41207 matches found
Microsoft-Office-Word-2007-RTF
Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass Date : 28/02/2015 Author : R-73eN Software : Microsoft Office Word 2007 Tested : Windows 7 Starter import sys Windows Message Box / all versions shellcode =...
PublishIt-3.6d-Buffer-Overflow
Title: Publish-It 3.6d - Buffer Overflow SEH Exploit Date: 2/16/15 Vulnerability: Discovery and PoC by Core Security http://www.exploit-db.com/exploits/31461/ Exploit Author: jakx Andrew Smith of Sword Shield Enterprise Security Vendor Homepage: http://www.postersw.com/...
Exim - GHOST glibc gethostbyname Buffer Overflow (Metasploit)
Exim - GHOST glibc gethostbyname Buffer Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Exim GHOST glibc gethostbyname Buffer Overflow', 'Description' = %q This...
Fortinet Single Sign On - Stack Overflow
Fortinet Single Sign On - Stack Overflow 1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors...
Websense Appliance Manager - Command Injection
Websense Appliance Manager - Command Injection Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remo...
Moodle 2.5.92.6.82.7.52.8.3 - Block Title Handler Cross-Site Scripting
Moodle 2.5.92.6.82.7.52.8.3 - Block Title Handler Cross-Site Scripting Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform...
Spybot Search Destroy 1.6.2 Security Center Service - Local Privilege Escalation
Spybot Search Destroy 1.6.2 Security Center Service - Local Privilege Escalation Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy...
Metasploit Project 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)
Metasploit Project 4.11.1 - Initial User Creation Cross-Site Request Forgery Metasploit Exploit Title: Metasploit Project initial User Creation CSRF Google Dork: N/A Date: 14-2-2015 Exploit Author: Mohamed Abdelbaset Elnoby @SymbianSyMoh Vendor Homepage: http://www.metasploit.com/ Software Link:...
Smart PHP Poll - Authentication Bypass
Smart PHP Poll - Authentication Bypass Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright � Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : [email protected] Download Script...
Joomla! Component com_simplephotogallery 1.0 - SQL Injection
Joomla! Component comsimplephotogallery 1.0 - SQL Injection ====================================================================================== Title : Joomla Simple Photo Gallery - SQL injection Author : Mr.Moneer Dork Google 1: inurl:/comsimplephotogallery site:com Dork Google 2:...
WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities
WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the...
WordPress Plugin SEO by Yoast 1.7.3.3 - Blind SQL Injection
WordPress Plugin SEO by Yoast 1.7.3.3 - Blind SQL Injection Title: WordPress SEO by Yoast = 1.7.3.3 - Blind SQL Injection Version/s Tested: 1.7.3.3 Patched Version: 1.7.4 CVSSv2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Temporal Score: 7...
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation Foxit Reader 7.0.6.1126 Unquoted Service Path Elevation Of Privilege Vendor: Foxit Software Incorporated Product web page: http://www.foxitsoftware.com Affected version: 7.0.6.1126 and 6.1 Summary: Foxit Reader is a small,...
Brasero CDDVD Burner 3.4.1 - .m3u Buffer Overflow Crash (PoC)
Brasero CDDVD Burner 3.4.1 - .m3u Buffer Overflow Crash PoC !/usr/bin/python Exploit title: Brasero 3.4.1 'm3u' Buffer Overflow POC Date Discovered: 15th March' 2015 Exploit Author: Avinash Kumar Thapa "-Acid" Vulnerable Software: Brasero 3.4.1 CD/DVD for the Gnome Desktop...
Intel Network Adapter Diagnostic Driver - IOCTL Handling
Intel Network Adapter Diagnostic Driver - IOCTL Handling / Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.com Affected products: Network Adapter Driver for Windows XP Network Adapter Driver for Windows 7 Network Adapter Driver...
WoltLab Community Gallery - Persistent Cross-Site Scripting
WoltLab Community Gallery - Persistent Cross-Site Scripting Vulnerability title: Community Gallery - Stored Cross-Site Scripting vulnerability Product: Community Gallery Vendor: https://www.woltlab.com Affected version: Community Gallery 2.0 before 12/10/2014 Download link:...
ArcSight Logger - Arbitrary File Upload Code Execution
ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...
Ubuntu 15.04 (Development) - Upstart Logrotation Privilege Escalation
Ubuntu 15.04 Development - Upstart Logrotation Privilege Escalation Source: http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/ Introduction Problem description: Ubuntu Vivid 1504 development branch installs an insecure upstart logrotation script which will read...
Citrix Netscaler NS10.5 - WAF Bypass (Via HTTP Header Pollution)
Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document...
Codiad 2.5.3 - Local File Inclusion
Codiad 2.5.3 - Local File Inclusion +Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP...
CS-Cart 4.2.4 - Cross-Site Request Forgery
CS-Cart 4.2.4 - Cross-Site Request Forgery Exploit Title: CS-Cart 4.2.4 CSRF Google Dork: intext:"© 2004-2015 Simtech" Date: March 11, 2015 Exploit Author: Luis Santana Vendor Homepage: http://cs-cart.com Software Link:...
Microsoft Windows - Text Services Memory Corruption (MS15-020)
Microsoft Windows - Text Services Memory Corruption MS15-020 Application: Microsoft Windows Text Services memory corruption. Platforms: Windows Versions: list. Microsoft: MS15-020 Secunia: SA63220 PRL: 2015-03 Author: Francis Provencher Protek Research Lab’s Website:...
Foxit Products GIF Conversion - LZWMinimumCodeSize Memory Corruption
Foxit Products GIF Conversion - LZWMinimumCodeSize Memory Corruption Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities LZWMinimumCodeSize Platforms: Windows Versions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected. Secuni...
Foxit Products GIF Conversion - DataSubBlock Memory Corruption
Foxit Products GIF Conversion - DataSubBlock Memory Corruption Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities DataSubBlock Platforms: Windows Versions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected. Secunia: SA63346...
CodoForum 2.5.1 - Arbitrary File Download
CodoForum 2.5.1 - Arbitrary File Download Exploit Title: Codoforum 2.5.1 Arbitrary File Download Date: 23-11-2014 Software Link: https://codoforum.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9261 1...
Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload
Joomla! Component comsimplephotogallery 1.0 - Arbitrary File Upload Exploit Title: Joomla Simple Photo Gallery - Arbitrary File Upload Google Dork: inurl:comsimplephotogallery Date: 10.03.2015 Exploit Author: CrashBandicot @DosPerl My Github: github.com/CCrashBandicot Vendor Homepage:...
GeniXCMS 0.0.1 - Multiple Vulnerabilities
GeniXCMS 0.0.1 - Multiple Vulnerabilities GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight...
Rowhammer - NaCl Sandbox Escape
Rowhammer - NaCl Sandbox Escape Sources: http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284 Full PoC:...
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Linux Kernel x86-64 - Rowhammer Privilege Escalation Sources: http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=283 Full PoC:...
Sagem F@st 3304-V2 - Telnet Crash (PoC)
Sagem F@st 3304-V2 - Telnet Crash PoC Title : Sagem F@st 3304-V2 Telnet Crash POC Vendor : http://www.sagemcom.com Severity : High Tested Router : Sagem F@st 3304-V2 3304-V1, other versions may also be affected Date : 2015-03-08 Author : Loudiyi Mohamed Contact : [email protected] Blog :...
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload Google Dork: inurl:wp-content/plugins/reflex-gallery/ Date: 08.03.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage:...
Elastix 2.x - Blind SQL Injection
Elastix 2.x - Blind SQL Injection Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in...
PHP Betoffice (Betster) 1.0.4 - Authentication Bypass SQL Injection
PHP Betoffice Betster 1.0.4 - Authentication Bypass SQL Injection ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX /...
ProjectSend r561 - SQL Injection
ProjectSend r561 - SQL Injection Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi...
Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC)
Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-3631poc.c The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel...
WordPress Theme DesignFolio Plus 1.2 - Arbitrary File Upload
WordPress Theme DesignFolio Plus 1.2 - Arbitrary File Upload Exploit Title: Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability Google dork: inurl:wp-content/themes/DesignFolio-Plus Author: CrashBandicot Date: 04.03.2015 Vendor HomePage: https://github.com/UpThemes/DesignFolio-Plus...
SolarWinds Orion Service - SQL Injection
SolarWinds Orion Service - SQL Injection I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the...
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
Linux Kernel 3.17.5 - IRET Instruction SS Fault Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-9322poc.c arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with...
BEdita CMS 3.5.0 - Multiple Vulnerabilities
BEdita CMS 3.5.0 - Multiple Vulnerabilities BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0 ---------------------------------------------------------------- Product Information: Software: BEdita CMS Tested Version: 3.5.0, released 19.1.2015 Vulnerability Type: Cross-Site Scripting CWE-79 &...
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-4943poc.c The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain...
WordPress Theme Photocrati 4.x - SQL Injection Cross-Site Scripting
WordPress Theme Photocrati 4.x - SQL Injection Cross-Site Scripting Exploit Title: wordpress theme photocrati 4.X.X SQL INJECTION Google Dork: Designed by Photocrati also powered by Photocrati Date: 23 / 09 / 2011 Exploit Author: ayastar Email : [email protected] Software Link:...
WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection
WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection Exploit Title: WordPress: cp-multi-view-calendar.1.1.4 SQL Injection vulnerabilities Date: 2015-02-28 Google Dork: Index of /wordpress/wp-content/plugins/cp-multi-view-calendar Exploit Author: Joaquin Ramirez Martinez i0akiN...
Sagem F@st 3304-V2 - Local File Inclusion
Sagem F@st 3304-V2 - Local File Inclusion Title : Sagem F@st 3304-V2 Directory Traversal Vulnerability Vendor : http://www.sagemcom.com Severity : High Tested Router : Sagem F@st 3304-V2 3304, other versions may also be affected Date : 2015-03-01 Author : Loudiyi Mohamed Contact :...
PHPMoAdmin - Unauthorized Remote Code Execution
PHPMoAdmin - Unauthorized Remote Code Execution | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| PHPMoAdmin Unauthorized Remote Code Execution 0-Day Website : http://www.phpmoadmin.com/ Exploit Author : @u0x Pichaya Morimoto, Xelenonz, pe3z,...
WordPress Plugin Calculated Fields Form 1.0.10 - SQL Injection
WordPress Plugin Calculated Fields Form 1.0.10 - SQL Injection + Calculated Fields Form Wordpress Plugin = 1.0.10 - Remote SQL Injection Vulnerability + Author: Ibrahim Raafat + Twitter: https://twitter.com/RaafatSEC + Plugin: https://wordpress.org/plugins/calculated-fields-form/ + TimeLine - Feb...
vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection
vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection + Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage:...
Seagate Business NAS 2014.00319 - Remote Code Execution
Seagate Business NAS 2014.00319 - Remote Code Execution !/usr/bin/env python Seagape ======= Seagate Business NAS pre-authentication remote code execution exploit as root user. by OJ Reeves @TheColonial - for full details please see https://beyondbinary.io/advisory/seagate-nas-rce/ Usage =====...
GoAutoDial CE 2.0 - Arbitrary File Upload
GoAutoDial CE 2.0 - Arbitrary File Upload Title : GoAutoDial CE 2.0 Shell Upload Date : 28/02/2015 Author : R-73eN Software : GoAutoDial CE 2.0 Tested : On Linux vicisrv.loc 2.6.18-238.9.1.el5.goPAE 1 GoAutoDial CE 2.0 import socket import sys banner = "\n\n" banner +=" \n" banner +=" | | / | / |...
Microsoft Word 2007 - RTF Object Confusion (ASLR + DEP Bypass)
Microsoft Word 2007 - RTF Object Confusion ASLR + DEP Bypass Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass Date : 28/02/2015 Author : R-73eN Software : Microsoft Office Word 2007 Tested : Windows 7 Starter import sys Windows Message Box / all versions . Thanks to...
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution Metasploit Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly...