41207 matches found
Samsung - libQjpeg Image Decoding Memory Corruption
Samsung - libQjpeg Image Decoding Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=495 The attached JPEG file causes memory corruption the DCMProvider service when the file is processed by the media scanner, leading to the following crash: quaramip.jpg...
Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash
Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash Source: https://code.google.com/p/google-security-research/issues/detail?id=500 There is a crash when the Samsung Gallery application load the attached GIF, colormap.gif. D/skia 10905: GIF - Parse error D/skia 10905: --- decoder-decode returne...
actiTIME 2015.2 - Multiple Vulnerabilities
actiTIME 2015.2 - Multiple Vulnerabilities actiTIME 2015.2 Multiple Vulnerabilities Vendor: Actimind, Inc. Product web page: http://www.actitime.com Affected version: 2015.2 Small Team Edition Summary: actiTIME is a web timesheet software. It allows you to enter time spent on different work...
Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution
Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution...
TCPing 2.1.0 - Local Buffer Overflow
TCPing 2.1.0 - Local Buffer Overflow ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-TCPING-2.1.0-BUFFER-OVERFLOW.txt Vendor: ================================ Spetnik.com http://tcping.soft32.com/free-download/ Product:...
Sam Spade 1.14 - Crawl Website Buffer Overflow
Sam Spade 1.14 - Crawl Website Buffer Overflow Exploit Title : Sam Spade 1.14 - Buffer OverFlow Date : 10/30/2015 Exploit Author : MandawCoder Contact : [email protected] Vendor Homepage : http://samspade.org Software Link : http://www.majorgeeks.com/files/details/samspade.html Version : 1.14...
Sam Spade 1.14 - Scan Addresses Buffer Overflow
Sam Spade 1.14 - Scan Addresses Buffer Overflow !/usr/bin/python -- coding: cp1252 -- EXPLOIT TITLE: Sam Spade 1.14 Scan from IP address Field Exploit AUTHOR: VIKRAMADITYA "-OPTIMUS" Credits: Luis Mart�nez Date of Testing: 2nd November 2015 Download Link :...
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: ================================ www.phpservermonitor.org...
AIX 7.1 - lquerylv Local Privilege Escalation
AIX 7.1 - lquerylv Local Privilege Escalation !/bin/sh Exploit Title: AIX 7.1 lquerylv privilege escalation Date: 2015.10.30 Exploit Author: S2 Crew Hungary Vendor Homepage: www.ibm.com Software Link: - Version: - Tested on: AIX 7.1 7100-02-03-1334 CVE : CVE-2014-8904 From file writing to command...
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery Privilege Escalation
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery Privilege Escalation function doit var e=document.getElementById'HELL' e.submit input type="text" name="...
Pligg CMS 2.0.2 - Cross-Site Request Forgery Code Execution
Pligg CMS 2.0.2 - Cross-Site Request Forgery Code Execution Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Code Execution & CSRF Remote Exploitable: Yes...
Pligg CMS 2.0.2 - Directory Traversal
Pligg CMS 2.0.2 - Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor:...
Oxwall 1.7.4 - Cross-Site Request Forgery
Oxwall 1.7.4 - Cross-Site Request Forgery Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September ...
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution Exploit title: Hitron Router CGN3ACSMR - Remote Code Execution Author: Dolev Farhi dolevf at protonmail.ch Date: 29-10-2015 Vendor homepage: http://www.hitrontech.com/en/index.php Software version: 4.5.8.16 Hardware version: 1A Details:...
Pligg CMS 2.0.2 - Multiple SQL Injections
Pligg CMS 2.0.2 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service Privilege Escalation (MS15-111)
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service Privilege Escalation MS15-111 Source: https://code.google.com/p/google-security-research/issues/detail?id=483 Windows: NtCreateLowBoxToken Handle Capture Local DoS/Elevation of Privilege Platform: Windows 8.1 Update,...
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY...
Joomla! Component com_jnews 8.5.1 - SQL Injection
Joomla! Component comjnews 8.5.1 - SQL Injection Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Exploit...
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash SEH PoC !/usr/bin/env python -- coding: utf-8 -- Exploit Title : Sam Spade 1.14 Scan from IP address Field SEH Overflow Crash PoC Discovery by : Luis Martínez Email : [email protected] Discovery Date : 20/10/2015 Vendor Homepage :...
NetUSB - Kernel Stack Buffer Overflow
NetUSB - Kernel Stack Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: NetUSB Kernel Stack Buffer Overflow Date: 9/10/15 Exploit Author: Adrian Ruiz Bermudo Vendor Homepage: http://www.kcodes.com/ Version: Multiple:...
Samsung - seiren Kernel Driver Buffer Overflow
Samsung - seiren Kernel Driver Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=491 The Exynos Seiren Audio driver has a device endpoint /dev/seiren that is accessible by either the system user or the audio group such as the mediaserver. It was found tha...
Samsung fimg2d - FIMG2D_BITBLT_BLIT ioctl Concurrency Flaw
Samsung fimg2d - FIMG2DBITBLTBLIT ioctl Concurrency Flaw Source: https://code.google.com/p/google-security-research/issues/detail?id=492 The Samsung Graphics 2D driver /dev/fimg2d is accessible by unprivileged users/applications. It was found that the ioctl implementation for this driver contains...
Sagem FAST3304-V2 - Authentication Bypass (2)
Sagem FAST3304-V2 - Authentication Bypass 2 ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title: Sagem javascrip...
Samsung SecEmailUI - Script Injection
Samsung SecEmailUI - Script Injection Source: https://code.google.com/p/google-security-research/issues/detail?id=494 ''' The default Samsung email client's email viewer and composer implemented in SecEmailUI.apk doesn't sanitize HTML email content for scripts before rendering the data inside a...
Samsung - m2m1shot Kernel Driver Buffer Overflow
Samsung - m2m1shot Kernel Driver Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=493 The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoin...
JIRA and HipChat for JIRA Plugin - Velocity Template Injection
JIRA and HipChat for JIRA Plugin - Velocity Template Injection JIRA and HipChat for JIRA plugin Velocity Template Injection Vulnerability Date: 2015-08-26 CVE ID: CVE-2015-5603 Vendor Link:...
Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
Samsung - SecEmailComposer QUICKREPLYBACKGROUND Permissions Source: https://code.google.com/p/google-security-research/issues/detail?id=490 The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that th...
Joomla! 3.2.x 3.4.4 - SQL Injection
Joomla! 3.2.x 3.4.4 - SQL Injection --==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight...
Microsoft Windows 10 - pcap Driver Privilege Escalation
Microsoft Windows 10 - pcap Driver Privilege Escalation // Source: https://github.com/Rootkitsmm/Win10Pcap-Exploit include include include include include include include include include define SLIOCTLGETEVENTNAME CTLCODE0x8000, 1, METHODNEITHER, FILEANYACCESS define STATUSSUCCESS...
Alreader 2.5 .fb2 - Based Stack Overflow (SEH) (ASLR + DEP Bypass)
Alreader 2.5 .fb2 - Based Stack Overflow SEH ASLR + DEP Bypass !/usr/bin/env python Exploit Title: Alreader 2.5 .fb2 SEH Based Stack Overflow ASLR and DEP bypass Date: 25.10.2015 Category: Local Exploit Exploit Author: g00dv1n Contact: [email protected] Version: 2.5 Tested on: Windows XP...
Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections
Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is ...
Subrion 3.x - Multiple Vulnerabilities
Subrion 3.x - Multiple Vulnerabilities - Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version =...
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting Cross-Site Request Forgery
Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting Cross-Site Request Forgery Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client...
Easy File Sharing Web Server 7.2 - Remote Overflow (SEH)
Easy File Sharing Web Server 7.2 - Remote Overflow SEH !/usr/bin/env python Easy File Sharing Web Server v7.2 Remote SEH Based Overflow The buffer overwrites ebx with 750+ offset, when sending 4059 it overwrites the EBX vulnerable file /changeuser.ghp Cookies UserID=buf Means there are two ways t...
Beckhoff CX9020 CPU Module - Remote Code Execution
Beckhoff CX9020 CPU Module - Remote Code Execution ! /usr/bin/env python ''' Exploit Title: Beckhoff CX9020 CPU Module Web Exploit RCE Date: 2015-10-22 Exploit Author: Photubias - tijldotdeneutathowestdotbe, based on work by Frank Lycops [email protected] Vendor Homepage:...
TeamSpeak Client 3.0.18.1 - Remote File Inclusion Remote Code Execution
TeamSpeak Client 3.0.18.1 - Remote File Inclusion Remote Code Execution Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac ...
The World Browser 3.0 Final - Remote Code Execution
The World Browser 3.0 Final - Remote Code Execution !/usr/bin/php ?php Author : Ehsan Noreddini E-Mail : [email protected] Social : @prot3ct0r Title : The World Browser Remote Code Execution TheWorld Browser is a tiny, fast and powerful web Browser. It is completely free. There is no function...
HandyPassword 4.9.3 - Overwrite (SEH)
HandyPassword 4.9.3 - Overwrite SEH ''' Exploit Title: HandyPassword SEH-Over Write Exploit Date: 9/24/2015 Exploit Author: UnN0n Software Link: http://www.handypassword.com/download.shtml Version: 4.9.3 Tested on: Windows 7 x8632 BIT Steps to Produce the Crash: 1- open 'HandyPassword.exe'. 2- Th...
HTML Compiler - Remote Code Execution
HTML Compiler - Remote Code Execution !/usr/bin/php New Project - Choose here your site index file 4 . browse loader.html 5 . Enjoy ! loader.html source code : poc proof : http://ehsann.info/proof/HTMLCompilerRemoteCodeExecute.png $port=80; Listen port if using from Skype or another program that...
Adobe Flash - IExternalizable.writeExternal Type Confusion
Adobe Flash - IExternalizable.writeExternal Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=547 If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to...
RealtyScript 4.0.2 - Multiple Blind SQL Injections
RealtyScript 4.0.2 - Multiple Blind SQL Injections RealtyScript v4.0.2 Multiple Time-based Blind SQL Injection Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is award-winning real estate software that makes...
Belkin N150 Router 1.00.081.00.09 - Directory Traversal
Belkin N150 Router 1.00.081.00.09 - Directory Traversal Title: Path Traversal Vulnerability Product: Belkin Router N150 Author: Rahul Pratap Singh Website: https://0x62626262.wordpress.com Contact: Linkedin: https://in.linkedin.com/in/rahulpratapsingh94 Twitter: @0x62626262 Vendor Homepage:...
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is...
WordPress Plugin Ajax Load More 2.8.2 - Arbitrary File Upload
WordPress Plugin Ajax Load More 2.8.2 - Arbitrary File Upload This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress Plugin ajax-load-more Authenticated Arbitrary File...
VideoLAN VLC Media Player 2.2.1 - libvlccore .mp3 Stack Overflow
VideoLAN VLC Media Player 2.2.1 - libvlccore .mp3 Stack Overflow Exploit Title: VLC | libvlccore - .mp3 Stack Overflow Date: 18/10/2015 Exploit Author: Andrea Sindoni Software Link: https://www.videolan.org/vlc/index.it.html Version: 2.2.1 Tested on: Windows 7 Professional 64 bits PoC with MP3:...
Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH)
Tomabo MP4 Player 3.11.6 - Local Stack Overflow SEH !/usr/bin/python Exploit Title: Tomabo MP4 Player 3.11.6 SEH Based Stack Overflow Exploit Author: @yokoacc, @nudragn, @runggareksya Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-player/download.html Vulnerable...
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - .asx Local Stack Overflow
ASX to MP3 Converter 1.82.50 Windows 2003 x86 - .asx Local Stack Overflow / ASX to MP3 Converter SOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team holahola https://www.exploit-db.com/exploits/38382/ Winblows 2k3 / include include include int main int i; char overwriteoffset =...
ZHONE S3.0.501 - Multiple Remote Code Execution Vulnerabilities
ZHONE S3.0.501 - Multiple Remote Code Execution Vulnerabilities Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA,...
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities Exploit Title: PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: No process to handle vuln reports Vendor Homepage:...
AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow
AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ADOBE-WRKGRP-BUFFER-OVERFLOW.txt Vendor: ================================ www.adobe.com Product:...