41207 matches found
Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation
Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation Vendor: Ubisoft Entertainment S.A. Product web page: http://www.ubi.com Affected version: 5.0.0.3914 PC Summary: Uplay is a digital distribution, digital...
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385...
SQLite3 3.8.6 - Controlled Memory Corruption (PoC)
SQLite3 3.8.6 - Controlled Memory Corruption PoC Exploit Title: SQLite3 controlled memory corruption PoC 0day Date: date Exploit Author: Andras Kabai Vendor Homepage: http://www.sqlite.org/ Software Link: http://www.sqlite.org/download.html Version: 3.8.6, 3.8.8.3 Tested on: Ubuntu 14.10, 64 bit...
VFU 4.10-1.1 - Move Entry Buffer Overflow
VFU 4.10-1.1 - Move Entry Buffer Overflow Exploit Title: VFU Move Entry Buffer Overflow Date: 2015-02-25 Exploit Author: Bas van den Berg -- @barrebas Vendor Homepage: http://cade.datamax.bg/ Software Link: http://cade.datamax.bg/vfu/download Version: 4.10-1.1 Tested on: GNU/Linux Kali 1.09 32-bi...
PC-Man-FTP-Server
Title: PCMan FTP Server v2.0.7 Buffer Overflow - MKD Command Date : 12/02/2015 Author: R-73eN Software: PCMan FTP Server v2.0.7 Tested On Windows Xp SP3...
PHP DateTime - Use-After-Free
PHP DateTime - Use-After-Free Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup...
WeBid 1.1.1 - Unrestricted Arbitrary File Upload
WeBid 1.1.1 - Unrestricted Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title ...
WordPress Plugin Easy Social Icons 1.2.2 - Cross-Site Request Forgery
WordPress Plugin Easy Social Icons 1.2.2 - Cross-Site Request Forgery ==================================================== Product: Easy Social Icons WordPress plugin Vendor: CyberNetikz Tested Version: 1.2.2 Vulnerability Type: XSS CWE-79 and CSRF CWE-352 Risk Level: Medium Solution Status: Solv...
Beehive Forum 1.4.4 - Persistent Cross-Site Scripting
Beehive Forum 1.4.4 - Persistent Cross-Site Scripting Document Title: ============ Beehive Forum v1.4.4 Stored XSS Vulnerability Author: ============== Halil Dalabasmaz Release Date: =========== 23 Feb 2015 Product & Service Introduction: ======================== Beehive is an open-source project...
Clipbucket 2.7 RC3 0.9 - Blind SQL Injection
Clipbucket 2.7 RC3 0.9 - Blind SQL Injection Exploit Title : Clipbucket 2.7 RC3 0.9 Blind SQL Injection Date : 20 February 2015 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://clip-bucket.com/ Software Link :...
Zeuscart 4.0 - Multiple Vulnerabilities
Zeuscart 4.0 - Multiple Vulnerabilities Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will ask...
phpBugTracker 1.6.0 - Multiple Vulnerabilities
phpBugTracker 1.6.0 - Multiple Vulnerabilities Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor...
Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)
Zabbix 2.0.5 - Cleartext ldapbindPassword Password Disclosure Metasploit This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE:...
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC Samsung iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue Remote Code Execution PoC var arg1 = ""; var arg2="praveend"; for i=0; i !-- Stack Trace Exception Code: ACCESSVIOLATION Disasm: 149434 MOV AL,ESI+ED...
Pentaho 4.5.0 - User Console XML Injection
Pentaho 4.5.0 - User Console XML Injection ======================================================================== title: Pentaho User Console XML Injection Vulnerability program: Pentaho BI User Console vulnerable version: Pentaho was injected into the XML of the client's POST request. This tag...
Piwigo 2.7.3 - SQL Injection
Piwigo 2.7.3 - SQL Injection CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link:...
jQuery - jui_filter_rules PHP Code Execution
jQuery - juifilterrules PHP Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 PHP Code Execution in juifilterrules Parsing Library ====================================================== Researcher: Timo Schmid Description =========== juifilterrules1 is a jQuery plugin which allows...
Piwigo 2.7.3 - Multiple Vulnerabilities
Piwigo 2.7.3 - Multiple Vulnerabilities Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status:...
CrushFTP 7.2.0 - Multiple Vulnerabilities
CrushFTP 7.2.0 - Multiple Vulnerabilities ======================================================== I. Overview ======================================================== Multiple CSRF & Cross-Site Scripting XSS vulnerabilities have been identified in Crushftp 7.2.0 Web Interface on default...
Internet-Manager-SEH
Exploit Title:T-Mobile Internet Manager SEH Buffer Overflow Version:Internet Manager Software für Windows TMOPCV1.0.5B06 Software for usb Wireless:T-Mobile web'n'walk Stick Fusion Homepage:https://www.t-mobile.de/meinhandy/1,25412,19349-,00.html...
MooPlayer-1.3.0-m3u
Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow Date Discovered: 10-02-2015 Author: dogo h@ck Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/...
D-Link DSL-2640B ADSL Router - ddnsmngr Remote DNS Change
D-Link DSL-2640B ADSL Router - ddnsmngr Remote DNS Change !/bin/bash D-Link DSL-2640B Unauthenticated Remote DNS Change Exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: Different D-Link Routers are vulnerable to DNS change...
WordPress Plugin Duplicator 0.5.8 - Privilege Escalation
WordPress Plugin Duplicator 0.5.8 - Privilege Escalation Exploit Title: Duplicator 0.5.8 Privilege Escalation Date: 21-11-2014 Software Link: https://wordpress.org/plugins/duplicator/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/...
Publish-It 3.6d - Local Buffer Overflow (SEH)
Publish-It 3.6d - Local Buffer Overflow SEH !/usr/bin/python Title: Publish-It 3.6d - Buffer Overflow SEH Exploit Date: 2/16/15 Vulnerability: Discovery and PoC by Core Security http://www.exploit-db.com/exploits/31461/ Exploit Author: jakx Andrew Smith of Sword & Shield Enterprise Security Vendo...
Guppy CMS 5.0.95.00.10 - Authentication BypassChange Email
Guppy CMS 5.0.95.00.10 - Authentication BypassChange Email !-- Exploit Title: GuppY CMS 5.0.9 & 5.00.10 Authentication bypass/Change email. Other versions may be vulnerable but weren't tested. Date: 2/17/2015 Exploit Author: Brandon Murphy Vendor Homepage: http://freeguppy.org Software Link:...
GuppY CMS 5.0.9 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities
GuppY CMS 5.0.9 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities !-- Exploit Title: GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities-Privilege escalation/File upload. Other versions may be vulnerable but weren't tested. Date: 2/17/2015 Exploit Author: Brandon Murphy Vendor...
eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities
eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities eTouch SamePage v4.4.0.0.239 multiple vulnerabilities http://www.etouch.net/products/samepage/index.html Enterprise trial was installed in an Ubuntu virtual machine with MySQL. By default, the listening port is 18080. Required on the Ubuntu...
WordPress Plugin Fancybox 3.0.2 - Persistent Cross-Site Scripting
WordPress Plugin Fancybox 3.0.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress plugin Fancybox-for-WordPress Stored XSS Exploit Author: NULLpOint7r Date: 2015-02-11 Contact me: [email protected] Version: 3.0.2 Download link:...
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection Cross-Site Scripting
WordPress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection Cross-Site Scripting Exploit Title: WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Date: 20-01-2015 Software Link: http://www.wonderplugin.com/wordpress-audio-player/ Exploit Author: Kacper Szurek Contact:...
PCMan FTP Server 2.0.7 - MKD Remote Buffer Overflow
PCMan FTP Server 2.0.7 - MKD Remote Buffer Overflow Title: PCMan FTP Server v2.0.7 Buffer Overflow - MKD Command Date : 12/02/2015 Author: R-73eN Software: PCMan FTP Server v2.0.7 Tested On Windows Xp SP3 import socket 348 Bytes Bind Shell Port TCP/4444 shellcode =...
Realtek 11n Wireless LAN utility - Local Privilege Escalation
Realtek 11n Wireless LAN utility - Local Privilege Escalation Realtek 11n Wireless LAN utility privilege escalation. Vulnerability Discovered by Humberto Cabrera @dniz0r http://zeroscience.mk @zeroscience Summary: ⁃ Realtek 11n Wireless LAN utility is deployed and used by realtek alfa cards and...
WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection
WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection . Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link:...
WordPress Plugin Video Gallery 2.7.0 - SQL Injection
WordPress Plugin Video Gallery 2.7.0 - SQL Injection Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software Link :...
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies Discovered by- Mayuresh Dani [email protected] Narendra Shinde [email protected] Vendor Homepage: http://www.exponentcms.org/ Software Link:...
Python-Pickle-Class-Constructor
Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form "pickling", and later recover the data back into an object hierarchy "unpickling". A vulnerability has been reported in the Pickle implementation...
Python-2.4.2-realpath()
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...
Python-2.5-PyLocale_strxfrm
Python applications that use the 'PyLocalestrxfrm' function are prone to an information leak. Exploiting this issue allows remote attackers to read portions of memory. Python 2.4.4-2 and 2.5 are confirmed vulnerable...
Python-2.2-ImageOP-Integer-Overflow
Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow. To successfully exploit these issues, an attacker must be able to control the arguments to imageop...
Python-zlib-Module
An overflow exists in Python. Python fails to validate input resulting in a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity...
Debian-OpenSSL-Predictable-PRNG
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...
SGI-IRIX-6.2-midikeys
SGI's Irix operating system ships with an X11 application called 'soundplayer' which is used to play .WAV files. It is not setuid root by itself, but can inherit root priviliges if called by midikeys which is setuid on some old IRIX systems. Soundplayer is vulnerable to an input validation proble...
Shell-Redirection-Race-Condition
This could result in a symbolic link attack that could be used to corrupt any file that the owner of the redirecting shell has access to write to. This issue affects those systems running vulnerable versions of bash, tcsh, cash, ksh and sh. ksh is reportedly not vulnerable for IBM AIX systems...
Userhelper-PAM-Path-Vulnerability
synopsis: both 'pam' and 'userhelper' a setuid binary that comes with the 'usermode-1.15' rpm follow .. paths. Since pamstart calls down to pamaddhandler, we can get it to dlopen any file on disk. 'userhelper' being setuid means we can get root...
IBM-AIX-3.2.5-IFS
Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs...
Pandora FMS 5.1 SP1 - SQL Injection
Pandora FMS 5.1 SP1 - SQL Injection Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID:...
MooPlayer 1.3.0 - m3u Local Buffer Overflow (SEH) (1)
MooPlayer 1.3.0 - m3u Local Buffer Overflow SEH 1 !/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow Date Discovered: 10-02-2015 Author: dogo h@ck Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/ Version: 1.3.0 Tested On: Windows XP SP3...
SoftSphere DefenseWall FWIPS 3.24 - Local Privilege Escalation
SoftSphere DefenseWall FWIPS 3.24 - Local Privilege Escalation / Exploit Title - SoftSphere DefenseWall FW/IPS Arbitrary Write Privilege Escalation Date - 10th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.softsphere.com Tested Version - 3.24 Driver Version -...
IBM Endpoint Manager - Persistent Cross-Site Scripting
IBM Endpoint Manager - Persistent Cross-Site Scripting Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScri...
WordPress Plugin Survey and Poll 1.1 - Blind SQL Injection
WordPress Plugin Survey and Poll 1.1 - Blind SQL Injection Exploit Title : Wordpress Survey and poll Blind SQL Injection Data : 2015 – 02 - 11 Exploit Author : Securely Yoo Hee man Plugin : WordPress Survey and Poll Vender Homepage : http://modalsurvey.sympies.com Tested On : Windows XP /...
LG DVR LE6016D - Remote File Disclosure
LG DVR LE6016D - Remote File Disclosure ---------------------------------------------------------------------- Title : LG DVR LE6016D - Remote File Disclosure Vulnerability 0day CVE-ID : none Product : LG Affected : All versions Impact : Critical Remote : Yes Product link:...