ECommerceMajor - productdtl.php?prodid SQL Injection

ECommerceMajor - productdtl.php?prodid SQL Injection Exploit Title : ECommerceMajor SQL Injection Vulnerability Exploit Author : Rahul Pratap Singh Date : 13/Dec/2015 Home page Link : https://github.com/xlinkerz/ecommerceMajor Website : 0x62626262.wordpress.com Linkedin :...

Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization

Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization Source: https://code.google.com/p/google-security-research/issues/detail?id=548 If IExternalizable.readExternal is overridden with a value that is not a function, Flash assumes it is a function even...

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation

WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation Exploit Title: Admin Management Xtended 2.4.0 Privilege escalation Date: 14-12-2015 Software Link: https://wordpress.org/plugins/admin-management-xtended/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek...

Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion

Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor...

Siemens Simatic S7 1200 - CPU Command Module (Metasploit)

Siemens Simatic S7 1200 - CPU Command Module Metasploit Exploit Title: Simatic S7 1200 CPU command module Date: 15-12-2015 Exploit Author: Nguyen Manh Hung Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1214C CVE : None require 'msf/core' class Metasploit3 'Simatic S7-1200...

Polycom VVX-Series Business Media Phones - Directory Traversal

Polycom VVX-Series Business Media Phones - Directory Traversal Polycom VVX-Series Business Media Phones Path Traversal Vulnerability --Summary-- Polycom VVX-series Business Media Phones allow authenticated users to execute file path traversal attacks Polycom http://www.polycom.com --Affects--...

Microsoft Internet Explorer 11 - MSHTML!CObjectElement Use-After-Free (MS15-124)

Microsoft Internet Explorer 11 - MSHTML!CObjectElement Use-After-Free MS15-124 small -ms-block-progression: lr; -ms-filter: "vv";...

Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)

Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll MS15-132 Source: https://code.google.com/p/google-security-research/issues/detail?id=556 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially...

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18,...

GoAutoDial CE 3.3 - Multiple SQL Injections Command Injection

GoAutoDial CE 3.3 - Multiple SQL Injections Command Injection Title : GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Date : 06/12/2015 Author : R-73eN Tested on : goautodial-32bit-ce-3.3-final Software : http://goautodial.org/ | | / | / | / \ | | | || ' | | / | | / \ ' \ / \ | | |...

Avast! - Integer Overflow Verifying numFonts in TTC Header

Avast! - Integer Overflow Verifying numFonts in TTC Header Source: https://code.google.com/p/google-security-research/issues/detail?id=549 If the numFonts field in the TTC header is greater than SIZEMAX+1 / 4, an integer overflow occurs in filevirusttf when calling CSafeGenFile::SafeLockBuffer. T...

Gökhan Balbal Script 2.0 - Cross-Site Request Forgery

Gökhan Balbal Script 2.0 - Cross-Site Request Forgery . | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / Gökhan Balbal v2.0 = Cross-Site Request Forgery Exploit Add Admin My + Author : KnocKout Contact : [email protected]...

Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption

Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps...

Avast! - JetDb::Ised4x Performs Unbounded Search on Input

Avast! - JetDb::Ised4x Performs Unbounded Search on Input Source: https://code.google.com/p/google-security-research/issues/detail?id=551 The attached Microsoft Access Database causes JetDb::IsExploited4x to be called, which contains an unbounded search for objects. Proof of Concept:...

iy10 Dizin Scripti - Multiple Vulnerabilities

iy10 Dizin Scripti - Multiple Vulnerabilities . | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / iy10 Dizin Scripti = Multiple Vulnerabilities CSRF & Authentication Bypass My + Author : KnocKout Contact :...

Avast! - Heap Overflow Unpacking MoleBox Archives

Avast! - Heap Overflow Unpacking MoleBox Archives Source: https://code.google.com/p/google-security-research/issues/detail?id=552 Trivial fuzzing of molebox archives revealed a heap overflow decrypting the packed image in moleboxMaybeUnpack. This vulnerability is obviously exploitable for remote...

Skybox Platform 7.0.611 - Multiple Vulnerabilities

Skybox Platform 7.0.611 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Skybox Platform vulnerable version: =7.0.611 fixed version: 7.5.401 CVE number: impac...

Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables

Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables Source: https://code.google.com/p/google-security-research/issues/detail?id=554 The attached PEncrypt packed executable causes an OOB write on Avast Server Edition. gdb bt 0 0xf6f5e64a in EmulatePolyCodePOLYINFO, int from...

WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities

WIMAX LX350PWIXFMR-108 - Multiple Vulnerabilities Exploit Title: WIMAX LX350PWIXFMR-108 - Multiple Vulnerabilities Date: ˝Friday, ˝December ˝11, ˝2015 Exploit/Vulnerability Author: Alireza Azimzadeh Milani alimp5 Vendor Homepage: http://www.greenpacket.com Version: v2.10.14-g1.5.2 Tested on:...

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: WP Easy Poll 1.1.3 XSS and CSRF Exploit Author : Ahn Sung Jun Date : 2015-12-09 Vendor Homepage : https://wordpress.org/plugins/wp-easy-poll-afo/ Software Link :...

Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference (MS15-134)

Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference MS15-134 1. Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL:...

Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File

Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File Title: Microsoft Windows Media Center Library Parsing RCE Vuln aka "self-executing" MCL file CVE-2015-6131 Software Vendor: Microsoft Software version : MS Windows Media Center latest version on any...

Microsoft Office COM Object - els.dll DLL Planting (MS15-134)

Microsoft Office COM Object - els.dll DLL Planting MS15-134 Source: https://code.google.com/p/google-security-research/issues/detail?id=514 It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7...

Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR

Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR IE11 11.0.9600.18097 NULL PTR / Exploit Title: IE 11 COmWindowProxy::SwitchMarkup NULL PTR Date: 09.12.2015 Exploit Author: Marcin Ressel Vendor Homepage: www.microsoft.com Software Link: 0 Version: 11.0.9600.1809...

WIMAX MT711x - Multiple Vulnerabilities

WIMAX MT711x - Multiple Vulnerabilities Exploit Title: WIMAX MT711x - Multiple Vulnerabilities Date: ˝Friday, ˝December ˝11, ˝2015 Exploit/Vulnerability Author: Alireza Azimzadeh Milani alimp5 Vendor Homepage: http://www.seowonintech.co.kr/en/ Version: V311149CPE Tested on: Kali-Linux I'm an...

Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow

Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow Credit: Maksymilian Arciemowicz CXSECURITY Website: http://cxsecurity.com/ http://cert.cx/ Affected software: - MACOS's Commands such as: ls, find, rm -...

iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions

iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 6.30.04 Build 6300400 Summary: Modular and automated...

OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities

OpenMRS 2.3 1.11.4 - Multiple Cross-Site Scripting Vulnerabilities OpenMRS 2.3 1.11.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB...

PHP Utility Belt - Remote Code Execution

PHP Utility Belt - Remote Code Execution Exploit Title : PHP utility belt Remote Code Execution vulnerability Author : WICS Date : 8/12/2015 Software Link : https://github.com/mboynes/php-utility-belt Overview: PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible...

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone...

dotCMS 3.2.4 - Multiple Vulnerabilities

dotCMS 3.2.4 - Multiple Vulnerabilities dotCMS 3.2.4 Multiple Vulnerabilities Vendor: dotCMS Software, LLC Product web page: http://www.dotcms.com Affected version: 3.2.4 Enterprise Summary: DotCMS is the next generation of Content Management System CMS. Quick to deploy, open source, Java-based,...

WordPress Plugin Polls Widget 1.0.7 - SQL Injection

WordPress Plugin Polls Widget 1.0.7 - SQL Injection Exploit Title : wordpress poll widget version 1.0.7 SQL Injection vulnerability Author : WICS Date : 7/12/2015 Software Link : https://wordpress.org/plugins/polls-widget/ Affected Version: 1.0.7 and below Overview: Poll widget is wordpress plugi...

OpenMRS 2.3 (1.11.4) - Local File Disclosure

OpenMRS 2.3 1.11.4 - Local File Disclosure OpenMRS 2.3 1.11.4 Local File Disclosure Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b...

OpenMRS 2.3 (1.11.4) - Expression Language Injection

OpenMRS 2.3 1.11.4 - Expression Language Injection OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - XML External Entity Processing

OpenMRS 2.3 1.11.4 - XML External Entity Processing !/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0...

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 2.02.0000 Summary: Modular and automated...

Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions

Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution again Version: = 6.8.1 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Link:...

WinAsm Studio 5.1.8.8 - Buffer Overflow Crash (PoC)

WinAsm Studio 5.1.8.8 - Buffer Overflow Crash PoC Exploit: WinAsm Studio 5.1.8.8 BOF. Date: 12/6/2015 Exploit Author: UnN0n Vendor: WinAsm Software Link: http://www.winasm.net/winasm-studio-updates.html Version: 5.1.8.8 Tested on: Windows 7 x6464bit Info Code: rc.right = 0; rc.bottom = 0;...

WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities

WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities ----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |.......................| N ...

WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities

WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities ----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |..........................

WordPress Plugin Sell Download 1.0.16 - Local File Disclosure

WordPress Plugin Sell Download 1.0.16 - Local File Disclosure ----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |.......................| N l...

WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection

WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection Exploit Title: WordPress Users Ultra Plugin Blind SQL injection Discovery Date: 2015/10/19 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com...

WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting

WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion

WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion Advisory ID: HTB23275 Product: Gwolle Guestbook WordPress Plugin Vendor: Marcel Pol Vulnerable Versions: 1.5.3 and probably prior Tested Version: 1.5.3 Advisory Publication: October 14, 2015 without technical details Vendor...

Gnome Nautilus 3.16 - Denial of Service

Gnome Nautilus 3.16 - Denial of Service Exploit Title: Gnome Nautilus Denial of Service Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: https://www.gnome.org/ Software Link:...

Malwarebytes AntiVirus 2.2.0 - Denial of Service (PoC)

Malwarebytes AntiVirus 2.2.0 - Denial of Service PoC Application: Malwarebytes Antivirus Platforms: Windows Versions: 2.2.0. CVE: No CVE have been assigned Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction...

Man-db 2.6.7.1 - Local Privilege Escalation

Man-db 2.6.7.1 - Local Privilege Escalation / EDB Note: man:man - man:root http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root - root:root http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c...

Acunetix WVS 10 - Local Privilege Escalation

Acunetix WVS 10 - Local Privilege Escalation ''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege...

RHEL 7.07.1 - abrtsosreport Local Privilege Escalation

RHEL 7.07.1 - abrtsosreport Local Privilege Escalation !/usr/bin/python CVE-2015-5287 ? abrt/sosreport RHEL 7.0/7.1 local root rebel 09/2015 user@localhost $ python sosreport-rhel7.py crashing pid 19143 waiting for dump directory dump directory: /var/tmp/abrt/ccpp-2015-11-30-19:41:13-19143 waitin...

abrt (Centos 7.1 Fedora 22) - Local Privilege Escalation

abrt Centos 7.1 Fedora 22 - Local Privilege Escalation !/usr/bin/python CVE-2015-5273 + CVE-2015-5287 CENTOS 7.1/Fedora22 local root probably works on SL and older versions too abrt-hook-ccpp insecure open usage + abrt-action-install-debuginfo insecure temp directory usage rebel 09/2015...