41207 matches found
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramire...
pdfium - opj_jp2_apply_pclr libopenjpeg Heap Out-of-Bounds Read
pdfium - opjjp2applypclr libopenjpeg Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=626 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- ==9326==ERROR: AddressSanitizer: heap-buffer-overflow ...
Wireshark - dissect_nhdr_extopt Stack Buffer Overflow
Wireshark - dissectnhdrextopt Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=696 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=589 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 Platform: Windows 8.1, not tested any other OS...
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Unauthenticated SQL injection Date: 2016-01-26 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez...
FreeBSD SCTP ICMPv6 - Error Processing
FreeBSD SCTP ICMPv6 - Error Processing !/usr/bin/env python -- coding: utf-8 -- ''' Source: http://blog.ptsecurity.com/2016/01/severe-vulnerabilities-detected-in.html SCTP stream control transmission protocol is a transport-layer protocol designed to transfer signaling messages in an IP...
Linux Kernel 3.x4.x - prima WLAN Driver Heap Overflow
Linux Kernel 3.x4.x - prima WLAN Driver Heap Overflow / Coder: Shawn the R0ck, [email protected] Co-worker: Pray3r, [email protected] Compile: arm-linux-androideabi-gcc wextpoc.c --sysroot=$SYSROOT -pie ./a.out wlan0 Boom......shit happens as always;- / include include include include include...
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=573 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux Platform: Windows 10, not tested any other OS Class...
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
Huawei Mate 7 - devhifi_misc Privilege Escalation
Huawei Mate 7 - devhifimisc Privilege Escalation / HuaWei Mate7 hifi driver Poc Writen by pray3r, / include include include include include include define HIFIMISCIOCTLWRITEPARAMS IOWR'A', 0x75, struct misciosyncparam struct misciosyncparam void parain; unsigned int parasizein; void paraout;...
NTP - Local Privilege Escalation
NTP - Local Privilege Escalation Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics...
Oracle - HtmlConverter.exe Local Buffer Overflow
Oracle - HtmlConverter.exe Local Buffer Overflow + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-HTMLCONVERTER-BUFFER-OVERFLOW.txt Vendor: =============== www.oracle.com Product: ======================================== Java...
xWPE 1.5.30a-2.1 - Local Buffer Overflow
xWPE 1.5.30a-2.1 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com Program: xwpe - Windows Editor v1.5.30a-2.1 Description: Programming environment and editor for console and X11 Tested and developed on: Kali Linux 2.0 x86 - https://www.kali.org Description: xwpe...
PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption
PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption Title: PDF-XChange Viewer - Shading Type 7 Heap Memory Corruption Application: PDF-XChange Viewer Version 2.5.315.0 Platform: Windows Software Link: http://www.tracker-software.com/ Date: 2015-11-15 Author: Sébastien Morin from...
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation 2 / Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / / CVE-2016-0728 local root exploit modified by...
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation 1 / Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / / $ gcc cve20160728.c -o cve20160728 -lkeyutils -Wa...
CesarFTP 0.99g - XCWD Denial of Service
CesarFTP 0.99g - XCWD Denial of Service !/usr/bin/env python -- coding:utf-8 -- Exploit Title : CesarFTP 0.99g -XCWDRemote BoF Exploit Discovery by : Irving Aguilar Email : [email protected] Discovery Date : 18.01.2016 Tested Version : 0.99g Vulnerability Type : Denial of Service DoS Teste...
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ====================================...
Advanced Electron Forum 1.0.9 - Remote File Inclusion Cross-Site Request Forgery
Advanced Electron Forum 1.0.9 - Remote File Inclusion Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt Vendor: ============================= www.anelectron.com/downloads/ Product:...
SeaWell Networks Spectrum - Multiple Vulnerabilities
SeaWell Networks Spectrum - Multiple Vulnerabilities Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282...
WEG SuperDrive G2 12.0.0 - Insecure File Permissions
WEG SuperDrive G2 12.0.0 - Insecure File Permissions WEG SuperDrive G2 v12.0.0 Insecure File Permissions Vendor: WEG Group Product web page: http://www.weg.net Affected version: SuperDrive G2 v12.0.0 Build 20150930-J1.8.060-NB8.0.2 SuperDrive v7.0.0 Summary: SuperDrive is a Windows graph tool for...
Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting
Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================...
NetSchedScan 1.0 - Crash (PoC)
NetSchedScan 1.0 - Crash PoC !/usr/bin/env python -- coding: utf-8 -- Exploit Title : NetSchedScan v1.0 scan Hostname/IP Field Buffer Overflow Crash PoC Discovery by : Abraham Espinosa Email : [email protected] Discovery Date : 14/01/2016 Vendor Homepage : http://www.foundstone.com...
GlassFish Server - Arbitrary File Read
GlassFish Server - Arbitrary File Read Title: glassfish Arbitrary file read vulnerability Date : 01/15/2016 Author: bingbing Software link: https://glassfish.java.net/download.html Software: GlassFish Server Tested: Linux x86 !/usr/bin/python import urllib2...
Roundcube Webmail 1.1.3 - Directory Traversal
Roundcube Webmail 1.1.3 - Directory Traversal Advisory ID: HTB23283 Product: Roundcube Vendor: Roundcube.net Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch:...
Amanda 3.3.1 - amstar Command Injection Privilege Escalation
Amanda 3.3.1 - amstar Command Injection Privilege Escalation AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or...
mcart.xls Bitrix Module 6.5.2 - SQL Injection
mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...
phpDolphin 2.0.5 - Multiple Vulnerabilities
phpDolphin 2.0.5 - Multiple Vulnerabilities Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are secured a...
SevOne NMS 5.3.6.0 - Remote Command Execution
SevOne NMS 5.3.6.0 - Remote Command Execution !/usr/bin/env python Exploit Title: SevOne NMS = 5.3.6.0 reverse shell remote root Date: 01/14/2016 Exploit Author: @iamsecurity Vendor Homepage: https://www.sevone.com/ Software Link: https://www.sevone.com/download2/free/vimage/SevOne-Download.ova...
Manage Engine Applications Manager 12 - Multiple Vulnerabilities
Manage Engine Applications Manager 12 - Multiple Vulnerabilities Manage Engine Applications Manager 12 Multiple Vulnerabilities Vendor Product Description - ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help...
Manage Engine Application Manager 12.5 - Arbitrary Command Execution
Manage Engine Application Manager 12.5 - Arbitrary Command Execution !C:/Python27/python.exe -u Applications Manager 12.5 Arbitrary Command Execution Exploit Vendor: Zoho Corporation Pvt. Ltd. Product web page: https://www.manageengine.com Affected version: 12.5 Summary: ManageEngine Applications...
Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting (MS16-007)
Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting MS16-007 Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The...
WhatsUp Gold 16.3 - Remote Code Execution
WhatsUp Gold 16.3 - Remote Code Execution Exploit Title: WhatsUp Gold v16.3 Unauthenticated Remote Code Execution Date: 2016-01-13 Exploit Author: Matt Buzanowski Vendor Homepage: http://www.ipswitch.com/ Version: 16.3.x Tested on: Windows 7 x86 CVE : CVE-2015-8261 Usage: python...
Microsoft Windows - devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007)
Microsoft Windows - devenum.dll!DeviceMoniker::Load Heap Corruption Buffer Underflow MS16-007 Source: https://code.google.com/p/google-security-research/issues/detail?id=594 Heap corruption buffer underflow in devenum.dll!DeviceMoniker::Load There exists a buffer underflow vulnerability in...
Apple watchOS 2 - Crash (PoC)
Apple watchOS 2 - Crash PoC + Title: Apple watchOS - Remote Crash Exploit + Product: Apple + Vendor: www.apple.com + SoftWare Link : www.apple.com/watchos-2/ + Vulnerable Versions: watchOS on IOS 9.0.1 Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail :...
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access...
Linux Kernel 4.3.3 - overlayfs Local Privilege Escalation (2)
Linux Kernel 4.3.3 - overlayfs Local Privilege Escalation 2 / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event...
SNScan 1.05 - Scan HostnameIP Field Buffer Overflow Crash (PoC)
SNScan 1.05 - Scan HostnameIP Field Buffer Overflow Crash PoC !/usr/bin/env python -- coding: utf-8 -- Exploit Title : SNScan v1.05 Scan Hostname/IP Field Buffer Overflow Crash PoC Discovery by : Daniel Velazquez Email : [email protected] Discovery Date : 12/01/2016 Vendor Homepage :...
Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow
Grassroots DICOM GDCM 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow / Grassroots DICOM GDCM is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming...
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
Konica Minolta FTP Utility 1.00 - CWD Command Overflow SEH Title: Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow. Date : 01/08/2016 Author: TOMIWA. Software link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu10.zip Software: Konica Minolta FTP Utility v1.0 Tested:...
Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (1)
Adobe Flash Multiple Scripts - Use-After-Free When Rendering Displays 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=628 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows onl...
KeePass Password Safe Classic 1.29 - Crash (PoC)
KeePass Password Safe Classic 1.29 - Crash PoC Title : KeePass Password Safe Classic 1.29 - Crash Proof Of Concept Affected Versions: All Version Founder : keepass.info Tested on Windows 7 / Server 2008 Download Link :...
Adobe Flash - Use-After-Free When Setting Stage
Adobe Flash - Use-After-Free When Setting Stage Source: https://code.google.com/p/google-security-research/issues/detail?id=629 The attached file causes a use-after-free when calling the stage setter. The PoC works most consistently in Firefox for 64-bit Windows. Proof of Concept:...
Trend Micro - node.js HTTP Server Listening on localhost Can Execute Commands
Trend Micro - node.js HTTP Server Listening on localhost Can Execute Commands Trend Micro Maximum Security 10 Exploit Sample exploit for Trend Micro Maximum Security 10. -- Tavis Ormandy. Command: Click Here to run the command above the default will uninstall Trend Micro Maximum. img...
Amanda 3.3.1 - Local Privilege Escalation
Amanda 3.3.1 - Local Privilege Escalation / AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda...
Adobe Flash BlurFilter Processing - Out-of-Bounds Memset
Adobe Flash BlurFilter Processing - Out-of-Bounds Memset Source: https://code.google.com/p/google-security-research/issues/detail?id=627 The attached swf file causes an out-of-bounds memset in BlurFilter processing. Note that Chrome aborts when processing the swf Proof of Concept:...
SedSystems D3 Decimator - Multiple Vulnerabilities
SedSystems D3 Decimator - Multiple Vulnerabilities SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this...
Fortinet FortiGate 4.x 5.0.7 - SSH Backdoor Access
Fortinet FortiGate 4.x 5.0.7 - SSH Backdoor Access !/usr/bin/env python SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 Usage: ./fgtsshbackdoor.py import socket import select import sys import paramiko from paramiko.py3compat import u import base64 import hashlib import termios import tty d...
WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities
WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities Product : WP Symposium Pro Social Network plugin Exploit Author : Rahul Pratap Singh Home page Link : https://wordpress.org/plugins/wp-symposium-pro Version : 15.12 Website : 0x62626262.wordpress.com Twitter ...
AVM FRITZ!Box 6.30 - Remote Buffer Overflow
AVM FRITZ!Box 6.30 - Remote Buffer Overflow Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device...