41207 matches found
Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow
Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=467 There is a heap overflow in daeElement::setElementName. The vulnerable method uses a fixed size 128 bytes heap-allocated buffer to copy the name of a...
h5ai 0.25.0 - Unrestricted Arbitrary File Upload
h5ai 0.25.0 - Unrestricted Arbitrary File Upload !/usr/bin/env python Exploit Title: h5ai 0.25.0 Unrestricted File Upload Date: 21 September 2015 Exploit Author: rTheory Vendor Homepage: https://larsjung.de/h5ai/ Vulnerable Software Link:...
ADH-Web Server IP-Cameras - Multiple Vulnerabilities
ADH-Web Server IP-Cameras - Multiple Vulnerabilities 1. Adivisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions EDB-ID: 38245 Advisory ID: OLSA-2015-0919 Advisory URL: http://www.orwelllabs.com/2015/10/adh-web-server-ip-cameras-improper.html Date published: 2015-09-19...
Total Commander 8.52 - Local Buffer Overflow
Total Commander 8.52 - Local Buffer Overflow !/usr/bin/python EXPLOIT TITLE: Total Commander 8.52 Buffer Overflow AUTHOR: VIKRAMADITYA "-OPTIMUS" Credits: UnN0n Date of Testing: 19th September 2015 Download Link : http://tcmd852.s3-us-west-1.amazonaws.com/tc852x32b1.exe Tested On : Windows XP...
Konica Minolta FTP Utility 1.0 - Remote Command Execution
Konica Minolta FTP Utility 1.0 - Remote Command Execution Title: Konica Minolta FTP Utility - Remote Command Execution Date : 20/09/2015 Author: R-73eN Software: Konica Minolta FTP Utility v1.0 Tested: Windows XP SP3 Software link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu10.zip...
Total Commander 8.52 (Windows 10) - Local Buffer Overflow
Total Commander 8.52 Windows 10 - Local Buffer Overflow !/usr/bin/python EXPLOIT TITLE: Total Commander 8.52 Buffer Overflow AUTHOR: VIKRAMADITYA "-OPTIMUS" Credits: UnN0n Date of Testing: 19th September 2015 Download Link : http://tcmd852.s3-us-west-1.amazonaws.com/tc852x32b1.exe Tested On :...
Thomson CableHome Gateway (DWG849) Cable Modem Gateway - Information Exposure
Thomson CableHome Gateway DWG849 Cable Modem Gateway - Information Exposure Exploit Title: Information Exposure via SNMP on Thomson CableHome Gateway MODEL: DWG849 Cable Modem Gateway Google Dork: n/a Date: 09/18/2015 Exploit Author: Matt Dunlap Vendor Homepage:...
Pligg CMS 2.0.2 - load_data_for_search.php SQL Injection
Pligg CMS 2.0.2 - loaddataforsearch.php SQL Injection Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team...
Wireshark 1.12.7 - Division by Zero Crash (PoC)
Wireshark 1.12.7 - Division by Zero Crash PoC Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC Date: 02/09/2015 Exploit Author: spyk @SwanBeaujard Vendor Homepage: https://www.wireshark.org/ Software Link: https://www.wireshark.org/download.html Version: 1.12.7 Tested on: Windows 7 Thanks...
ZeusCart 4.0 - SQL Injection
ZeusCart 4.0 - SQL Injection ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...
ZTE PC UI USB Modem Software - Local Buffer Overflow
ZTE PC UI USB Modem Software - Local Buffer Overflow !/usr/bin/python -w Title : ZTE PC UI USB MODEM SOFTWARE Buffer Overflow Date : 17/09/2015 Author : R-73eN Tested on : Windows Xp sp3 on software Eagle Speed PCWEAGLEALBp671A1V1.0.0B02 Since all the PC UI based software shares the same source...
IKEView.exe R60 - .elg Local (SEH)
IKEView.exe R60 - .elg Local SEH Exploit Title: IKEView.exe R60 localSEH Exploit Date: 17/09/2015 Exploit Author: cor3sm4sh3r Author email: cor3sm4sh3ratgmail.com Contact: https://in.linkedin.com/pub/shravan-kumar-ceh-oscp/103/414/450 Category: Local + Gr337z: hyp3rlinx for finding the bug +...
Google Android - libstagefright Integer Overflow Remote Code Execution
Google Android - libstagefright Integer Overflow Remote Code Execution !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00...
ZeusCart 4.0 - Cross-Site Request Forgery
ZeusCart 4.0 - Cross-Site Request Forgery ZeusCart 4.0: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendo...
IKEView R60 - Local Buffer Overflow (SEH)
IKEView R60 - Local Buffer Overflow SEH !/usr/bin/python EXPLOIT TITLE: IKEView R60 Buffer overflowSEH Local Exploit AUTHOR: VIKRAMADITYA "-OPTIMUS" Credits: hyp3rlinx Date of Testing: 17th September 2015 Download Link : https://www.exploit-db.com/apps/e74a3dcf9bd8a2dd05026532fbf9bb36-IKEView.exe...
VBox Satellite Express 2.3.17.3 - Arbitrary Write
VBox Satellite Express 2.3.17.3 - Arbitrary Write KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation Title: VBox Satellite Express Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-005 Publication Date: 2015.09.16 Publication URL:...
Microsoft Excel 200720102013 - BIFFRecord Use-After-Free
Microsoft Excel 200720102013 - BIFFRecord Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=462 The following crash was observed in Microsoft Excel 2007 running on Windows 2003 R2. This crash was also reproduced in Microsoft Excel 2010 on Windows 7 x86 and...
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=465 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for...
Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure MS15-097 Source: https://code.google.com/p/google-security-research/issues/detail?id=469 The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application...
FAROL - SQL Injection
FAROL - SQL Injection Exploit Title: Web Application Farol with anauthenticated SQLi injection Date: 2015-09-16 Exploit Author: Thierry Fernandes Faria a.k.a SoiL thierryfariaa at gmail dot com Vendor Homepage:http://www.teiko.com.br/pt/solucoes/infraestrutura-em-ti/farol Version: All CVE :...
Microsoft Office 2007 - BIFFRecord Length Use-After-Free
Microsoft Office 2007 - BIFFRecord Length Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=464 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and...
Openfire 3.10.2 - Cross-Site Request Forgery
Openfire 3.10.2 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...
Silver Peak VXOA 6.2.11 - Multiple Vulnerabilities
Silver Peak VXOA 6.2.11 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Silver Peak VXOA Multiple Vulnerabilities Affected versions: Silver Peak VX 6.2.11 PDF:...
Openfire 3.10.2 - Privilege Escalation
Openfire 3.10.2 - Privilege Escalation + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...
TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials
TP-Link NC200NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Buil...
Microsoft Windows Task Scheduler - DeleteExpiredTaskAfter File Deletion Privilege Escalation
Microsoft Windows Task Scheduler - DeleteExpiredTaskAfter File Deletion Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=442 Windows: Task Scheduler DeleteExpiredTaskAfter File Deletion Elevation of Privilege Platform: Windows 8.1 Update, looks like...
Openfire 3.10.2 - Remote File Inclusion
Openfire 3.10.2 - Remote File Inclusion...
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
Total Commander 8.52 - Overwrite Buffer Overflow SEH ''' Exploit Title: Total Commander 32bit SEH Overwrite. Date: 8/27/2015 Exploit Author: UnN0n Software Vendor: http://www.ghisler.com/ Software Link: http://www.ghisler.com/download.htm Version: 8.52 Tested on: Windows 8 x6464 BIT Info: EAX...
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=437 Windows: CreateObjectTask SettingsSyncDiagnostics Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in...
Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation
Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=468 Windows: User Mode Font Driver Thread Permissions EoP Platform: Windows 10 Build 10130 Class: Elevation of Privilege...
Openfire 3.10.2 - Unrestricted Arbitrary File Upload
Openfire 3.10.2 - Unrestricted Arbitrary File Upload...
Microsoft Windows - CreateObjectTask TileUserBroker Privilege Escalation
Microsoft Windows - CreateObjectTask TileUserBroker Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=439 Windows: CreateObjectTask TileUserBroker Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in earlier Windows...
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection Exploit Title: WordPress: cp-reservation-calendar 1.1.6 SQLi injection Date: 2015-09-15 Google Dork: Index of /wp-content/plugins/cp-reservation-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Software Link:...
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak MS15-023 Source: https://code.google.com/p/google-security-research/issues/detail?id=461 Windows: NtUserGetClipboardAccessToken Token Leak Redux Platform: Windows 8.1 Update, Windows 10 Build 10130 Class: Security Bypass/EoP Summary: Th...
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
ManageEngine OpManager 11.5 - Multiple Vulnerabilities Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded...
IKEView.exe R60 - Stack Buffer Overflow (PoC)
IKEView.exe R60 - Stack Buffer Overflow PoC + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-IKEVIEWR60-0914.txt Vendor: ================================ www.checkpoint.com http://pingtool.org/downloads/IKEView.exe Product:...
ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution
ManageEngine EventLog Analyzer 10.6 build 10060 - SQL Execution Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication:...
WordPress Plugin EZ SQL Reports 4.11.37 - Multiple Vulnerabilities
WordPress Plugin EZ SQL Reports 4.11.37 - Multiple Vulnerabilities Exploit Title: EZ SQL Reports Proxy-Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Referer:...
IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC)
IKEView.exe Fox Beta 1 - Stack Buffer Overflow PoC + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CPIKEVIEW-0911.txt Vendor: ================================ www.checkpoint.com Product: ================================ IKEView.exe...
Microsoft Windows Media Center - Command Execution (MS15-100)
Microsoft Windows Media Center - Command Execution MS15-100 Title: MS15-100 Windows Media Center Command Execution Date : 11/09/2015 Author: R-73eN Software: Windows Media Center Tested : Windows 7 Ultimate CVE : 2015-2509 banner = "" banner += " \n" banner +=" | | / | / | / \ | | \n" banner +=" ...
Monsta FTP 1.6.2 - Multiple Vulnerabilities
Monsta FTP 1.6.2 - Multiple Vulnerabilities Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com Software Link: www.monstaftp.com Version: monstaftpv1.6.2 Test...
Microsoft Internet Explorer 11 - Stack Underflow Crash (PoC)
Microsoft Internet Explorer 11 - Stack Underflow Crash PoC crash IE 11 function crash var id0 = null; id0 = document.createElement 'THEAD' ; document.body.appendChild id0 ; elemTree = ; elemTree0= document.createElement'SELECT'; document.all7.appendChildelemTree0; elemTree1=...
Logitech Webcam Software 1.1 - eReg.exe Local Buffer Overflow (SEH Unicode)
Logitech Webcam Software 1.1 - eReg.exe Local Buffer Overflow SEH Unicode Title: Logitech Webcam Software 1.1 eReg.exe SEH/Unicode Buffer Overflow Date: 9-10-2015 Target tested: Windows 7 x64 Software Link: http://www.logitech.com/pub/techsupport/quickcam/lws110x64.exe Author: Robbie Corley...
OpenLDAP 2.4.42 - ber_get_next Denial of Service
OpenLDAP 2.4.42 - bergetnext Denial of Service Exploit Title: OpenLDAP 2.4.42 bergetnext DOS Date: 11/09/15 Exploit Author: Denis Andzakovic - Security-Assessment.com Vendor Homepage: http://www.openldap.org/ Software Link: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.42.tgz...
Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group
Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends t...
Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation
Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by...
Synology Video Station 1.5-0757 - Multiple Vulnerabilities
Synology Video Station 1.5-0757 - Multiple Vulnerabilities ------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahi...
Apple Mac OSX - Install.framework suid Helper Privilege Escalation
Apple Mac OSX - Install.framework suid Helper Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root...
PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile disable_functions Bypass Load Dynamic Library
PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile disablefunctions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...