RedaxScript CMS 2.2.0 - SQL Injection

RedaxScript CMS 2.2.0 - SQL Injection Exploit Title: Radexscript CMS 2.2.0 - SQL Injection vulnerability Google Dork: N/A Date: 02/09/2015 Exploit Author: Pham Kien Cuong [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://redaxscript.com/ Software Link:...

ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities

ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities Multiple vulnerabilities in FailOverServlet in ManageEngine OpManager, Applications Manager and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security...

u5CMS 3.9.3 - Multiple Persistent Cross-Site Scripting Reflected Cross-Site Scripting Vulnerabilities

u5CMS 3.9.3 - Multiple Persistent Cross-Site Scripting Reflected Cross-Site Scripting Vulnerabilities u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy...

u5CMS 3.9.3 - deletefile.php Arbitrary File Deletion

u5CMS 3.9.3 - deletefile.php Arbitrary File Deletion u5CMS 3.9.3 deletefile.php Arbitrary File Deletion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized...

StaMPi - Local File Inclusion

StaMPi - Local File Inclusion Exploit Title: StaMPi - Local File Inclusion Google Dork: "Designed by StaMPi" inurl:fotogalerie.php Date: 16/2/15 Author : e . V . E . L Contact: [email protected] PoC: http://site.com/path/fotogalerie.php?id=../../../../../../../../../../etc/passwd%00...

Chamilo LMS 1.9.8 - Blind SQL Injection

Chamilo LMS 1.9.8 - Blind SQL Injection Exploit Title: Chamilo LMS 1.9.8 Blind SQL Injection Date: 06-12-2014 Software Link: http://www.chamilo.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

MooPlayer 1.3.0 - m3u Buffer Overflow (SEH) (PoC)

MooPlayer 1.3.0 - m3u Buffer Overflow SEH PoC !/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh SaMaN - @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/ Vendor...

u5CMS 3.9.3 - Multiple SQL Injections

u5CMS 3.9.3 - Multiple SQL Injections u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress /...

u5CMS 3.9.3 - thumb.php Local File Inclusion

u5CMS 3.9.3 - thumb.php Local File Inclusion u5CMS 3.9.3 thumb.php Local File Inclusion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference /...

Fork CMS 3.8.5 - SQL Injection

Fork CMS 3.8.5 - SQL Injection CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89...

Chemtool 1.6.14 - Memory Corruption

Chemtool 1.6.14 - Memory Corruption Document Title: =============== Chemtool 1.6.14 Memory Corruption Vulnerability Date: ============= 08/02/2015 Vendor Homepage: ================ http://ruby.chemie.uni-freiburg.de/martin/chemtool/ Abstract Advisory Information: ==============================...

Achat 0.150 beta7 - Remote Buffer Overflow

Achat 0.150 beta7 - Remote Buffer Overflow !/usr/bin/python Author KAhara MAnhara Achat 0.150 beta7 - Buffer Overflow Tested on Windows 7 32bit import socket import sys, time msfvenom -a x86 --platform Windows -p windows/exec CMD=calc.exe -e x86/unicodemixed -b...

LG DVR LE6016D - Remote UsersPasswords Disclosure

LG DVR LE6016D - Remote UsersPasswords Disclosure !/usr/bin/perl LG DVR LE6016D unauthenticated remote users/passwords disclosure exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Digital video recorder DVR surveillance is the use of cameras, often hidden or concealed, that use...

Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change

Shuttle Tech ADSL ModemRouter 915 WM - Remote DNS Change !/bin/bash Shuttle Tech ADSL Modem-Router 915 WM Unauthenticated Remote DNS Change Exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Description: The vulnerability exist in the web interface, which is accessible without...

Magento Server MAGMI Plugin - Multiple Vulnerabilities

Magento Server MAGMI Plugin - Multiple Vulnerabilities Exploit Title: Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting Software Link: http://sourceforge.net/projects/magmi/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 5-2-2015 ExploitLoc...

HP-Data-Protector-8.x

Exploit Title: HP-Data-Protector-8.x Remote command execution. Google Dork: - Date: 30/01/2015 Exploit Author: Juttikhun Khamchaiyaphum Vendor Homepage: https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emrna-c04373818 Software Link:...

D-Link-DSL-2740R

D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites...

ASUSWRT-LAN-Backdoor

Exploit Title: ASUSWRT 3.0.0.4.3761071 LAN Backdoor Command Execution Date: 2014-10-11 Vendor Homepage: http://www.asus.com/ Software Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-N66UB1/FWRTN66U30043762524.zip Source code:...

Liferay-Portal-7.0.0

Exploit title: Liferay Portal 7.0.0 M1, 7.0.0 M2, 7.0.0 M3 RCE Date: 11/16/2014 Exploit author: drone @dronesec Vendor homepage: http://www.liferay.com/ Software link: http://downloads.sourceforge.net/project/lportal/Liferay%20Portal/7.0.0%20M2/liferay-portal-tomcat-7.0-ce-m2-20141017162509960.zi...

UniPDF-1.1-SEH

Exploit Title: UniPDF v1.1 BufferOverflow, SEH overwrite DoS PoC Google Dork: none Date: 01/28/2015 Exploit Author: bonze Email: [email protected] Vendor Homepage: http://unipdf.com/ Software Link: http://unipdf.com/file/unipdf-setup.exe Redirect to: http://unipdf-converter.en.softonic.com/downlo...

Microsoft-Server-2003-SP2

Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-001 Publication Date: 2015.01.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-001.txt...

RedStar-3.0-Desktop-SUDO

Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png...

RedStar-2.0-Desktop-Privilege-Escalation

Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here...

Ntpdc-4.2.6p3

ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS...

Congstar-Internet-Manager-SEH

Exploit Title:Congstar Internet-Manager SEH Buffer Overflow Software for usb Wireless:Congstar Prepaid Internet-Stick MF100 Homepage:www.congstar.de/downloads/prepaid-internet-stick/...

TMobile-Internet-Manager-SEH

Exploit Title:T-Mobile Internet Manager SEH Buffer Overflow Version:Internet Manager Software für Windows TMOPCV1.0.5B06 Software for usb Wireless:T-Mobile web'n'walk Stick Fusion...

BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation

BullGuard Multiple Products - Arbitrary Write Privilege Escalation / Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver...

Pragyan CMS 3.0 - SQL Injection

Pragyan CMS 3.0 - SQL Injection Advisory: SQL injection vulnerability in Pragyan CMS v.3.0 Advisory ID: SROEADV-2015-11 Author: Steffen Rösemann Affected Software: Pragyan CMS v.3 Vendor URL: https://github.com/delta/pragyan, http://delta.nitt.edu/ Vendor Status: vendor did not respond after...

K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation

K7 Computing Multiple Products - Arbitrary Write Privilege Escalation / Exploit Title - K7 Computing Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.k7computing.co.uk/ Tested Version - 14.2.0.240...

AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation

AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation / Exploit Title - AVG Internet Security 2015 Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.avg.com/ Tested Version - 2015.0.5315 Driver...

Core-Image-Fun-House-2.0

2007-07-10 21:15:34.573 Core Image Fun House1061 CFLog 0: CFPropertyListCreateFromXMLData: plist parse failed; the data is notproper UTF-8. The file name for this data could be:...

Apple-iPhone-and-iPod-Touch

Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1...

Apple-Mac-OS-X-10.x

Mac OS X is prone to a local privilege-escalation vulnerability affecting ARDAgent Apple Remote Desktop. Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer. This issue is confirmed to affect Mac OS X 10.5...

Apple-iPhoto-4.0.3-DPAP

crash the iPhoto DPAP Digital Photo Access Protocol Server on iPhoto 4.0.3 technically the server exits cleanly but it does not restart...

Apple-iPhone-Mobile-Safari-Memory-Exhaustion

Attackers can exploit this issue by enticing an unsuspecting user to view a maliciously crafted webpage. Successful attacks cause a kernel panic, crashing the device. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed. iPhone 1.1.2 and 1.1....

Apple-Safari-=-2.0.4-KHTML-POC

Apple Safari is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users...

Apple-Mac-OS-X-10.x-CoreGraphics

Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions...

Apple-Safari-3.2-WebKit

Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different...

Apple-Safari-3.2-WebKit-alink

Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different...

Mac-OS-X-xnu-1228.x-(hfs-fcntl)

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving...

Mozilla-Firefox-3.5-(Font-tags)

FireFox 3.5 Heap Spray OS X Exploit Modified by: DrIDE Originally Discovered by: Simon Berry-Bryne Pythonized by: David Kennedy ReL1K @ SecureState Thanks to HDM...

Apple-iTunes-9.0---(.pls)

Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit...

Apple-QuickTime-7.5-(.m3u)

Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result i...

Office-2008-sp0-RTF-Pfragments-MAC-Exploit

RTF Pfragments exploit for MAC office 2008 Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/...

Mac-OS-X-Server-DirectoryService-Buffer-Overflow

The bug is located in the function 'DSTCPEndpoint::AllocFromProxyStruct' from 'DSTCPEndpoint.cpp'1. An attacker can control both the value of 'inProxyDataMsg-fDataSize' and the data that will be copied. Thus, by sending a huge amount of data and a small buffer size, the service will crash trying ...

OSX-10.8.4-Local-Root-Privilege-Escalation

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

Safari-8.0-OS-X-10.10

Safari 8.0 / OS X 10.10 - Crash PoC...

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

Hewlett-Packard HP UCMDB - JMX-Console Authentication Bypass Mogwai Security Advisory MSA-2015-02 ---------------------------------------------------------------------- Title: Hewlett-Packard UCMDB - JMX-Console Authentication Bypass CVE-ID: CVE-2014-7883 Product: Hewlett-Packard Universal CMDB...

ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery

ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery :8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden" name="newDCAuthUser...

D-Link-DSL-2740R-Unauthenticated-Remote-DNS

Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites...