41207 matches found
Octogate UTM 3.0.12 - Admin Interface Directory Traversal
Octogate UTM 3.0.12 - Admin Interface Directory Traversal Exploit Title: Octogate UTM Admin Interface Directory Traversal Date: 26.08.2015 Software Link: http://www.octogate.com Exploit Author: Oliver Karow Contact: [email protected] Website: http://www.oliverkarow.de Category: Remote Exploit...
PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library
PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...
PHP Session Deserializer - Use-After-Free
PHP Session Deserializer - Use-After-Free Use After Free Vulnerabilities in Session Deserializer Taoguang Chen Write Date: 2015.8.9 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in session deserializer php/phpbinary/phpserialize that can be abused for leaking...
PHP 5.45.55.6 - SplObjectStorage Unserialize() Use-After-Free
PHP 5.45.55.6 - SplObjectStorage Unserialize Use-After-Free Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's...
PHP 5.45.55.6 - SplDoublyLinkedList Unserialize() Use-After-Free
PHP 5.45.55.6 - SplDoublyLinkedList Unserialize Use-After-Free Yet Another Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object...
PHP 5.45.55.6 - Unserialize() Use-After-Free
PHP 5.45.55.6 - Unserialize Use-After-Free Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks...
PHP GMP - unserialize() Use-After-Free
PHP GMP - unserialize Use-After-Free Use After Free Vulnerability in unserialize with GMP Taoguang Chen Write Date: 2015.8.17 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with GMP object's deserialization that can be abused for leaking arbitrary memory block...
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery INPUT type='hidden' maxLength=60 size=30 name="mail" id="mail" va...
Google Android - Stagefright Remote Code Execution
Google Android - Stagefright Remote Code Execution !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-153...
Qlikview 11.20 SR11 - Blind XML External Entity Injection
Qlikview 11.20 SR11 - Blind XML External Entity Injection Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type:...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/...
IBM AIX High Availability Cluster Multiprocessing (HACMP) - Local Privilege Escalation
IBM AIX High Availability Cluster Multiprocessing HACMP - Local Privilege Escalation IBM AIX High Availability Cluster Multiprocessing HACMP LPE to root 0day Let's kill some more bugs today and force vendor improvement : """ $ cat /tmp/su !/bin/sh /bin/sh $ chmod +x /tmp/su $ PATH=/tmp...
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com /...
Cisco Sourcefire User Agent 2.2 - Insecure File Permissions
Cisco Sourcefire User Agent 2.2 - Insecure File Permissions / Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits:...
Advantech Webaccess 8.0 3.4.3 - ActiveX Multiple Vulnerabilities
Advantech Webaccess 8.0 3.4.3 - ActiveX Multiple Vulnerabilities Introduction Using Advantech WebAccess SCADA Software we can remotely manage Industrial Control systems devices like RTU's, Generators, Motors etc. Attackers can execute code remotely by passing maliciously crafted string to...
JSPMySQL Administrador - Multiple Vulnerabilities
JSPMySQL Administrador - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador...
VeryPDF HTML Converter 2.0 - Local Buffer Overflow (SEHToLower() Bypass)
VeryPDF HTML Converter 2.0 - Local Buffer Overflow SEHToLower Bypass Exploit Title: VeryPDF HTML Converter v2.0 SEH/ToLower Bypass Buffer Overflow Date: 9-6-2015 Target tested: Windows 7 x86/x64 Software Link: http://www.verypdf.com/htmltools/winhtmltools.exe Exploit Author: Robbie Corley Contact...
NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
NETGEAR Wireless Management System 2.1.4.15 Build 1236 - Privilege Escalation NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. WMS5316 ProSafe 16AP Wireless Management System - Firmware 2.1.4.15 Build 1236. - Vulnerability Information:...
Elastix 2.5 - PHP Code Injection
Elastix 2.5 - PHP Code Injection '; $faf=fopen"fa.txt","w+"; fwrite$faf,$inj; fclose$faf; $myf='fa.txt'; $url = $target."/vtigercrm/phprint.php?action=fa&module=ff&langcrm=../../modules/Import/ImportStep2.php%00"; // URL $reffer = "http://1337s.cc/index.php"; $agent = "Mozilla/5.0 Windows; U;...
FireEye Appliance - Unauthorized File Disclosure
FireEye Appliance - Unauthorized File Disclosure Just one of many handfuls of FireEye / Mandiant 0day. Been sitting on this for more than 18 months with no fix from those security "experts" at FireEye. Pretty sure Mandiant staff coded this and other bugs into the products. Even more sad, FireEye...
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC Exploit Title: ActiveState Perl.exe x64 Client Denial of Service v5.20.2 Date: 9-3-2015 Software Link:...
AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow
AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow Exploit Title: AutoCAD DWG and DXF To PDF Converter v2.2 Buffer Overflow Date: 9-5-2015 Software Link: http://www.verypdf.com/autocad-dwg-dxf-to-pdf/dwgdxftopdfsetup.exe Exploit Author: Robbie Corley Contact: [email protected]...
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Live Demos. It is packed with a Template Creator Wizard to create fantastic forms in a matter of seconds without coding. copy of ´contactformgenerator.php´ file =================== TECHNICAL...
Disconnect.me Mac OSX Client 2.0 - Local Privilege Escalation
Disconnect.me Mac OSX Client 2.0 - Local Privilege Escalation Disconnect.me is the search engine entrusted by the Tor Browser. Unfortunately, the Mac OS X client has an LPE to root vulnerability 0day. Original Download = v2.0: https://disconnect.me/premium/mac Archived Download: http://d-h.st/LKq...
Zhone ADSL2+ 4P Bridge Router (Broadcom) - Multiple Vulnerabilities
Zhone ADSL2+ 4P Bridge Router Broadcom - Multiple Vulnerabilities Document Title: =============== Zhone ADSL2+ 4P Bridge & Router Broadcom - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1591 Download:...
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description...
Tenda N3 Wireless N150 Router - Authentication Bypass
Tenda N3 Wireless N150 Router - Authentication Bypass Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers Date: 03-09-2015 Software Link: http://tendacn.com/en/product/N150.html Exploit Author: Mandeep Jadon Contact: http://twitter.com/1337tr0lls Website:...
SphereFTP Server 2.0 - Crash (PoC)
SphereFTP Server 2.0 - Crash PoC !/usr/bin/python Exploit Title: SphereFTP Server v2.0 Remote Crash PoC Date: 2015-09-02 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.menasoft.com/blog/?p=32 Software Link:...
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery Command Execution
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery Command Execution CSRF Demo Exploit -- document.auto.submit;...
Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass
Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass +-//////////////////////////////////////////////////////////////////////////// +- +- Exploit Title: Thomson Wireless VoIP Cable Modem Arbitrary File Access +- Date: October 22, 2013 +- Author: 0rwelllabs +- +- Product:...
Mantis Bug Tracker 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header Exploit Title: MantisBT 1.2.19 - Host header attack vulnerability Date: 07-09-2015 Exploit Author: Pier-Luc Maltais Centre opérationnel de sécurité informatique gouvernemental COSIG Vendor Homepage: https://www.mantisbt.org/ Software Link:...
Cerb 7.0.3 - Cross-Site Request Forgery
Cerb 7.0.3 - Cross-Site Request Forgery Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14,...
YesWiki 0.2 - squelette Directory Traversal
YesWiki 0.2 - squelette Directory Traversal Exploit Title: YESWIKI 0.2 - Path Traversal Date: 2015-09-02 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: http://yeswiki.net Software Link: https://github.com/YesWiki/yeswiki Version: yeswiki 0.2 Tested on: Debia...
Edimax BR6228nSBR6228nC - Multiple Vulnerabilities
Edimax BR6228nSBR6228nC - Multiple Vulnerabilities Title: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities Date: 01.09.15 Vendor: edimax.com Firmware version: 1.22 Author: Smash Contact: smash at devilteam.pl Few vulnerabilities found in Edimax BR6228nS/BR6228nC router firmware. 1/ Cross Site...
Mpxplay MultiMedia Commander 2.00a - .m3u Stack Buffer Overflow (PoC)
Mpxplay MultiMedia Commander 2.00a - .m3u Stack Buffer Overflow PoC Exploit Title: Mpxplay Multimedia Commander Stack-based BOF Date: 9/1/2015 Exploit Author: UnN0n Software Link: http://sourceforge.net/p/mpxplay/activity?source=projectactivity Version: V2.00a Tested on: Windows 7 x8632 BIT Steps...
Ricoh DC (SR10) 1.1.0.8 - Denial of Service
Ricoh DC SR10 1.1.0.8 - Denial of Service Exploit Title: Rocoh DC FTP SR10 v1.1.0.8 DoS Date: 8/31/2015 Exploit Author: j2x6 Vendor Homepage: http://www.ricoh-imaging.co.jp/ Software Link: http://www.ricoh-imaging.co.jp/english/rdc/download/sw/win/07.html Version: 1.1.0.8 Tested on: Windows 7...
Bedita 3.5.1 - Cross-Site Scripting
Bedita 3.5.1 - Cross-Site Scripting Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction:...
SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)
SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL:...
XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write (PoC)
XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-004 Publication Date: 2015.09.01 Publicati...
PhpWiki 1.5.4 - Multiple Vulnerabilities
PhpWiki 1.5.4 - Multiple Vulnerabilities Title: phpwiki 1.5.4 - Cross Site Scripting / Local File Inclusion Date: 29.08.15 Vendor: sourceforge.net/projects/phpwiki/ Affected versions: = 1.5.4 current Tested on: Apache2.2 / PHP5 / Deb32 Author: Smash Contact: smash at devilteam.pl 1/ Cross Site...
Microsoft Office 2007 - msxml5.dll Crash (PoC)
Microsoft Office 2007 - msxml5.dll Crash PoC !/usr/bin/perl -w Title : Microsoft Office 2007 msxml5.dll - Crash Proof Of Concept Tested : Microsoft Office 2007 / Win7 DLL : msxml5.dll 5.20.1072.0 WINWORD.EXE version : 12.0.6612.1000 Author : Mohammad Reza Espargham Linkedin :...
Viber 4.2.0 - Non-Printable Characters Handling Denial of Service
Viber 4.2.0 - Non-Printable Characters Handling Denial of Service !/usr/bin/perl -w -- coding: utf-8 - + Title: Viber Non-Printable Characters Handling Denial of Service Vulnerability + Product: Viber + Vendor: http://www.viber.com/en/ + SoftWare Link :...
Edimax PS-1206MF - Web Admin Authentication Bypass
Edimax PS-1206MF - Web Admin Authentication Bypass Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote...
PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC)
PFTP Server 8.0f Lite - textfield Local Buffer Overflow SEH PoC Exploit Title: PFTP Server 8.0f lite SEH bypass technique tested on Win7x64 Date: 8-29-2015 Software Link: http://www.heise.de/download/the-personal-ftp-server-78679a5e8458e9faa7c5564617bdd4c4-1440883445-267104.html Exploit Author:...
Boxoft WAV to MP3 Converter - convert Local Buffer Overflow
Boxoft WAV to MP3 Converter - convert Local Buffer Overflow Exploit Title: Boxoft wav to mp3 converter SEH bypass technique tested on Win7x64 Date: 8-31-2015 Software Link: http://www.boxoft.com/wav-to-mp3/ Exploit Author: Robbie Corley Contact: [email protected] Website: Target: Windows 7...
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection Exploit Title: Cyberoam : Blind SQL Injection Date: 31/Aug/2015 Exploit Author: Dharmendra Kumar Singh Contact: [email protected] Vendor Homepage: http://www.cyberoam.com Software Link: http://www.cyberoam.com/NGFW/ Version:...
Ganglia Web Frontend 3.5.1 - PHP Code Execution
Ganglia Web Frontend 3.5.1 - PHP Code Execution...
Sysax Multi Server 6.40 - SSH Component Denial of Service
Sysax Multi Server 6.40 - SSH Component Denial of Service ''' Exploit title: Sysax Multi Server 6.40 ssh component denial of service vulnerability Date: 29-8-2015 Vendor homepage: http://www.sysax.com Software Link: http://www.sysax.com/download/sysaxservsetup.msi Version: 6.40 Author: 3unnym00n...
PCMan FTP Server 2.0.7 - GET Remote Buffer Overflow
PCMan FTP Server 2.0.7 - GET Remote Buffer Overflow !/usr/bin/python Exploit Title: PCMan's FTP Server v2.0 - GET command buffer overflow remote shell Date: 28 Aug 2015 Exploit Author: Koby Vendor Homepage: http://pcman.openfoundry.org/ Software Link:...
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure Exploit Title: Samsung SyncThruWeb SMB Hash Disclosure Date: 8/28/15 Exploit Author: Shad Malloy Contact: http://twitter.com/SecureNM Website: https://securenetworkmanagement.com Vendor Homepage: http://www.samsung.com Software Link:...