41207 matches found
NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow (PoC)
NTPd ntp-4.2.6p5 - ctlputdata Buffer Overflow PoC / Ntpd Based on: ntpq client from ntp package Provided for legal security research and testing purposes ONLY PoC DoS Denial of Service PoC. Will crash NTPd. You will need to know the KEY ID and MD5 password, for example put this in you ntp.conf...
Microsoft Windows 7 (x86) - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 7 x86 - afd.sys Dangling Pointer Privilege Escalation MS14-040...
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)
Network Scanner 4.0.0.0 - Crash SEH PoC -- coding: utf-8 -- Exploit Title: Network Scanner Version 4.0.0.0 SEH Crash POC POC Dork: N/A Date: 2016-02-15 Author: INSECT.B Twitter : @INSECT.B Facebook : https://www.facebook.com/B.INSECT00 Blog : http://binsect00.tistory.com Vendor Homepage:...
Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)
Microsoft Windows - Kerberos Security Feature Bypass MS16-014 Exploit Title: Windows Kerberos Security Feature Bypass Date: 12-02-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-0049 Category: Local Exploit 1 Prerequisites: - Standard Windows 7 Fully...
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow !/usr/bin/env python Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow Exploit Vendor: Delta Electronics, Inc. Product web page: http://www.delta.com.tw Software link:...
Alternate Pic View 2.150 - .pgm Crash (PoC)
Alternate Pic View 2.150 - .pgm Crash PoC Exploit Title: Alternate Pic View 2.150 PGM CRASH POC Date: 14-02-2016 Exploit Author: Shantanu Khandelwal Vendor Homepage: http://www.alternate-tools.com Software Link: http://www.alternate-tools.com/pages/cpicview.php?lang=ENG Version: 2.150 Tested on:...
Tiny Tiny RSS - Blind SQL Injection
Tiny Tiny RSS - Blind SQL Injection Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description $itemid inside...
Flash ActiveX 28.0.0.137 - Code Execution (2)
Flash ActiveX 28.0.0.137 - Code Execution 2 CVE-2018-4878 Pop up a calculator - Requires Flash ActiveX 28.0.0.137 Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44745.swf...
File Replication Pro 7.2.0 - Multiple Vulnerabilities
File Replication Pro 7.2.0 - Multiple Vulnerabilities...
Microsoft Windows 7 SP1 (x86) - WebDAV Local Privilege Escalation (MS16-016) (1)
Microsoft Windows 7 SP1 x86 - WebDAV Local Privilege Escalation MS16-016 1...
Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder
Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder Vendor: Wieland Electric GmbH Product web page: http://www.wieland-electric.com Affected version: 4.1 Build 9 Summary: Your new software for the...
Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
Apache Sling Framework Adobe AEM 2.3.6 - Information Disclosure Document Title: =============== Apache Sling Framework v2.3.6 Adobe AEM CVE-2016-0956 - Information Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1536 Adobe...
Yeager CMS 1.2.1 - Multiple Vulnerabilities
Yeager CMS 1.2.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Yeager CMS vulnerable version: 1.2.1 fixed version: 1.3 CVE number: CVE-2015-7567,...
PotPlayer 1.6.5x - .mp3 Crash (PoC)
PotPlayer 1.6.5x - .mp3 Crash PoC Exploit Title: POTPLAYER 1.6.5x MP3 CRASH POC Date: 08-02-2016 Exploit Author: Shantanu Khandelwal Vendor Homepage: https://potplayer.daum.net/ Software Link: 32-Bit http://get.daum.net/PotPlayer/v3/PotPlayerSetup.exe Software Link: 64-Bit...
Adobe Photoshop CC Bridge CC - .png Parsing Memory Corruption (1)
Adobe Photoshop CC Bridge CC - .png Parsing Memory Corruption 1 Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption Platforms: Windows Versions: Bridge CC 6.1.1 and earlier versions Version: Photoshop CC 16.1.1 2015.1.1 and earlier versions CVE; 2016-0951 Author: Franci...
Adobe Photoshop CC Bridge CC - .png Parsing Memory Corruption (2)
Adobe Photoshop CC Bridge CC - .png Parsing Memory Corruption 2 Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption Platforms: Windows Versions: Bridge CC 6.1.1 and earlier versions Version: Photoshop CC 16.1.1 2015.1.1 and earlier versions CVE; 2016-0952 Author: Franci...
Adobe Photoshop CC Bridge CC - .iff Parsing Memory Corruption
Adobe Photoshop CC Bridge CC - .iff Parsing Memory Corruption Application: Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption Platforms: Windows Versions: Bridge CC 6.1.1 and earlier versions Version: Photoshop CC 16.1.1 2015.1.1 and earlier versions CVE; 2016-0953 Author: Francis...
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin...
Solr 3.5.0 - Arbitrary Data Deletion
Solr 3.5.0 - Arbitrary Data Deletion Exploit Title: All Solr Data Can Be Delete Google Dork: intext:Schema Config Analysis Schema Browser Statistics Info Distribution Ping Logging Date: 5/2/2016 Exploit Author: N37 Myanmar Vendor Homepage: http://lucene.apache.org/solr/ Software Link:...
Adobe Flash - Processing AVC Causes Stack Corruption
Adobe Flash - Processing AVC Causes Stack Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=634 The attached mp4 file causes stack corruption in Flash. To run the test, load LoadMP42.swf?file=null.mp4 from a remote server. Proof of Concept:...
dotDefender Firewall 5.00.128655.13-13282 - Cross-Site Request Forgery
dotDefender Firewall 5.00.128655.13-13282 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewa...
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation
WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation ''' Exploit Title: WordPress WooCommerce - Store Toolkit Plugin Privilege Escalation Discovery Date: 2016-02-06 Public Disclosure Date: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas...
WordPress Plugin WP User Frontend 2.3.11 - Unrestricted Arbitrary File Upload
WordPress Plugin WP User Frontend 2.3.11 - Unrestricted Arbitrary File Upload ''' Exploit Title: WordPress WP User Frontend Plugin Unrestricted File Upload Discovery Date: 2016-02-04 Public Disclosure: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor...
Samsung Galaxy S6 - libQjpeg je_free Crash
Samsung Galaxy S6 - libQjpeg jefree Crash Source: https://code.google.com/p/google-security-research/issues/detail?id=617 The attached jpg causes an invalid pointer to be freed when media scanning occurs. F/libc 11192: Fatal signal 11 SIGSEGV, code 1, fault addr 0xffffffffffffb0 in tid 14368 HEAV...
Samsung Galaxy S6 - android.media.process MdConvertLine Face Recognition Memory Corruption
Samsung Galaxy S6 - android.media.process MdConvertLine Face Recognition Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=616 The attached file causes memory corruption when iy is scanned by the face recognition library in android.media.process F/libc...
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection Exploit Title: WordPress User Meta Manager Plugin Blind SQLI Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
UliCMS v9.8.1 - SQL Injection
UliCMS v9.8.1 - SQL Injection ============================================= MGC ALERT 2016-001 - Original release date: January 26, 2016 - Last revised: February 02, 2016 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I...
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities Security Advisory - Curesec Research Team 1. Introduction Affected Product: Atutor 2.2 Fixed in: partly in ATutor 2.2.1-RC1, complete in 2.2.1 Fixed Version Link: http://www.atutor.ca/atutor/download.php Vendor Website:...
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
Symphony CMS 2.6.3 - Multiple SQL Injections
Symphony CMS 2.6.3 - Multiple SQL Injections ================================================================ Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities ================================================================ Information...
OpenDocMan 1.3.4 - Cross-Site Request Forgery
OpenDocMan 1.3.4 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote...
GE Industrial Solutions UPS SNMP Adapter 4.8 - Multiple Vulnerabilities
GE Industrial Solutions UPS SNMP Adapter 4.8 - Multiple Vulnerabilities Exploit Title: GE Industrial Solutions - UPS SNMP Adapter Command Injection and Clear-text Storage of Sensitive Information Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.geindustrial.com/ Versions...
D-Link DVGN5402SP - Multiple Vulnerabilities
D-Link DVGN5402SP - Multiple Vulnerabilities Exploit Title: DLink DVGN5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVGN5402SP File Path Traversal...
FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow
FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow ++++++++++++++++++++++++ + Exploit Title: FTPShell Client Add New Folder Local Buffer Overflow + Date: 2/2/2016 +Exploit Author: Arash Khazaei + Vendor Homepage: www.ftpshell.com +Software Link: http://www.ftpshell.com/download.htm +...
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/...
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC)
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow PoC !/usr/bin/env python Baumer VeriSens Application Suite 2.6.2 Buffer Overflow Vulnerability Vendor: Baumer Holding AG | Baumer Optronic GmbH Product web page: http://www.baumer.com Software link:...
TimeClock Software 0.995 - Multiple SQL Injections
TimeClock Software 0.995 - Multiple SQL Injections Exploit Title : Timeclock-software - Multiple SQL injections Author:Marcela Benetrix Date: 01/27/2016 version: 0.995 older version may be vulnerable too software link:http://timeclock-software.net Timeclock software Timeclock-software.net's free...
Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting
Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed...
yTree 1.94-1.1 - Local Buffer Overflow (PoC)
yTree 1.94-1.1 - Local Buffer Overflow PoC Exploit Author: Juan Sacco - http://www.exploitpack.com [email protected] Program affected: yTree - File manager for terminals v1.94-1.1 Description: yTree is prone to a stack-based overflow, an attacker could exploit this issue to execute arbitrar...
Jive Forums 5.5.25 - Directory Traversal
Jive Forums 5.5.25 - Directory Traversal ''' JiveForums " print " Usage: %s http://localhost /jiveforums/" % sys.argv0 sys.exit payload = 'servlet/JiveServlet?attachImage=true&attachment=/.././.././.././.././.././.././.././../etc/./passwd%00&contentType=image%2Fpjpeg' print "+ Trying to request...
pdfium - opj_t2_read_packet_header libopenjpeg Heap Use-After-Free
pdfium - opjt2readpacketheader libopenjpeg Heap Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=613 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...
Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery
Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery ========================================================================================= Cross-Site Request Forgery Vulnerability in ManageEngine Network Configuration Management...
eClinicalWorks (CCMR) - Multiple Vulnerabilities
eClinicalWorks CCMR - Multiple Vulnerabilities Title: eClinicalWorks CCMR - Multiple Vulnerabilities Vendor: https://www.eclinicalworks.com Product: eClinicalWorks Population Health CCMR Client Portal Software URL: https://www.eclinicalworks.com/products-services/population-health-ccmr/ Credit:...
Toshiba Viewer v2 p3console - Local Denial of Service
Toshiba Viewer v2 p3console - Local Denial of Service !/usr/bin/perl Exploit Title: Toshiba viewer v2 p3console Local Denial of Service Date: 02-02-2016 Author: JaMbA Download: http://business.toshiba.com/downloads/KB/f1Ulds/9942/viewer2-cj242-v106.zip Version: 2 Tested on: Windows 7 my $file=...
Hippo CMS 10.1 - Multiple Vulnerabilities
Hippo CMS 10.1 - Multiple Vulnerabilities Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you...
iScripts EasyCreate 3.0 - Remote Code Execution
iScripts EasyCreate 3.0 - Remote Code Execution !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This softwa...
Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - opensslseal Uninitialized Memory Code Execution ?php // Source: http://akat1.pl/?id=1 function getmaps $fh = fopen"/proc/self/maps", "r"; $maps = fread$fh, 331337; fclose$fh; return explode"\n", $maps; function findmap$sym $addr = 0; foreachgetmaps as $record if...
WPS Office 2016 - .ppt Heap Memory Corruption
WPS Office 2016 - .ppt Heap Memory Corruption Application: WPS Office Platforms: Windows Versions: Version before 2016 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== WPS Office an acrony...
Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC)
Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution PoC Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution Vendor: Autonics Corporation Product web page: https://www.autonics.com Affected version: 1.7.3 build 2454 1.7.0 build 2333 1.5.0 build 2117 Summary:...