Invision Power Board (IP.Board) 2.0.3 - Multiple Vulnerabilities

Invision Power Board IP.Board 2.0.3 - Multiple Vulnerabilities IP.Board Multiple Vulnerabilities Vendor: Invision Power Services Product: IP.Board Version: = 2.0.3 Website: http://www.invisionboard.com/ BID: 13529 13534 CVE: CVE-2005-1597 CVE-2005-1598 OSVDB: 16297 16298 SECUNIA: 15265 PACKETSTOR...

RM Downloader 2.7.5.400 - Local Buffer Overflow (Metasploit)

RM Downloader 2.7.5.400 - Local Buffer Overflow Metasploit + Author: TUNISIAN CYBER + Exploit Title: RM Downloader v2.7.5.400 Local Buffer Overflow MSF + Date: 25-03-2015 + Type: Local Exploits + Tested on: WinXp/Windows 7 Pro + Vendor:...

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting Cross-Site Request Forgery Arbitrary File Upload Vulnerabilities

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting Cross-Site Request Forgery Arbitrary File Upload Vulnerabilities Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct"...

Apache Xerces-C XML Parser 3.1.2 - Denial of Service (PoC)

Apache Xerces-C XML Parser 3.1.2 - Denial of Service PoC Exploit Title: Apache Xerces-C XML Parser file.xml $ DOMPrint ./file.xml Ubuntu 15.04 libxerces-c3.1 package Segmentation fault $ ./DOMPrint ./file.xml ASAN Enabled build =================================================================...

PhotoWebsite 3.1 iOS - Local File Inclusion

PhotoWebsite 3.1 iOS - Local File Inclusion Document Title: =============== PhotoWebsite v3.1 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1474 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID...

Grindr 2.1.1 iOS - Denial of Service

Grindr 2.1.1 iOS - Denial of Service Document Title: =============== Grindr 2.1.1 iOS Bug Bounty 2 - Denial of Service Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability...

TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow (PoC)

TestDisk 6.14 - CheckOS2MB Stack Buffer Overflow PoC , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. TestDisk 6.14 CheckOS2MB Stack Buffer Overflow Affected versions: TestDisk 6.14 - Linux, Windows...

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor...

Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation

Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation Title Ninja privilege escalation detection and prevention system race condition Author Ben 'highjack' Sheppard URL http://highjack.github.io/ Description There is a small delay between the time ...

Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption

Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: The vulnerabilities are reported in Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306,...

OS Solution OSProperty 2.8.0 - SQL Injection

OS Solution OSProperty 2.8.0 - SQL Injection OS Solution OSProperty 2.8.0 was vulnerable to an unauthenticated SQL injection in the countryid parameter of the request made to retrieve a list of states for a given country. The version was not bumped when the vulnerability was fixed, but if you...

Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities

Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities Document Title: =============== Wing FTP Server Admin 4.4.5 - CSRF & Cross Site Scripting Vulnerabilities Release Date: ============= 2015-04-28 apparitionsec ID AS-ID: ==================================== AS-WFTP0328 Common Vulnerability...

i.FTP 2.21 - Overflow Crash (SEH) (PoC)

i.FTP 2.21 - Overflow Crash SEH PoC iFTP 2.21 SEH overwritten Crash PoC Author: Avinash Kumar Thapa "-Acid" Date of Testing : 28th April'2015 Vendor's home page: http://www.memecode.com/iftp.php Software's Url: http://www.memecode.com/data/iftp-win32-v2.21.exe Crash Point: Go to Schedule Schedule...

Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)

Wireshark 1.12.4 - Memory Corruption and Access Violation PoC !/usr/bin/python EXPLOIT TITLE: WIRESHARK IP Statistics then any of the field you can use. Statistics Packet Length Paste the buffer in the field Statistics ANCP Statistics Collectd Statistics Compared Statistis buffer = "A"80000 file ...

UniPDF 1.2 - xml Buffer Overflow Crash (PoC)

UniPDF 1.2 - xml Buffer Overflow Crash PoC Exploit Title: UniPDF v1.2 BufferOverflow, SEH overwrite DoS PoC Author : Avinash Kumar Thapa "-Acid" Date of Testing : 25th April 2015 Tested On : Windows XP- Service Pack 3 && Windows 7 Home Basic Vendor Homepage: http://unipdf.com/ Software Link:...

WordPress 4.2 - Persistent Cross-Site Scripting

WordPress 4.2 - Persistent Cross-Site Scripting Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If...

Apple iTunes 10.6.1.7 - .pls Title Buffer Overflow

Apple iTunes 10.6.1.7 - .pls Title Buffer Overflow Exploit Title: Apple Itunes PLS title buffer overflow Date: April 26 ,2015 Day of disclosing this exploit code Exploit Author: Fady Mohamed Osman @fadyosman Vendor Homepage: http://www.apple.com Software Link:...

Legend Perl IRC Bot - Remote Code Execution

Legend Perl IRC Bot - Remote Code Execution legendrce.py Legend Perl IRC Bot Remote Code Execution PoC author: Jay Turla @shipcod3 description: This is a RCE PoC for Legend Bot which has been used in the Shellshock spam October 2014. reference:...

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE :...

MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series

MiniUPnPd 1.0 MIPS - Remote Stack Overflow Remote Code Execution for AirTies RT Series !/usr/bin/env python Exploit Title: MiniUPnPd 1.0 Stack Overflow RCE for AirTies RT Series Date: 26.04.2015 Exploit Author: Onur ALANBEL BGA Vendor Homepage: http://miniupnp.free.fr/ Version: 1.0 Architecture:...

Free MP3 CD Ripper 2.6 2.8 (Windows 7) - .wav File Buffer Overflow (SEH) (DEP Bypass)

Free MP3 CD Ripper 2.6 2.8 Windows 7 - .wav File Buffer Overflow SEH DEP Bypass !/usr/bin/python original p0c https://www.exploit-db.com/exploits/36465/ credit to TUNISIAN CYBER modified SEH Exploit https://www.exploit-db.com/exploits/36826/ credit to ThreatActor at CoreRed.com Software Link:...

ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor Web Server Denial of Service

ZYXEL P-660HN-T1HIPv6 - Remote Configuration Editor Web Server Denial of Service | | | ' | | | | | \r\n" ." | | | | | | | | | | | | | \r\n" ." / || || ||/|| || \r\n" ." \r\n" ." \r\n"; print $banner; function Post$packet,$host try $curl = curlinit; curlsetopt$curl, CURLOPTURL, $host;...

Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)

Quick Search 1.1.0.189 - search textbox Buffer Overflow SEH Unicode Egghunter !/usr/bin/perl = Exploit Title: Quick Search 1.1.0.189 'search textbox' Unicode SEH egghunter Buffer Overflow Date: 2015-04-23 Exploit Author: Tomislav Paskalev Vulnerable Software: Quick Search v1.1.0.189 Vendor...

WebUI 1.5b6 - Remote Code Execution

WebUI 1.5b6 - Remote Code Execution + Author: TUNISIAN CYBER + Title: WebUI Remote Code Execution Vulnerability + Date: 21-04-2015 + Vendor: https://github.com/baram01/webui/ + Type: WebAPP + Tested on: KaliLinux Debian + Twitter: @TCYB3R + Proof of concept: http://i.imgur.com/co9Qx0n.png...

WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)

WordPress Plugin Ultimate Product Catalogue - SQL Injection 2 Exploit Title: Unauthenticated SQLi on Ultimate Product Catalogue wordpress plugin Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/"...

Free MP3 CD Ripper 2.6 2.8 - .wav File Buffer Overflow (SEH)

Free MP3 CD Ripper 2.6 2.8 - .wav File Buffer Overflow SEH !/usr/bin/env perl original p0c https://www.exploit-db.com/exploits/36465/ credit to TUNISIAN CYBER however he was attemping to vanilla buffer overflow in fact it is SEH based exploit using the address 0x7C9D30D7 is limit the targets whic...

usb-creator 0.2.x (Ubuntu 12.0414.0414.10) - Local Privilege Escalation

usb-creator 0.2.x Ubuntu 12.0414.0414.10 - Local Privilege Escalation Source: http://www.openwall.com/lists/oss-security/2015/04/22/12 Bug report: https://bugs.launchpad.net/ubuntu/vivid/+source/usb-creator/+bug/1447396 Ubuntu Precise 12.04LTS test.c void attributeconstructor init void...

WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)

WordPress Plugin Ultimate Product Catalogue - SQL Injection 1 Exploit Title: Unauthenticated SQLi in ItemID POST parameter on Ultimate Product Catalogue wordpress plugin Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category",...

MooPlayer 1.3.0 - m3u Local Buffer Overflow (SEH) (2)

MooPlayer 1.3.0 - m3u Local Buffer Overflow SEH 2 !/usr/bin/perl = Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow Date: 09-02-2015 Exploit Author: Tomislav Paskalev Vulnerable Software: MooPlayer v1.3.0 Vendor Homepage: https://mooplayer.jaleco.com/ Software Link:...

Open-Letters - Remote PHP Code Injection

Open-Letters - Remote PHP Code Injection / errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author: TUNISIAN CYBER\n"...

Wolf CMS 0.8.2 - Arbitrary File Upload

Wolf CMS 0.8.2 - Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS...

WordPress Plugin NEX-Forms 3.0 - SQL Injection

WordPress Plugin NEX-Forms 3.0 - SQL Injection Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...

WordPress Plugin Tune Library 1.5.4 - SQL Injection

WordPress Plugin Tune Library 1.5.4 - SQL Injection ======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 and probably below fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Sco...

WordPress Plugin Community Events 1.3.5 - SQL Injection

WordPress Plugin Community Events 1.3.5 - SQL Injection ======================================================================= title: SQL Injection product: WordPress Community Events Plugin vulnerable version: 1.3.5 and probably below fixed version: 1.4 CVE number: CVE-2015-3313 impact: CVSS Ba...

Photo Manager Pro 4.4.0 iOS - Code Execution

Photo Manager Pro 4.4.0 iOS - Code Execution Document Title: =============== Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1444 Release Date: ============= 2015-03-10 Vulnerability Laboratory I...

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection

GoAutoDial CE 3.3-1406088000 - Authentication Bypass Arbitrary File Upload Command Injection Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory:...

ProFTPd 1.3.5 - mod_copy Remote Command Execution

ProFTPd 1.3.5 - modcopy Remote Command Execution Title: ProFTPd 1.3.5 Remote Command Execution Date : 20/04/2015 Author: R-73eN Software: ProFTPd 1.3.5 with modcopy Tested : Kali Linux 1.06 CVE : 2015-3306 Greetz to Vadim Melihow for all the hard work . import socket import sys import requests...

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version:...

Wifi Drive Pro 1.2 iOS - Local File Inclusion

Wifi Drive Pro 1.2 iOS - Local File Inclusion Document Title: =============== Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1447 Release Date: ============= 2015-03-13 Vulnerability Laboratory ID...

Apple Mac OSX - Local Denial of Service

Apple Mac OSX - Local Denial of Service / 2015, Maxime Villard, CVE-2015-1100 Local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. $ gcc -o Mac-OS-XFat-DoS Mac-OS-XFat-DoS.c $ ./Mac-OS-XFat-DoS BINARY-NAME Obtained from: http://m00nbsd.net/garbage/Mac-OS-XFat-DoS.c...

SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities

SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities Document Title: =============== SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1314 Release Date: ============= 2015-03-23 Vulnerability Laboratory I...

Mobile Drive HD 1.8 - Local File Inclusion

Mobile Drive HD 1.8 - Local File Inclusion Document Title: =============== Mobile Drive HD v1.8 - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1446 Release Date: ============= 2015-03-11 Vulnerability Laboratory ID VL-ID...

OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)

OpenBSD 5.6 - Multiple Local Kernel Panics Denial of Service / Exploit Title: OpenBSD include include include include include include ifndef OpenBSD error "Not OpenBSD !!!1111"; else include endif ifndef i386 error "Not i386 !!!1111"; endif char bigb00bz = "...

MediaSuite CMS - Artibary File Disclosure

MediaSuite CMS - Artibary File Disclosure . | | / | | \ \ | | \ / | |\ / / /\ \ / \ | / ^ / / || / / / / /\ /\ \ \ \ | / \ / http://twitter.com/h4SEC / \ | \ \ Proof Video: https://www.youtube.com/watch?v=7yxbfD1YK8Y / // / \ / My + Author : KnocKout E-Mail : [email protected]...

WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)

WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download 2 Exploit Title : WordPress MiwoFTP Plugin 1.0.5 = Arbitrary File Download Exploit Author : Dadou Dz Software Link : Premium Dork Google: inurl:commiwoftp Affected version: 1.0.5 Vendor Homepage:...

Photo Manager Pro 4.4.0 iOS - Local File Inclusion

Photo Manager Pro 4.4.0 iOS - Local File Inclusion Document Title: =============== Photo Manager Pro v4.4.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1445 Release Date: ============= 2015-03-12 Vulnerability...

ADB - Backup Archive File Overwrite Directory Traversal

ADB - Backup Archive File Overwrite Directory Traversal ADB backup archive path traversal file overwrite ------------------------------------------------ Using adb one can create a backup of his/her Android device and store it on the PC. The backup archive is based on the tar file format. By...

AZBB 1.0.07d - Multiple Vulnerabilities

AZBB 1.0.07d - Multiple Vulnerabilities AZBB Multiple Vulnerabilities Vendor: AZBB Product: AZBB Version: = 1.0.07d Website: http://azbb.cyaccess.com/ BID: 13272 13278 CVE: CVE-2005-1200 CVE-2005-1201 OSVDB: 15700 15701 15702 15703 SECUNIA: 15013 PACKETSTORM: 37792 Description: azbb is a forum th...

Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation

Apport 2.14.1 Ubuntu 14.04.2 - Local Privilege Escalation !/bin/sh CVE-2015-1318 Reference: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1438758 Example: % uname -a Linux maggie 3.13.0-48-generic 80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x8664 x8664 x8664 GNU/Linux % lsbrelease -a No LS...

Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash (PoC)

Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC Exploit Title: Buffer Overflow in Oracle� Hyperion Smart View for Office DOS Exploit Author: sajith Vendor Homepage: http://oracle.com vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157 Vulnerable Link:...