS Date: 2016-03-12 Author: INSECT.B Facebook : https://www.facebook.com/B.INSECT00 GitHub : binsect00 Blog : http://binsect00.tistory.com Vendor Homepage :...

WordPress Plugin Site Import 1.0.1 - LocalRemote File Inclusion

WordPress Plugin Site Import 1.0.1 - LocalRemote File Inclusion Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0....

Microsoft Windows Kernel - ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow (MS16-026)

Microsoft Windows Kernel - ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow MS16-026 Source: https://code.google.com/p/google-security-research/issues/detail?id=683 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: ---...

WordPress Theme Beauty Clean 1.0.8 - Arbitrary File Upload

WordPress Theme Beauty Clean 1.0.8 - Arbitrary File Upload Exploit Title: Wordpress Beauty Theme File Upload Vulnerability v1.0.8 Discovery Date: 02.09.2016 Public Disclosure Date:03.09.2016 Vendor Homepage: http://www.yourinspirationweb.com Exploit Author: Colette Chamberland Wordfence Contact:...

WordPress Plugin DZS Videogallery 8.60 - Multiple Vulnerabilities

WordPress Plugin DZS Videogallery 8.60 - Multiple Vulnerabilities Exploit Title: Wordpress DZS Videogallery Plugin - Multiple Vulnerabilities --------------------------------------- Unauthenticated CSRF & XSS POC:...

libotr 4.1.0 - Memory Corruption

libotr 4.1.0 - Memory Corruption ''' X41 D-Sec GmbH Security Advisory: X41-2016-001 Memory Corruption Vulnerability in "libotr" =========================================== Overview -------- Severity Rating: high Confirmed Affected Version: 4.1.0 and below Confirmed Patched Version: libotr 4.1.1...

Exim 4.86.2 - Local Privilege Escalation

Exim 4.86.2 - Local Privilege Escalation ============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privile...

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5...

Putty pscp 0.66 - Stack Buffer Overwrite

Putty pscp 0.66 - Stack Buffer Overwrite Source: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563 Author: Date: Feb 20th, 2016 Name: putty Vendor: sgtatham - http://www.chiark.greenend.org.uk/sgtatham/putty/ Version: 0.59 3 9 years ago = affected = 0.66 Platforms: win/nix Technolog...

Nitro Pro 10.5.7.32 Nitro Reader 5.5.3.1 - Heap Memory Corruption

Nitro Pro 10.5.7.32 Nitro Reader 5.5.3.1 - Heap Memory Corruption Application: Nitro PDF Platforms: Windows Versions: Nitro Pro 10.5.7.32 and lower & Nitro Reader 5.5.3.1 and lower Author: Francis Provencher of COSIG Website: http://www.protekresearchlab.com/ Twitter: @COSIG @protekresearch 1...

WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities

WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities Exploit Title: BWS Captcha Multiple Vulnerabilities Discovery Date:12.03.2015 Public Disclosure Date:03.10.2016 Exploit Author: Colette Chamberland Contact: [email protected] Vendor Homepage: http://bestwebsoft.com/...

Linux Kernel 3.10.0 (CentOS RHEL 7.1) - aiptek Nullpointer Dereference

Linux Kernel 3.10.0 CentOS RHEL 7.1 - aiptek Nullpointer Dereference OS-S Security Advisory 2016-05 Linux aiptek Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7515 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat...

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was...

Linux Kernel 3.10.0 (CentOS RHEL 7.1) - mct_u232 Nullpointer Dereference

Linux Kernel 3.10.0 CentOS RHEL 7.1 - mctu232 Nullpointer Dereference OS-S Security Advisory 2016-08 Linux mctu232 Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local...