41207 matches found
WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities
WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities WHM.AutoPilot Multiple Vulnerabilities Vendor: Benchmark Designs, LLC Product: WHM.AutoPilot Version: = 2.4.6.5 Website: http://www.whmautopilot.com/ BID: 12119 CVE: CVE-2004-1420 CVE-2004-1421 CVE-2004-1422 OSVDB: 12693 12694 12695 12696 12697...
Lazarus Guestbook 1.22 - Multiple Vulnerabilities
Lazarus Guestbook 1.22 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Dat...
BitRaider Streaming Client 1.3.3.4098 - Local Privilege Escalation
BitRaider Streaming Client 1.3.3.4098 - Local Privilege Escalation BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability Vendor: BitRaider, LLC Product web page: http://www.bitraider.com Affected version: 1.3.3.4098 Summary: BitRaider is a video game streaming and...
SysAid Server - Arbitrary File Disclosure
SysAid Server - Arbitrary File Disclosure Vantage Point Security Advisory 2014-004 ======================================== Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: Summary: --- SysAid Server is vulnerable...
PHPMyRecipes 1.2.2 - browse.php?category SQL Injection
PHPMyRecipes 1.2.2 - browse.php?category SQL Injection Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered...
GParted 0.14.1 - OS Command Execution
GParted 0.14.1 - OS Command Execution SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 appli...
jetAudio 8.1.3 Basic (mp3) - Crash (PoC)
jetAudio 8.1.3 Basic mp3 - Crash PoC Exploit Title : jetAudio 8.1.3 Basic Corrupted mp3 Crash POC Product : jetAudio Basic Date : 8.12.2014 Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/ Software Link : http://www.jetaudio.com/download/ Vulnerable version : 8.1.3...
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP...
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion Remote Code Execution (Metasploit)
Lotus Mail Encryption Server 2.1.0.1 Protector for Mail - Local File Inclusion Remote Code Execution Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing...
Notepad++ 6.6.9 - Buffer Overflow
Notepad++ 6.6.9 - Buffer Overflow !/usr/bin/python Exploit Title: NotePad++ v6.6.9 Buffer Overflow URL Vendor: http://notepad-plus-plus.org/ Vendor Name: NotePad Version: 6.6.9 Date: 22/12/2014 CVE: CVE-2014-1004 Author: TaurusOmar Twitter: @TaurusOmar Email: [email protected] Home:...
PsychoStats 2.2.4 Beta - Cross Site Scripting
PsychoStats 2.2.4 Beta - Cross Site Scripting PsychoStats Cross Site Scripting Vendor: Jason Morriss Product: PsychoStats Version: = 2.2.4 Beta Website: http://www.psychostats.com/ BID: 12089 CVE: CVE-2004-1417 OSVDB: 12560 SECUNIA: 13619 PACKETSTORM: 35502 Description: PsychoStats is a statistic...
Codiad 2.4.3 - Multiple Vulnerabilities
Codiad 2.4.3 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Codiad 2.4.3 - Cross Site Scripting - Local File Inclusion Vulnerability's Date: 19/12/2014 Url Vendor:...
Varnish Cache CLI Interface - Remote Code Execution (Metasploit)
Varnish Cache CLI Interface - Remote Code Execution Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Varnish Cache CLI Interface Bruteforce Utility', 'Description' = 'This...
MiniBB 3.1 - Blind SQL Injection
MiniBB 3.1 - Blind SQL Injection Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9254 Category: webapps 1. Description...
Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities
Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities Exploit Title: 6 Remote ettercap Dos exploits to 1 Date: 19/12/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://ettercap.github.io Software Link: https://github.com/Ettercap/ettercap/archive/v0.8.1.tar.gz Version: 8.0-8.1...
GQ File Manager 0.2.5 - Multiple Vulnerabilities
GQ File Manager 0.2.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor...
ProjectSend r561 - Multiple Vulnerabilities
ProjectSend r561 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url...
Cacti Superlinks Plugin 1.4-2 - SQL Injection Local File Inclusion
Cacti Superlinks Plugin 1.4-2 - SQL Injection Local File Inclusion !/bin/sh Exploit Title: Cacti - Superlinks Plugin 1.4-2 RCELFI via SQL Injection Date: 19/12/2014 Exploit Author: Wireghoul Software Link: http://docs.cacti.net/plugin:superlinks Identifiers: CVE-2014-4644, EDB-ID-33809 Exploit...
Piwigo 2.7.2 - Multiple Vulnerabilities
Piwigo 2.7.2 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Piwigo 2.7.2 - SQL Injection / Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor:...
CIK Telecom VoIP Router SVG6000RW - Privilege Escalation Command Execution
CIK Telecom VoIP Router SVG6000RW - Privilege Escalation Command Execution Exploit Title: CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution Date: 2014/12/10 Exploit Author: Chako Vendor Homepage: https://www.ciktel.com/ Description: CIK Telecom VoIP router SVG6000RW has...
CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting
CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: -...
Mediacoder 0.8.33 build 5680 - .lst Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - .lst Buffer Overflow PoC SEH Overwrite Exploit Title: Mediacoder 0.8.33 build 5680 SEH Buffer Overflow Exploit Dos .lst Date: 11/29/2010 Author: Hadji Samir [email protected] Software Link: http://dl.mediacoderhq.com/files001/MediaCoder-0.8.33.5680.exe Version: 0.8.33...
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload !/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification...
ResourceSpace 6.4.5976 - Cross-Site Scripting SQL Injection Insecure Cookie Handling
ResourceSpace 6.4.5976 - Cross-Site Scripting SQL Injection Insecure Cookie Handling Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montal...
WordPress Plugin Download Manager 2.7.4 - Remote Code Execution
WordPress Plugin Download Manager 2.7.4 - Remote Code Execution !/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html...
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://www.soitec.com Affected version: 1.4 and 1.3 Summary: Soitec power plants are a profitable and ecological...
PHPads 213607 - Authentication Bypass Password Change
PHPads 213607 - Authentication Bypass Password Change PHPads Authentication Bypass Exploit PHPads Authentication Bypass / Administrator Password Change Exploit Target : " size="70" / '1', 'newlogin' = $username, 'newpass' = "htlover"; $ch = curlinit; curlsetopt$ch, CURLOPTURL,$target;...
jaangle 0.98i.977 - Denial of Service
jaangle 0.98i.977 - Denial of Service jaangle 0.98i.977 Denial of Service Vulnerability Author: hadji samir , [email protected] Download : http://www.jaangle.com/downloading?block Tested : Windows 7 fr DATE : 2012-12-13 EAX 000000C0 ECX 00000000 EDX 00000000 EBX 00000003 ESP 01C5FE28 EBP 01C5FF88 E...
GLPI 0.85 - Blind SQL Injection
GLPI 0.85 - Blind SQL Injection Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category...
phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service
phpMyAdmin 4.0.x4.1.x4.2.x - Denial of Service ============= DESCRIPTION: ============= A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...
Mediacoder 0.8.33 build 5680 - .m3u Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - .m3u Buffer Overflow PoC SEH Overwrite Exploit Title: Mediacoder 0.8.33 build 5680 SEH Buffer Overflow Exploit Dos .m3u Date: 11/29/2010 Author: Hadji Samir [email protected] Software Link: http://dl.mediacoderhq.com/files001/MediaCoder-0.8.33.5680.exe Version: 0.8.33...
JetAudio 8.1.3 - .mp4 Crash (PoC)
JetAudio 8.1.3 - .mp4 Crash PoC Exploit Title : jetAudio 8.1.3 Basic Use-after-free Corrupted mp4 Crash POC Product : jetAudio Basic Date : 12.12.2014 Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/ Software Link : http://www.jetaudio.com/download/ Vulnerable version...
Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC)
Winamp 5.666 build 3516 - Corrupted .flv Crash PoC Exploit Title : Winamp 5.666 build 3516 'f263.w5s' Corrupted flv Crash POC Product : Winamp 5.666 build 3516 Date : 12.12.2014 Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/ Software Link :...
IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution...
Humhub 0.10.0-rc.1 - SQL Injection
Humhub 0.10.0-rc.1 - SQL Injection Exploit Title: Humhub condition is injected with the otherwise unsanitized $lastEntryId, which can be any SQL injection. Proof of Concept: Performing the following request index.php?r=notification/list/index&from=999 AND CASE WHEN 0x30SELECT substringpassword,1,...
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Humhub test Will insert the corresponding HTML elements into the post/comment body. 2. Humhub-modules-mail 7 persistent XSS vulnerability Humhub-modules-mail versions 0.5.9 and prior when used in...
OpenEMR 4.1.2(7) - Multiple SQL Injections
OpenEMR 4.1.27 - Multiple SQL Injections Vulnerability title: Multiple Authenticated SQL Injections In OpenEMR CVE: CVE-2014-5462 Vendor: OpenEMR Product: OpenEMR Affected version: 4.1.27 and earlier Fixed version: N/A Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed...
Apache James Server 2.3.2 - Remote Command Execution
Apache James Server 2.3.2 - Remote Command Execution !/usr/bin/python Exploit Title: Apache James Server 2.3.2 Authenticated User Remote Command Execution Date: 16\10\2014 Exploit Author: Jakub Palaczynski, Marcin Woloszyn, Maciej Grabiec Vendor Homepage: http://james.apache.org/server/ Software...
WordPress Plugin Symposium 14.10 - SQL Injection
WordPress Plugin Symposium 14.10 - SQL Injection Exploit Title: WP Symposium 14.10 SQL Injection Date: 22-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://downloads.wordpress.org/plugin/wp-symposium.14.10.zip Category: webap...
Flat Calendar 1.1 - HTML Injection
Flat Calendar 1.1 - HTML Injection !/usr/bin/perl -w Title : Flat Calendar v1.1 HTML Injection Exploit Download : http://www.circulargenius.com/flatcalendar/FlatCalendar-v1.1.zip Author : ZoRLu / [email protected] Website : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm ...
Advantech AdamView 4.30.003 - .gni Local Buffer Overflow (SEH)
Advantech AdamView 4.30.003 - .gni Local Buffer Overflow SEH !/usr/bin/env ruby Exploit Title: Advantech AdamView .gni SEH Buffer Overflow Date: Dec 09 2014 Vulnerability Discovery: Daniel Kazimirow and Fernando Paez - Core Security Exploit Author: Muhamad Fadzil Ramli Software Link:...
Free Article Submissions 1.0 - SQL Injection
Free Article Submissions 1.0 - SQL Injection Exploit Title: Free Article Submissions SQL Injection Vulnerability Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal" inurl:/category.php?id=2 "Arts & Entertainment" Date: 07/12/2014 Exploit Author: BarrabravaZ Vendor Homepage:...
IceHrm 7.1 - Multiple Vulnerabilities
IceHrm 7.1 - Multiple Vulnerabilities IceHrm =7.1 Multiple Vulnerabilities Vendor: IceHRM Product web page: http://www.icehrm.com Affected version: = 7.1 Summary: IceHrm is Human Resource Management web software for small and medium sized organizations. The software is written in PHP. It has...
PBBoard CMS - Persistent Cross-Site Scripting
PBBoard CMS - Persistent Cross-Site Scripting Exploit Title : PBBoard CMS Stored xss vulnerability Author : Manish Kishan Tanwar Vendor : http://www.pbboard.info/ version affected: all Date : 7/12/2014 Discovered @ : INDISHELL Lab Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,jagrit...
WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download
WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download Exploit Title : Wordpress Ajax Store Locator = 1.2 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356 Software Link : Premium Dork Google:...
PBBoard CMS 3.0.1 - SQL Injection
PBBoard CMS 3.0.1 - SQL Injection Vulnerability title: SQL Injection in PBBoard CMS CVE: CVE-2014-9215 CMS: PBBoard Vendor: Power bulletin board - http://www.pbboard.info/ Product: http://sourceforge.net/projects/pbboard/files/PBBoardv3.0.1/PBBoardv3.0.1.zip/download Affected version: Version 3.0...
Offset2lib - Bypassing Full ASLR On 64 bit Linux
Offset2lib - Bypassing Full ASLR On 64 bit Linux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2014-1204-1 | | http://packetstormsecurity.com/ |...
Microsoft Windows Kerberos - Privilege Escalation (MS14-068)
Microsoft Windows Kerberos - Privilege Escalation MS14-068 !/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache...
Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities
Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities Product: Wireless N ADSL 2/2+ Modem Router Firmware Version : V2.05.C29GV Modem Type : ADSL2+ Router Modem Vendor : Technicolor Model: DT5130 Bugs: 1- Unauth Xss - CVE-2014-9142 user=teste&password=teste&...
Advertise With Pleasure! (AWP) 6.6 - SQL Injection
Advertise With Pleasure! AWP 6.6 - SQL Injection Exploit Title: Advertise With Pleasure! AWP = 6.6 - SQL Injection vulnerability Date: 12/02/2014 Author: Robert Cooper robertcatareyousecure.net Software Link: http://www.guruperl.net/products/awppro/ Tested on: Linux/Windows 7 Vulnerable Parameter...