ElasticSearch 1.4.5 1.5.2 - Directory Traversal

ElasticSearch 1.4.5 1.5.2 - Directory Traversal !/usr/bin/python Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 Pedro Andujar || twitter: pandujar || email: @segfault.es || @digitalsec.net Tested on default Linux .de...

Microsoft Windows - CNG.SYS Kernel Security Feature Bypass (MS15-052)

Microsoft Windows - CNG.SYS Kernel Security Feature Bypass MS15-052 // Source: http://www.binvul.com/viewthread.php?tid=508 // Source: https://twitter.com/NTarakanov/status/598370525132423168 include include include pragma commentlib, "ntdll.lib" int mainint argc, CHAR argv typedef NTSTATUS stdca...

ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery

ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery input type="hidden"...

QEMU - Floppy Disk Controller (FDC) (PoC)

QEMU - Floppy Disk Controller FDC PoC // Source: https://marc.info/?l=oss-security&m=143155206320935&w=2 include define FIFO 0x3f5 int main int i; iopl3; outb0x0a,0x3f5; / READ ID / for i=0;i10000000;i++ outb0x42,0x3f5; / push /...

Chronosite 5.12 - SQL Injection

Chronosite 5.12 - SQL Injection Exploit Title: Chronosite 5.12 SQL Injection Google Dork: filetype:php inurl:"/archives.php" intext:"ARCHIVES Chrono-site" Date: 13/05/15 Exploit Author: Wad Deek Vendor Homepage: http://www.chronosite.org/ Software Link:...

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full...

BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass)

BulletProof FTP Client 2010 - Local Buffer Overflow DEP Bypass ----------------------------------------------------------------------------- Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Date: Feb 15 2015 Exploit Author: Gabor Seljan Software Link: http://www.bpftp.com/ Version...

OYO File Manager 1.1 (iOS Android) - Multiple Vulnerabilities

OYO File Manager 1.1 iOS Android - Multiple Vulnerabilities Document Title: =============== OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-18...

OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)

OpenLitespeed 1.3.9 - Use-After-Free Denial of Service / Openlitespeed 1.3.9 Use After Free denial of service exploit. This exploit triggers a denial of service condition within the Openlitespeed web server. This is achieved by sending a tampered request contain a large number 91 of 'a: a' header...

Wireless Photo Transfer 3.0 iOS - Local File Inclusion

Wireless Photo Transfer 3.0 iOS - Local File Inclusion Document Title: =============== Wireless Photo Transfer v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1492 Release Date: ============= 2015-05-12 Vulnerability...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Microsoft Windows - Local Privilege Escalation MS15-051 Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

Burning Board 2.3.1 - SQL Injection

Burning Board 2.3.1 - SQL Injection Burning Board SQL Injection Vendor: Woltlab GmbH Product: Burning Board Version: = 2.3.1 Website: http://www.woltlab.de/ BID: 13643 CVE: CVE-2005-1642 OSVDB: 16575 SECUNIA: 15395 PACKETSTORM: 39262 Description: Burning Board is a popular, multi purpose forum /...

iFTP 2.21 - Buffer Overflow Crash (PoC)

iFTP 2.21 - Buffer Overflow Crash PoC !/usr/bin/python Exploit Title:iFTP 2.21 Buffer OverFlow Crash PoC Author: dogo h@ck Date Discovered : 12-5-2015 Vendor Homepage: http://www.memecode.com/iftp.php Software Link: http://www.memecode.com/data/iftp-win32-v2.21.exe Version: 2.21 Tested on : Windo...

PHPCollab 2.5 - deletetopics.php SQL Injection

PHPCollab 2.5 - deletetopics.php SQL Injection Exploit Title: PHPCollab 2.5 - SQL Injection Google Dork: filetype:php inurl:"/general/login.php?PHPSESSID=" Date: 13/05/2015 Exploit Author: Wad Deek Vendor Homepage: http://www.phpcollab.com/ Software Link:...

WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities

WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities Exploit Title: WordPress Booking Calendar Contact Form 1.0.2Multiple vulnerabilities Date: 2015-05-01 Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ Exploit Author: Joaquin Ramirez...

eFront 3.6.15 - Multiple SQL Injections

eFront 3.6.15 - Multiple SQL Injections eFront 3.6.15 Multiple SQL Injection Vulnerabilities + Author: Filippo Roncari | Luca De Fulgentis + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting !/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite:...

eFront 3.6.15 - Directory Traversal

eFront 3.6.15 - Directory Traversal eFront 3.6.15 Path Traversal Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting !/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod Developed by Mauricio Corrêa XLabs Information Security WebSite:...

SQLBuddy 1.3.3 - Directory Traversal

SQLBuddy 1.3.3 - Directory Traversal Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link: http://www.sqlbuddy.com Version: 1.3...

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 - PHP Object Injection eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)

Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery Add User Exploit Title: CSRF add arbitrary users Google Dork: Date: 2015-04-28 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.wftpserver.com/serverhistory.htm Software Link:...

Pluck CMS 4.7 - Directory Traversal

Pluck CMS 4.7 - Directory Traversal Exploit Title: Pluck 4.7 Directory Traversal Google Dork: filetype:php inurl:"/data/modules/albums/albumsgetimage.php?image=" Date: 08/05/15 Exploit Author: Wadeek Vendor Homepage: http://www.pluck-cms.org/?file=home Software Link:...

VideoCharge Express 3.16.3.04 - Local Buffer Overflow

VideoCharge Express 3.16.3.04 - Local Buffer Overflow !/usr/bin/python Exploit Title: VideoCharge Vanilla BOF Exploit v3.16.3.04 Date: 10/May/2015 Author: @evilcomrade IRC freenode: vulnhub or offsec or corelan email: kwiha2003 at yahoo dot com Version: v3.16.3.04 Tested on: Win XP3 Software...

VideoCharge Vanilla 3.16.4.06 - Local Buffer Overflow

VideoCharge Vanilla 3.16.4.06 - Local Buffer Overflow !/usr/bin/python Exploit Title: VideoCharge v3.16.4.06 Date: 10/May/2015 Author: @evilcomrade IRC freenode: vulnhub or offsec or corelan email: kwiha2003 at yahoo dot com Version: 3.16.4.06 Tested on: Win XP3 Software link:...

i.FTP 2.21 - Time Field (SEH)

i.FTP 2.21 - Time Field SEH !/usr/bin/python Exploit Title : i.FTP 2.21 Time Field SEH Exploit Exploit Author : Revin Hadi S Vulnerability PoC : Avinash Kumar Thapa "-Acid" PoC Link : https://www.exploit-db.com/exploits/36847/ Date : 05/08/2015 Vendor : http://www.memecode.com/iftp.php Software...

WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)

WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload 2 !/bin/bash Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Google Dork : inurl:"/uploads/contactfiles/" Exploit Author : Claudio Viviani Vulnerability discovered by : Claud...

VideoCharge Professional + Express Vanilla 3.18.4.04 - Local Buffer Overflow

VideoCharge Professional + Express Vanilla 3.18.4.04 - Local Buffer Overflow !/usr/bin/python Exploit Title: VideoCharge Vanilla BOF Exploit v3.18.4.04 Date: 10/May/2015 Author: @evilcomrade IRC freenode: vulnhub or offsec or corelan email: kwiha2003 at yahoo dot com Version: v3.18.4.04 Tested on...

ZTE F660 - Remote Configuration Download

ZTE F660 - Remote Configuration Download / Exploit Title : ZTE remote configuration download Date : 09 May 2015 Exploit Author : Daniel Cisa Vendor Homepage : http://wwwen.zte.com.cn/en/ Platform : Hardware Tested On : ZTE F660 Firmware Version: 2.22.21P1T8S -------------------------- Config remo...

WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion

WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion Exploit Title: website contact form with file upload 1.5 Exploit Local File Inclusion Google Dork: inurl:"/plugins//website-contact-form-with-file-upload/" Date: 07.05.2015 Exploit Author: T3N38R15 Software...

Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities

Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely...

WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery

WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery ================================================================ CSRF/Stored XSS Vulnerability in Ad Inserter Plugin ================================================================ . contents:: Table Of Content Overview ======== Tit...

WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery

WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespage...

Xeams 4.5 Build 5755 - Multiple Vulnerabilities

Xeams 4.5 Build 5755 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in Xeams 4.5 Build 5755 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...

MacKeeper - URL Handler Remote Code Execution

MacKeeper - URL Handler Remote Code Execution !/usr/bin/python """ SecureMac has released an advisory on a vulnerability discovered today with MacKeeper. The advisory titled MacKeeper URL handler remote code execution vulnerability and proof-of-concept Zero-Day contains the latest information...

SynaMan 3.4 Build 1436 - Multiple Vulnerabilities

SynaMan 3.4 Build 1436 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...

Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities

Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...

SynTail 1.5 Build 566 - Multiple Vulnerabilities

SynTail 1.5 Build 566 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...

WordPress Plugin Ultimate Profile Builder 2.3.3 - Cross-Site Request Forgery

WordPress Plugin Ultimate Profile Builder 2.3.3 - Cross-Site Request Forgery ================================================================ CSRF/Stored XSS Vulnerability in Ultimate profile Builder Plugin ================================================================ . contents:: Table Of...

WordPress Plugin ClickBank Ads 1.7 - Cross-Site Request Forgery

WordPress Plugin ClickBank Ads 1.7 - Cross-Site Request Forgery ================================================================ CSRF/Stored XSS Vulnerability in ClickBank Ads V 1.7 Plugin ================================================================ . contents:: Table Of Content Overview...

Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery

Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery =============================================================================== CSRF/Stored XSS Vulnerability in Manage Engine Asset Explorer ===============================================================================...

WordPress Plugin Freshmail 1.5.8 - SQL Injection

WordPress Plugin Freshmail 1.5.8 - SQL Injection Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wpdb-prefix.'fmforms...

IBM Websphere Portal - Persistent Cross-Site Scripting

IBM Websphere Portal - Persistent Cross-Site Scripting IBM WebSphere Portal Stored Cross-Site Scripting Vulnerability CVE-2014-0910 + Author: Filippo Roncari + Target: IBM WebSphere Portal + Version: 7.0, 6.1.5, 6.1.0 + Vendor: http://www.ibm.com + Accessibility: Remote + Severity: Medium + CVE:...

Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery

Dell SonicWALL Secure Remote Access SRA Appliance - Cross-Site Request Forgery Exploit Title: Dell SonicWALL Secure Remote Access SRA Appliance Cross-Site Request Forgery Date: 04/28/2015 Exploit Author: Veit Hailperin Vendor Homepage: www.dell.com Version: Dell SonicWALL SRA 7.5 prior to...

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link:...

Album Streamer 2.0 iOS - Directory Traversal

Album Streamer 2.0 iOS - Directory Traversal Document Title: =============== Album Streamer v2.0 iOS - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1481 Release Date: ============= 2015-05-07 Vulnerability Laboratory ...

vPhoto-Album 4.2 iOS - Local File Inclusion

vPhoto-Album 4.2 iOS - Local File Inclusion Document Title: =============== vPhoto-Album v4.2 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1477 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID...

elFinder 2 - Remote Command Execution (via File Creation)

elFinder 2 - Remote Command Execution via File Creation + Author: TUNISIAN CYBER + Title: elFinder 2 Remote Command Execution Via File Creation Vulnerability + Date: 06-05-2015 + Vendor: https://github.com/Studio-42/elFinder + Type: WebAPP + Tested on: KaliLinux Debian + Twitter: @TCYB3R + Time...

PDF Converter Editor 2.1 iOS - Local File Inclusion

PDF Converter Editor 2.1 iOS - Local File Inclusion Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability...

Mediacoder 0.8.34.5716 - .m3u Local Buffer Overflow (SEH)

Mediacoder 0.8.34.5716 - .m3u Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Mediacoder 0.8.34.5716 Buffer Overflow SEH Exploit .m3u Date: 05/May/2015 Author: @evilcomrade IRC freenode: vulnhub or offsec or corelan email: kwiha2003 at yahoo dot com Version: 0.8.34.5716 Tested on: Win X...