41207 matches found
Linux Kernel 3.17 - Python ctypes and memfd_create noexec File Security Bypass
Linux Kernel 3.17 - Python ctypes and memfdcreate noexec File Security Bypass Exploit Title: Linux = 3.17 noexec bypass with python ctypes and memfdcreate Date: 2015.10.14 Exploit Author: soyer Version: linux = 3.17 Tested on: Ubuntu 15.04 x8664 usage: $ ls -la execfile -rwxr-xr-x 1 soyer soyer...
netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities
netis RealTek Wireless Router ADSL Modem - Multiple Vulnerabilities Exploit Title: netis RealTek wireless router / ADSL modem Multiple Vulnerabilities Discovered by: Karn Ganeshen Reported on: October 13, 2015 Vendor Response: Vulnerability? What's this? Vendor Homepage: www.netis-systems.com...
Blat 2.7.6 SMTP NNTP Mailer - Local Buffer Overflow
Blat 2.7.6 SMTP NNTP Mailer - Local Buffer Overflow ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-BLAT-MAILER-BUFFER-OVERFLOW.txt Vendor: ================================ www.blat.net http://sourceforge.net/projects/blat/...
Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)
Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass MS15-111 Source: https://code.google.com/p/google-security-research/issues/detail?id=486 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Platform: Windows 10 build 10240, earlier versions do not have...
Boxoft WAV to MP3 Converter 1.1 - Local Buffer Overflow (SEH)
Boxoft WAV to MP3 Converter 1.1 - Local Buffer Overflow SEH Exploit Title: Boxoft WAV to MP3 Converter 1.1 - SEH Buffer Overflow Date: 10/13/2015 Exploit Author: ArminCyber Contact: [email protected] Version: 1.1 Tested on: XP SP3 EN Description: A malicious .aiff file cause this...
LinuxMIPS Kernel 2.6.36 - NetUSB Remote Code Execution
LinuxMIPS Kernel 2.6.36 - NetUSB Remote Code Execution !/usr/bin/env python Source: http://haxx.in/blasty-vs-netusb.py CVE-2015-3036 - NetUSB Remote Code Execution exploit Linux/MIPS =========================================================================== This is a weaponized exploit for the...
ZYXEL PMG5318-B20A - OS Command Injection
ZYXEL PMG5318-B20A - OS Command Injection Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...
Kerio Control 8.6.1 - Multiple Vulnerabilities
Kerio Control 8.6.1 - Multiple Vulnerabilities IntelliSec Security Advisory ============================================================================================== Title: Multiple Vulnerabilities in Kerio Control Virtual Appliance Vulnerabilities: SQL Injection, Remote Code Execution throu...
NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
NETGEAR Voice Gateway 2.3.0.232.3.23 - Multiple Vulnerabilities Exploit Title: Netgear Voice Gateway Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor Discovered by: Karn Ganeshen Vendor Homepage: www.netgear.com Version: Firmware Version: V2.3.0.232.3.23 Netgear Voice Gateway...
CDex Genre 1.79 - Local Stack Buffer Overflow
CDex Genre 1.79 - Local Stack Buffer Overflow ''' Exploit Title: CDex Genre Stack Buffer Overflow Date: 10/9/2015 Exploit Author: UnN0n Software Link: http://cdex.mu/download Version: 1.79 Tested on: Windows 7 x8632 BIT Steps to Produce the Crash: 1- Generate a File by python code mentioned below...
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal Exploit Title: F5 BigIP File Path Traversal Vulnerability Discovered by: Karn Ganeshen Reported on: April 27, 2015 New version released on: September 01, 2015 Vendor Homepage: www.f5.com Version Reported: F5 BIG-IP 10.2.4 Build 595.0...
libsndfile 1.0.25 - Local Heap Overflow
libsndfile 1.0.25 - Local Heap Overflow !/usr/bin/env perl Exploit Title: libsndfile SWF/Audio play - pulseaudio - libsndfile ?? not tested - Email attachment - TCP socket connection for audio server only - File upload ex. server side audio file manipulation, interactive voice responder - etc...
ZHONE S3.0.501 - Multiple Vulnerabilities
ZHONE S3.0.501 - Multiple Vulnerabilities Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx...
PHPMyLicense 3.0.0 3.1.4 - Denial of Service
PHPMyLicense 3.0.0 3.1.4 - Denial of Service Hello, I want to report following exploit: Exploit Title: PHPMyLicense Stored Cross Site Scripting Date: 09-10-2015 Exploit Author: Aria Akhavan Rezayat @ Websec GesmbH Website: https://websec-test.com Vendor Homepage: https://phpmylicense.com Software...
Tomabo MP4 Converter 3.10.12 3.11.12 - .m3u File Crush Application (Denial of Service)
Tomabo MP4 Converter 3.10.12 3.11.12 - .m3u File Crush Application Denial of Service !/usr/bin/python Exploit Title: Tomabo MP4 Converter 3.10.12 - .m3u Denial of service Crush application Date: 8-10-2015 Exploit Author: M.Ibrahim [email protected] E-Mail: vulnbug gmail.com Vendor Homepage:...
Liferay 6.1.0 CE - Privilege Escalation
Liferay 6.1.0 CE - Privilege Escalation Exploit Title: Liferay 6.1.0 CE GA1 Privilege Escalation Date: 18/05/2015 Exploit Author: Massimo De Luca - mentat.is Vendor Homepage: https://www.liferay.com Software Link:...
Joomla! Component com_realestatemanager 3.7 - SQL Injection
Joomla! Component comrealestatemanager 3.7 - SQL Injection Description of component: This Joomla component is perfect for independent estate agents, property rental companies and agencies, hotel booking, hotel manage, motel booking, motel manage. Exploit Title: Joomla component comrealestatemanag...
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) Arbitrary File Upload PHP Code Execution
Dream CMS 2.3.0 - Cross-Site Request Forgery Add Extension Arbitrary File Upload PHP Code Execution Dream CMS 2...
VeryPDF Image2PDF Converter - Local Buffer Overflow (SEH)
VeryPDF Image2PDF Converter - Local Buffer Overflow SEH Exploit Title: VeryPDF Image2PDF Converter SEH Buffer Overflow Date: 10-7-2015 Software Link: http://www.verypdf.com/tif2pdf/img2pdf.exe Exploit Author: Robbie Corley Platform Tested: Windows 7 x64 Contact: [email protected] Website: CVE...
Kallithea 0.2.9 - came_from HTTP Response Splitting
Kallithea 0.2.9 - camefrom HTTP Response Splitting Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd,...
Zope Management Interface 4.3.7 - Cross-Site Request Forgery
Zope Management Interface 4.3.7 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zop...
ZTE ZXHN H108N Router - Configuration Disclosure
ZTE ZXHN H108N Router - Configuration Disclosure !-- ZTE ZXHN H108N unauthenticated config download Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg http://pastebin.com/u/hackerscommunity Tested device: Model ZXHN H108N...
GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution
GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link:...
PHP-Fusion 7.02.07 - Blind SQL Injection
PHP-Fusion 7.02.07 - Blind SQL Injection ============================================= MGC ALERT 2015-002 - Original release date: September 18, 2015 - Last revised: October 05, 2015 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...
LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC)
LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow PoC ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-LANWHOIS-BUFFER-OVERFLOW-10062015.txt Vendor: ================================ www.lantricks.com Product:...
Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC)
Last PassBroker 3.2.16 - Stack Buffer Overflow PoC ''' Exploit Title: Last PassBroker Stack-based BOF Date: 9/23/2015 Exploit Author: UnN0n Software Link: https://lastpass.com/download Version: 3.2.16 Tested on: Windows 7 x8632 BIT Steps to Produce the Crash: 1- open 'LastPassBroker.exe'. 2- A...
Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery
Alienvault Open Source SIEM OSSIM 4.3 - Cross-Site Request Forgery Exploit Title: AlienVault - ossim CSRF Date: 10-5-2015 Exploit Author: MohamadReza Mohajerani Vendor Homepage: www.alienvault.com Software Link: https://www.alienvault.com/products/ossim Version: Tested on 4.3 Vulnerability Detail...
TrueCrypt 7 VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
TrueCrypt 7 VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation...
LanSpy 2.0.0.155 - Buffer Overflow (PoC)
LanSpy 2.0.0.155 - Buffer Overflow PoC ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-LANSPY-BUFFER-OVERFLOW-10052015.txt Vendor: ================================ www.lantricks.com Product: ================================...
ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal
ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use...
FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities
FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-2009-CSRF.txt Vendor: ================================ www.ftgate.com Product: ======================================== FTGat...
WinRar 5.30 Beta 4 - Settings Import Command Execution
WinRar 5.30 Beta 4 - Settings Import Command Execution !/usr/bin/python -w Title : WinRar Settings Import Command Execution Date : 02/10/2015 Author : R-73eN Tested on : Windows 7 Ultimate Vulnerable Versions : Winrar 5.30 beta 4 The vulnerability exists in the "Import Settings From File" functio...
Avast! AntiVirus - X.509 Error Rendering Command Execution
Avast! AntiVirus - X.509 Error Rendering Command Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=546 Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature. Unbelievably, this means...
ASX to MP3 Converter 1.82.50 (Windows XP SP3) - .asx Local Stack Overflow
ASX to MP3 Converter 1.82.50 Windows XP SP3 - .asx Local Stack Overflow ''' Exploit Title: ASX to MP3 Converter 1.82.50 Stack Overflow Date: 2 Oct 2015 Exploit Author: exptr Vendor Homepage: http://mini-stream.net Version: 1.82.50 Tested on: Windows XP SP3 ''' import struct filename = "exploit.as...
FTGate 7 - Cross-Site Request Forgery
FTGate 7 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-V7-CSRF.txt Vendor: ================================ www.ftgate.com www.ftgate.com/ftgate-update-7-0-300 Product:...
ElasticSearch 1.6.0 - Arbitrary File Download
ElasticSearch 1.6.0 - Arbitrary File Download elasticpwn Script for ElasticSearch url path traversal vuln. CVE-2015-5531 crg@fogheaven elasticpwn$ python CVE-2015-5531.py exploitlab.int /etc/hosts !dSR script for CVE-2015-5531 127.0.0.1 localhost The following lines are desirable for IPv6 capable...
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities Exploit Title: Vehicle 3G Wi-Fi Router - PIXORD - Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor till date Discovered by: Karn Ganeshen Vendor Homepage: http://www.pixord.com/en/productsshow.php?show=17 Versio...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation CVE-2015-5889: issetugid + rsh + libmalloc osx local root tested on osx 10.9.5 / 10.10.5 jul/2015 by rebel import os,time,sys env = s = os.stat"/etc/sudoers".stsize env'MallocLogFile' = '/etc/crontab' env'MallocStackLogging' =...
MakeSFX.exe 1.44 - Local Stack Buffer Overflow
MakeSFX.exe 1.44 - Local Stack Buffer Overflow ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Vendor: ================================ freeextractor.sourceforge.net/FreeExtractor...
Dropbox 3.3.x - OSX FinderLoadBundle Privilege Escalation
Dropbox 3.3.x - OSX FinderLoadBundle Privilege Escalation !/bin/bash Exploit Title: Dropbox FinderLoadBundle OS X local root exploit Google Dork: N/A Date: 29/09/15 Exploit Author: cenobyte Vendor Homepage: https://www.dropbox.com Software Link: N/A Version: Dropbox 1.5.6, 1.6-7., 2.1-11., 3.0.,...
IconLover 5.42 - Local Buffer Overflow
IconLover 5.42 - Local Buffer Overflow Exploit Title: IconLover v5.42 Buffer Overflow Exploit Date: 29/09/2015 Exploit Author: cor3sm4sh3r Author email: cor3sm4sh3ratgmail.com Contact: https://in.linkedin.com/in/cor3sm4sh3r Twitter: https://twitter.com/cor3sm4sh3r Category: Local Tested : win XP...
Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation
Apport 2.19 Ubuntu 15.04 - Local Privilege Escalation Source: http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/ Problem description: On Ubuntu Vivid Linux distribution apport is used for automated sending of client program crash dumps but also of kernel crash...
Western Digital My Cloud 04.01.03-42104.01.04-422 - Command Injection
Western Digital My Cloud 04.01.03-42104.01.04-422 - Command Injection Exploit Title: Western Digital My Cloud Command Injection Vendor Homepage: http://www.wdc.com Firmware tested: 04.01.03-421 and 04.01.04-422 for the Personal Cloud devices Firmware link:...
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
Kaseya Virtual System Administrator VSA - Multiple Vulnerabilities 2 Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post...
Photos in Wifi 1.0.1 iOS - Arbitrary File Upload
Photos in Wifi 1.0.1 iOS - Arbitrary File Upload Document Title: =============== Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-28 Vulnerability...
Mango Automation 2.6.0 - Multiple Vulnerabilities
Mango Automation 2.6.0 - Multiple Vulnerabilities Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a...
BisonWare BisonFTP Server 3.5 - Directory Traversal
BisonWare BisonFTP Server 3.5 - Directory Traversal !/usr/bin/python title: BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability author: Jay Turla tested on Windows XP Service Pack 3 - English software link:...
Telegram 3.2 - Input Length Handling Crash (PoC)
Telegram 3.2 - Input Length Handling Crash PoC + Title: Telegram - Input Length Handling Denial of Service Vulnerability + Product: Telegram + Vendor: http://telegram.org/ + SoftWare Link : https://itunes.apple.com/en/app/telegram-messenger/id686449807?mt=8 + Vulnerable Versions: Telegram 3.2 on...
My.WiFi USB Drive 1.0 iOS - Local File Inclusion
My.WiFi USB Drive 1.0 iOS - Local File Inclusion Document Title: =============== My.WiFi USB Drive v1.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1589 Release Date: ============= 2015-09-24 Vulnerability Laboratory ...