41207 matches found
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
OpenMRS Reporting Module 0.9.7 - Remote Code Execution Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source...
MediaAccess TG788vn - File Disclosure
MediaAccess TG788vn - File Disclosure Vulnerable hardware : MediaAccess TG788vn with Cisco http firewall Author : Ahmed Sultan 0x4148 Email : [email protected] MediaAccess TG788vn with Cisco firewall http config is vulnerable to critical unauthenticated file disclosure flaw, POC Request: POST...
Simple PHP Polling System - Multiple Vulnerabilities
Simple PHP Polling System - Multiple Vulnerabilities Exploit Title : Multiple Vulnerabilities in Simple PHP Polling System. Author : WICS Date : 05-Jan-2016 Software Link : http://sourceforge.net/projects/pollingsystem/ Overview : Simple PHP Polling System helps organizations to make polls of...
Ganeti - Multiple Vulnerabilities
Ganeti - Multiple Vulnerabilities =begin Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html Date published:...
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product...
Online Airline Booking System - Multiple Vulnerabilities
Online Airline Booking System - Multiple Vulnerabilities Exploit Title : Online Airline Booking System multiple vulnerabilities Author : WICS Date : 05/1/2016 Software Link : http://sourceforge.net/projects/oabs/ Affected Version: All Overview: The Online Airline Booking System is designed to be ...
PHPIPAM 1.1.010 - Multiple Vulnerabilities
PHPIPAM 1.1.010 - Multiple Vulnerabilities Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...
Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation (1)
Linux Kernel 4.3.3 Ubuntu 14.0415.10 - overlayfs Local Privilege Escalation 1 / just another overlayfs exploit, works on kernels before 2015-12-26 Exploit Title: overlayfs local root Date: 2016-01-05 Exploit Author: rebel Version: Ubuntu 14.04 LTS, 15.10 and more Tested on: Ubuntu 14.04 LTS, 15.1...
pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read
pdfium - CPDFTextObject::CalcPositionData Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=623 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...
pdfium IsFlagSet (v8 memory management) - SIGSEGV
pdfium IsFlagSet v8 memory management - SIGSEGV Source: https://code.google.com/p/google-security-research/issues/detail?id=622 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- ==31710==ERROR: AddressSanitizer: SEGV on unknown address...
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read
pdfium - CPDFDIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=625 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 2 !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/...
pdfium - CPDF_Function::Call Stack Buffer Overflow
pdfium - CPDFFunction::Call Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=612 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...
FTPShell Client 5.24 - Add to Favorites Buffer Overflow
FTPShell Client 5.24 - Add to Favorites Buffer Overflow Exploit Title: FTPShell Client 5.24 - Add to Favorites Buffer Overflow Google Dork: N/A Date: 2015-01-04 Exploit Author: INSECT.B Twitter : @INSECT.B Facebook : https://www.facebook.com/B.INSECT00 Blog : http://binsect00.tistory.com Vendor...
Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC)
Advanced Encryption Package - Buffer Overflow Denial of Service PoC Dear List, Greetings from vishnu @dH4wk 1. Vulnerable Product - Advanced Encryption Package - Company http://www.aeppro.com/ 2. Vulnerability Information A Buffer OverFlow Impact: Attacker gains administrative access Remotely...
Open Audit - SQL Injection
Open Audit - SQL Injection Exploit Title : Open Audit SQL Injection Vulnerability Exploit Author : Rahul Pratap Singh Date : 2/Jan/2016 Home page Link : https://github.com/jonabbey/open-audit Website : 0x62626262.wordpress.com Twitter : @0x62626262 Linkedin :...
Microsoft Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service
Microsoft Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service EdUtil::GetCommonAncestorElement Remote Crash / Title : IE11 EdUtil::GetCommonAncestorElement Remote Crash Date : 31.12.2015 Author : Marcin Ressel https://twitter.com/mressel Vendor Hompage :...
DeleGate 9.9.13 - Local Privilege Escalation
DeleGate 9.9.13 - Local Privilege Escalation Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor:...
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection / Exploit Title: Simple Ads Manager 2.9.4.116 SQL Injection Date: 30-12-2015 Software Link: https://wordpress.org/plugins/simple-ads-manager/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...
FTPShell Client 5.24 - Local Buffer Overflow
FTPShell Client 5.24 - Local Buffer Overflow ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTPSHELL-v5.24-BUFFER-OVERFLOW.txt Vendor: ================================ www.ftpshell.com Product: ================================...
KiTTY Portable 0.65.0.2p (Windows XP710) - Chat Remote Buffer Overflow (SEH)
KiTTY Portable 0.65.0.2p Windows XP710 - Chat Remote Buffer Overflow SEH Exploit Title: KiTTY Portable = 0.65.0.2p Chat Remote Buffer Overflow SEH WinXP/Win7/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub:...
KiTTY Portable 0.65.0.2p (Windows 8.110) - Local kitty.ini Overflow
KiTTY Portable 0.65.0.2p Windows 8.110 - Local kitty.ini Overflow Exploit Title: KiTTY Portable = 0.65.0.2p Local kitty.ini Overflow Win8.1/Win10 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploi...
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP Denial of Service 78.110)
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow Egghunter XP Denial of Service 78.110 Exploit Title: KiTTY Portable Local Code Execution Win7 - Denial Of...
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)
KiTTY Portable 0.65.0.2p Windows 7 - Local kitty.ini Overflow Wow64 Egghunter Exploit Title: KiTTY Portable = 0.65.0.2p Local kitty.ini Overflow Wow64 Egghunter Win7 Date: 28/12/2015 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: http://networkfilter.blogspot.com GitHub:...
AccessDiver 4.301 - Buffer Overflow
AccessDiver 4.301 - Buffer Overflow + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ACCESSDIVER-BUFFER-OVERFLOW.txt Vendor: ============== M. Jean Fages www.accessdiver.com circa 1998-2006 Product: =============================...
EasyCafe Server 2.2.14 - Remote File Read
EasyCafe Server 2.2.14 - Remote File Read !/usr/bin/python -w Title : EasyCafe Server = 2.2.14 Remote File Read Date : 25/12/2015 Author : R-73eN Tested on : Windows 7 Ultimate Software Link : http://www.tinasoft.com/easycafe/ Download Link: http://www.tinasoft.com/Download/easysetup.exe Vulnerab...
Beezfud - Remote Code Execution
Beezfud - Remote Code Execution ================================================================================ Beezfud Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/EVA-01/beezfud Date: 23/12/2015...
Rips Scanner 0.5 - code.php Local File Inclusion
Rips Scanner 0.5 - code.php Local File Inclusion ================================================================================ Rips Scanner 0.5 - code.php Local File Inclusion ================================================================================ Vendor Homepage:...
Arastta 1.1.5 - SQL Injection
Arastta 1.1.5 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclose...
PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery
PhpSocial 2.0.030420222226 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported...
Bigware Shop 2.3.01 - Multiple Local File Inclusions
Bigware Shop 2.3.01 - Multiple Local File Inclusions Title: Bigware Shop 2.3.01 Multiple Local File Inclusion Vulnerabilities Author: bd0rk eMail: bd0rkathackermail.com Twitter: twitter.com/bd0rk Tested on: Ubuntu-Linux Vendor: http://www.bigware.de Download:...
Grawlix 1.0.3 - Cross-Site Request Forgery
Grawlix 1.0.3 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/20...
PHP 7.0.0 - Format String
PHP 7.0.0 - Format String Overview -------------------------------------------- A fun little format string vulnerability exists in PHP 7.0.0 due to how non-existent class names are handled. From my limited research I believe this issue is likely exploitable for full code execution see test script...
Wireshark - AirPDcapDecryptWPABroadcastKey Heap Out-of-Bounds Read (1)
Wireshark - AirPDcapDecryptWPABroadcastKey Heap Out-of-Bounds Read 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=657 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed...
Wireshark - infer_pkt_encap Heap Out-of-Bounds Read
Wireshark - inferpktencap Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=658 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...
Ovidentia Widgets 1.0.61 - Remote Command Execution
Ovidentia Widgets 1.0.61 - Remote Command Execution Title: Ovidentia Widgets 1.0.61 Remote Command Execution Exploit Author: bd0rk eMail: bd0rkathackermail.com Twitter: twitter.com/bd0rk Tested on: Ubuntu-Linux Download:...
Adobe Flash Sound.setTransform - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=568 There is a use-after-free in Sound.setTransform. If a transform value is set to an object with valueOf defined, it can free the transform before the values are set. A...
Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow
Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow Title : Notepad ++ NPPFtp Plugin Buffer Overflow Date : 19/12/2015 Author : R-73eN Tested on : NPPFtp 0.26.3 Latest Version Software : http://sourceforge.net/projects/nppftp/ Vendor : https://notepad-plus-plus.org/ | | / | / | / \ | | | || ' | | /...
Base64 Decoder 1.1.2 - Overwrite (SEH) (PoC)
Base64 Decoder 1.1.2 - Overwrite SEH PoC Exploit: b64dec SEH OverWrite. Date: 12/18/2015 Exploit Author: UnN0n Vendor: Tim Rohlfs Software Link: http://4mhz.de/b64dec.html Version: 1.1.2 Tested on: Windows 7 x6464bit Dump SEH chain of thread 00000EC0 Address SE handler 024CFC50 b64dec.00458140...
Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion
Ovidentia online Module 2.8 - GLOBALSbabAddonPhpPath Remote File Inclusion Title: Ovidentia Module online 2.8 GLOBALSbabAddonPhpPath Remote File Include Vulnerability Author: bd0rk eMail: bd0rkathackermail.com Twitter: twitter.com/bd0rk Download:...
Google Chrome - Renderer Process to Browser Process Privilege Escalation
Google Chrome - Renderer Process to Browser Process Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=664 There is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method. In...
Adobe Flash TextField.htmlText Setter - Use-After-Free
Adobe Flash TextField.htmlText Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=578 There is a use-after-free in the TextField.htmlText setter. If the htmlText the field is set to is an object with toString defined, the toString function can free...
Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution
Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution !/usr/bin/env python Exploit Title: Joomla 1.5 - 3.4.5 Object Injection RCE X-Forwarded-For header Date: 12/17/2015 Exploit Author: original - Gary@ Sec-1 ltd, Modified - Andrew McNicol BreakPoint Labs @0xcclabs...
Adobe Flash TextField.text Setter - Use-After-Free
Adobe Flash TextField.text Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=576 There is a use-after-free in the TextField.text setter. If the text the field is set to is an object with toString defined, the toString function can free the field's...
Adobe Flash MovieClip.attachBitmap - Use-After-Free
Adobe Flash MovieClip.attachBitmap - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=593 There is a use-after-free in MovieClip.attachBitmap. If the depth parameter is an object with valueOf defined, this method can free the MovieClip, which is then used...
Adobe Flash TextField.thickness Setter - Use-After-Free
Adobe Flash TextField.thickness Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=587 There is a use-after-free in the TextField thickness setter. If the thickness parameter is an object with valueOf set to a function which frees the TextField...
Adobe Flash TextField.sharpness Setter - Use-After-Free
Adobe Flash TextField.sharpness Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=588 There is a use-after-free in the TextField sharpness setter. If the sharpness parameter is an object with valueOf set to a function which frees the TextField...
Adobe Flash TextField.replaceText - Use-After-Free
Adobe Flash TextField.replaceText - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=584 There is a use-after-free in the TextField.replaceText function. If the function is called with a string parameter with toString defined, or an integer parameter with...
Adobe Flash TextField.replaceSel - Use-After-Free
Adobe Flash TextField.replaceSel - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=585 There is a use-after-free in TextField.replaceSel. If the string parameter of the method is set to an object with toString defined, this method can delete the...
Adobe Flash MovieClip.startDrag - Use-After-Free
Adobe Flash MovieClip.startDrag - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=592 There is a use-after-free in MovieClip.startDrag. If a parameter an object with valueOf defined, this method can free the MovieClip, which is then used. A minimal POC...