Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine)

Netsweeper 4.0.8 - Authentication Bypass via Disabling of IP Quarantine +-----------------------------------------------------------------------+ + Netsweeper 4.0.8 - Authentication Bypass Disabling of IP Quarantine + +-----------------------------------------------------------------------+...

Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)

Netsweeper 4.0.8 - Authentication Bypass via New Profile Creation +-----------------------------------------------------------------+ + Netsweeper 4.0.8 - Authentication Bypass New Profile Creation + +-----------------------------------------------------------------+ Affected Product: Netsweeper...

Netsweeper 4.0.8 - SQL Injection Authentication Bypass

Netsweeper 4.0.8 - SQL Injection Authentication Bypass +----------------------------------------------------------------+ + Netsweeper 4.0.8 - SQL Injection Authentication Bypass Admin + +----------------------------------------------------------------+ Affected Product: Netsweeper Vendor Homepag...

Netsweeper 4.0.8 - Arbitrary File Upload Execution

Netsweeper 4.0.8 - Arbitrary File Upload Execution +--------------------------------------------------------+ + Netsweeper 4.0.8 - Arbitrary File Upload and Execution + +--------------------------------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com...

Netsweeper 3.0.6 - Authentication Bypass

Netsweeper 3.0.6 - Authentication Bypass +------------------------------------------------------------------------+ + Netsweeper 3.0.6 - Authentication Bypass Account and Policy Creation + +------------------------------------------------------------------------+ Affected Product: Netsweeper Vend...

Netsweeper 4.0.4 - SQL Injection

Netsweeper 4.0.4 - SQL Injection +----------------------------------+ + Netsweeper 4.0.4 - SQL Injection + +----------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com Version : 4.0.4 and probably other versions Discovered by : Anastasios Monachos secuid0...

Netsweeper 2.6.29.8 - SQL Injection

Netsweeper 2.6.29.8 - SQL Injection +-------------------------------------+ + Netsweeper 2.6.29.8 - SQL Injection + +-------------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com Version : 2.6.29.8 and probably other versions Discovered by : Anastasios...

Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities

Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary ================ Aruba...

Vifi Radio 1.0 - Cross-Site Request Forgery

Vifi Radio 1.0 - Cross-Site Request Forgery . | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / http://h4x0resec.blogspot.com / \ | \ \ / // / \ / / / / Vifi Radio v1 - CSRF Arbitrary Change Password Exploit My + Discovered by: KnocKout Contact :...

Pligg CMS 2.0.2 - Arbitrary Code Execution

Pligg CMS 2.0.2 - Arbitrary Code Execution Hacked '; Code You Can Customize Exploit For Your Self . Exploit : -- phpec...

Valhala Honeypot 1.8 - Stack Buffer Overflow

Valhala Honeypot 1.8 - Stack Buffer Overflow """ Exploit Title: Valhala Honeypot Stack based BOFRemote DOS Date: 8/20/2015 Exploit Author: UnN0n Software Developer: Marcos Flavio Araujo Assuncao Software Link: http://sourceforge.net/projects/valhalahoneypot/ Version: 1.8 Tested on: Windows 7 x863...

Multiple ChiefPDF Software 2.0 - Local Buffer Overflow

Multiple ChiefPDF Software 2.0 - Local Buffer Overflow !/usr/bin/python Exploit Title:ChiefPDF Software Buffer Overflow vulnerable programs: PDF to Image Converter 2.0 PDF to Image Converter Free 2.0 PDF to Tiff Converter 2.0 PDF to Tiff Converter Free 2.0 Software...

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for...

Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory

Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory Source: https://code.google.com/p/google-security-research/issues/detail?id=326&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for:...

up.time 7.5.0 - Cross-Site Scripting Cross-Site Request Forgery (Add Admin)

up.time 7.5.0 - Cross-Site Scripting Cross-Site Request Forgery Add Admin up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software...

Adobe Flash - Type Confusion in TextRenderer.setAdvancedAntialiasingTable

Adobe Flash - Type Confusion in TextRenderer.setAdvancedAntialiasingTable Source: https://code.google.com/p/google-security-research/issues/detail?id=409&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a type confusion issue in...

Adobe Flash AS2 - MovieClip.scrollRect Use-After-Free

Adobe Flash AS2 - MovieClip.scrollRect Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=359&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=482521 ---...

Adobe Flash AS2 - Color.setRGB Use-After-Free

Adobe Flash AS2 - Color.setRGB Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=367&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for Chromium VRP bug https://code.google.com/p/chromium/issues/detail?id=484610...

Adobe Flash - Pointer Crash in Button Handling

Adobe Flash - Pointer Crash in Button Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=399&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample, signalsigsegv7ffff60a14299554f4dc661554237404dfe394d4c6c3e674.swf, crashes in...

Adobe Flash - scale9Grid Use-After-Free

Adobe Flash - scale9Grid Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=380&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a use-after-free issue if the scale9Grid setting is called on an object with a member that then...

Adobe Flash - .SWF Out-of-Bounds Memory Read (1)

Adobe Flash - .SWF Out-of-Bounds Memory Read 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=361&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The following access violation was observed in the Adobe Flash Player plugin: 150c.ca0: Access...

Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File

Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Source: https://code.google.com/p/google-security-research/issues/detail?id=426&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id To reproduce, host the attached files appropriately, and:...

Adobe Flash - createTextField Use-After-Free

Adobe Flash - createTextField Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=408&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a use-after-free in CreateTextField. If a flash file contains a MovieClip heirarcy, such as:...

Adobe Flash - swapDepths Use-After-Free

Adobe Flash - swapDepths Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=403&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a use-after-free in MovieClip.swapDepths, a POC is as follows: var clip1 =...

Adobe Flash - Setting Use-After-Free

Adobe Flash - Setting Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=355&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id In certain cases where a native AS2 class sets an internal variable, it can lead to a use-after-free if the...

Adobe Flash - Bad Write in XML When Callback Modifies XML Tree During Property Delete

Adobe Flash - Bad Write in XML When Callback Modifies XML Tree During Property Delete Source: https://code.google.com/p/google-security-research/issues/detail?id=404&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Source file and compiled PoC attached. Looking at...

Adobe Flash - URL Resource Use-After-Free

Adobe Flash - URL Resource Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=410&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The following crash was observed in Flash Player 17.0.0.188 on Windows: 81c.854: Access violation - code...

Adobe Flash - NetConnection.connect Use-After-Free

Adobe Flash - NetConnection.connect Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=352&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs...

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect Source: https://code.google.com/p/google-security-research/issues/detail?id=416&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id This issue is a variant of issue 192 , which the fix did not...

Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving

Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape 1. Windows 8....

Flash Broker-Based - Sandbox Escape via Unexpected Directory Lock

Flash Broker-Based - Sandbox Escape via Unexpected Directory Lock Source: https://code.google.com/p/google-security-research/issues/detail?id=279&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - Junction Check Bypass With Locked Directory IE PM Sandbox Escape 1...

Adobe Flash - Pointer Crash in Drawing and Bitmap Handling

Adobe Flash - Pointer Crash in Drawing and Bitmap Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=396&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id A nasty looking crash is manifesting in various different ways under fuzzing, apparentl...

Adobe Flash - XML.childNodes Use-After-Free

Adobe Flash - XML.childNodes Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=365&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in...

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free (1)

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=358&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=45768...

Adobe Flash - Heap Use-After-Free in SurfaceFilterList::C​reateFromScriptAtom

Adobe Flash - Heap Use-After-Free in SurfaceFilterList::C​reateFromScriptAtom Source: https://code.google.com/p/google-security-research/issues/detail?id=484&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for:...

Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash

Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash Source: https://code.google.com/p/google-security-research/issues/detail?id=278&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - Junction Check Bypass With Forward Slash IE PM Sandbox...

Adobe Flash - Shared Object Type Confusion

Adobe Flash - Shared Object Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=434&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The Shared Object constructor does not check that the object it is provided is of type Object before...

Adobe Flash - Display List Handling Use-After-Free

Adobe Flash - Display List Handling Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=349&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Credit is to KEEN Team. 3 different PoC's in the attached zip. Proof of Concept:...

Adobe Flash - Pointer Crash After Continuing Slow Script

Adobe Flash - Pointer Crash After Continuing Slow Script Source: https://code.google.com/p/google-security-research/issues/detail?id=397&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Running the attached swf file in Google Chrome Linux x64 will eventually result in dialog...

Adobe Flash - FileReference Class Type Confusion

Adobe Flash - FileReference Class Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=422&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a type confusion issue in the TextFormat constructor that is reachable because the...

Adobe Flash - attachMovie Use-After-Free

Adobe Flash - attachMovie Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=391&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a use-after-free in attachMovie due to the initObject. If the initObject contains an object that...

Adobe Flash AS2 - textfield.filters Use-After-Free (1)

Adobe Flash AS2 - textfield.filters Use-After-Free 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=330&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=476926 Credit is to bilou,...

Adobe Flash - AVSS.setSubscribedTags Use-After-Free Memory Corruption

Adobe Flash - AVSS.setSubscribedTags Use-After-Free Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=303&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=470864...

up.time 7.5.0 - Arbitrary File Disclose and Delete

up.time 7.5.0 - Arbitrary File Disclose and Delete up.time 7.5.0 Arbitrary File Disclose And Delete Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: Input...

Adobe Flash - Pointer Crash in XML Handling

Adobe Flash - Pointer Crash in XML Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=400&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample file, signalsigsegv7ffff637297a8900e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes,...

Adobe Flash - .SWF Out-of-Bounds Memory Read (2)

Adobe Flash - .SWF Out-of-Bounds Memory Read 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=362&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The following access violation was observed in the Adobe Flash Player plugin: 1dec.1af0: Access...

Adobe Flash AS2 - textfield.filters Use-After-Free (2)

Adobe Flash AS2 - textfield.filters Use-After-Free 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=342&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for https://code.google.com/p/chromium/issues/detail?id=480496 Credit is to bilou,...

up.time 7.5.0 - Superadmin Privilege Escalation

up.time 7.5.0 - Superadmin Privilege Escalation ...

Flash - Uninitialized Stack Variable MPD Parsing Memory Corruption

Flash - Uninitialized Stack Variable MPD Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=316&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=472201 Credit...