41207 matches found
WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection
WordPress Plugin Google Document Embedder 2.5.16 - mysqlrealescpaestring Bypass SQL Injection Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A...
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download Exploit Title: Wordpress CodeArt Google MP3 Player plugin - File Disclosure Download Google Dork: inurl:/wp-content/plugins/google-mp3-audio-player/directdownload.php?file= Date: 02/12/2014 Exploit Author: QK14 Team Vendor...
VFU 4.10-1.1 - Local Buffer Overflow
VFU 4.10-1.1 - Local Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com Tested on: GNU/Linux - Debian Wheezy Description: VFU v4.10-1.1 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied...
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
BulletProof FTP Client 2010 - Local Buffer Overflow SEH Ruby !/usr/bin/env ruby Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Exploit Date: Dec 03 2014 Vulnerability Discovery: Gabor Seljan Exploit Author: Muhamad Fadzil Ramli Software Link: http://www.bpftp.com/ Version:...
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download
ManageEngine Netflow Analyzer IT360 - Arbitrary File Download Arbitrary file download in ManageEngine Netflow Analyzer and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 30/11/20...
WordPress Plugin Cart66 Lite eCommerce 1.5.1.17 - Blind SQL Injection
WordPress Plugin Cart66 Lite eCommerce 1.5.1.17 - Blind SQL Injection Exploit Title: Cart66 Lite WordPress Ecommerce 1.5.1.17 Blind SQL Injection Date: 29-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link:...
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation Exploit Title: Thomson Reuters Fixed Assets CS Windows 7, Windows 8 CVE : 2014-9141 Product Affected: Fixed Assets CS =13.1.4 Workstation Install Note: 2003/2008 Terminal Services/Published apps may be vulnerable, depending on...
IPUX CL5452CL5132 IP Camera - UltraSVCamX.ocx ActiveX Stack Buffer Overflow
IPUX CL5452CL5132 IP Camera - UltraSVCamX.ocx ActiveX Stack Buffer Overflow IPUX CL5452/CL5132 IP Camera UltraSVCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com Affected version:...
ProjectSend r-561 - Arbitrary File Upload
ProjectSend r-561 - Arbitrary File Upload !/usr/bin/python Exploit Title: ProjectSend r-651 File Upload Date: December 01, 2014 Exploit Author: Fady Mohamed Osman Exploit-db id:2986 Vendor Homepage: http://www.projectsend.org/ Software Link: http://www.projectsend.org/download/67/ Version: r-561...
SQL Buddy 1.3.3 - Remote Code Execution
SQL Buddy 1.3.3 - Remote Code Execution Exploit Title: SQL Buddy Remote Code Execution Date: November 29 2014 Exploit Author: Fady Osman @fadyosman Youtube Channel : https://www.youtube.com/user/cutehack3r Vendor Homepage: http://sqlbuddy.com/ Software Link:...
EntryPass N5200 - Credentials Exposure
EntryPass N5200 - Credentials Exposure Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password. Details ======= Product: EntryPass N5200 Activ...
IPUX CS7522CS2330CS2030 IP Camera - UltraHVCamX.ocx ActiveX Stack Buffer Overflow
IPUX CS7522CS2330CS2030 IP Camera - UltraHVCamX.ocx ActiveX Stack Buffer Overflow IPUX CS7522/CS2330/CS2030 IP Camera UltraHVCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com...
WordPress Plugin Nextend Facebook Connect 1.4.59 - Cross-Site Scripting
WordPress Plugin Nextend Facebook Connect 1.4.59 - Cross-Site Scripting Exploit Title: Nextend Facebook Connect 1.4.59 XSS Date: 16-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link:...
IPUX Cube Type CS303C IP Camera - UltraMJCamX.ocx ActiveX Stack Buffer Overflow
IPUX Cube Type CS303C IP Camera - UltraMJCamX.ocx ActiveX Stack Buffer Overflow IPUX Cube Type CS303C IP Camera UltraMJCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com Affected...
tnftp (FreeBSD 8910) - tnftp Client Side
tnftp FreeBSD 8910 - tnftp Client Side !/usr/bin/env python2 Exploit Title: tnftp BSD exploit Date: 11/29/2014 Exploit Author: dash Vendor Homepage: www.freebsd.org Version: FreeBSD 8/9/10 Tested on: FreeBSD 9.3 CVE : CVE-2014-8517 tnftp exploit CVE-2014-8517tested against freebsd 9.3...
TYPO3 Extension ke DomPDF - Remote Code Execution
TYPO3 Extension ke DomPDF - Remote Code Execution Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in...
Prolink PRN2001 - Multiple Vulnerabilities
Prolink PRN2001 - Multiple Vulnerabilities Exploit Title: Prolink PRN2001 Multiple Vulnerabilities 1. -Advisory Information- Title: Prolink PRN2001 Multiple Vulnerabilities Firmware: Ver 1.2 Firmware URL: http://www.prolink2u.com/download/fw/fwPRN2001V1.220130323.zip Vendor Homepage:...
WordPress 4.0.1 - Denial of Service
WordPress 4.0.1 - Denial of Service ==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Wordpress validuserpayload && printf "%s" 1..1000000 validuserpayload && echo -n...
WordPress 4.0 - Denial of Service
WordPress 4.0 - Denial of Service $argv2, 'pwd' = strrepeat"A",1000000, 'redirectto' = $argv1 . "/wp-admin/", 'reauth' = 1, 'testcookie' = '1', 'wp-submit' = "Log%20In"; $cookieFiles = "cookie.txt"; curlsetoptarray$ch, array CURLOPTHEADER = 1, CURLOPTUSERAGENT = "Mozilla/5.0 Windows; U; Windows N...
Drupal 7.34 - Denial of Service
Drupal 7.34 - Denial of Service ==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Drupal validuserpayload && printf "%s" 1..1000000 validuserpayload && echo -n "&op=Log...
CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation
CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation Exploit Title: CCH Wolters Kluwer PFX Engagement Windows 8, 2003, 2008, 2012 CVE : 2014-9113 Product Affected: CCH Wolters Kluwer PFX Engagement = v7.1 This vulnerability has been reference checked this against multiple installs...
xEpan 1.0.4 - Multiple Vulnerabilities
xEpan 1.0.4 - Multiple Vulnerabilities Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version: 1.0.4 Tested on:...
Elipse E3 - HTTP Denial of Service
Elipse E3 - HTTP Denial of Service // Exploit Http DoS Request for SCADA ATTACK Elipse 3 // Mauro Risonho de Paula Assumpção aka firebits // [email protected] // 29-10-2013 11:42 // Vendor Homepage: http://www.elipse.com.br/port/index.aspx // Software Link:...
WordPress Plugin Slider REvolution 3.0.95 Showbiz Pro 1.7.1 - Arbitrary File Upload
WordPress Plugin Slider REvolution 3.0.95 Showbiz Pro 1.7.1 - Arbitrary File Upload !/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published:...
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
Device42 WAN Emulator 2.3 - Traceroute Command Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q ,...
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - .wax Local Buffer Overflow (SEH)
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - .wax Local Buffer Overflow SEH !/usr/bin/env ruby Exploit Title: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 .wax SEH Buffer Overflow Date: 26.11.2014 Exploit Author: Muhamad Fadzil Ramli Vendor Homepage: not valid anymore Software Link: not...
Android WAPPushManager - SQL Injection
Android WAPPushManager - SQL Injection INTRODUCTION ================================== In Android 5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone need permissio...
xEpan 1.0.1 - Cross-Site Request Forgery
xEpan 1.0.1 - Cross-Site Request Forgery Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public...
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
Device42 WAN Emulator 2.3 - Ping Command Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q , 'License' =...
WordPress Plugin DB Backup - Arbitrary File Download
WordPress Plugin DB Backup - Arbitrary File Download |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress db-backup plugin File Download Vulnerability | | Google Dork:...
TRENDnet SecurView Wireless Network Camera TV-IP422WN - UltraCamX.ocx Stack Buffer Overflow (PoC)
TRENDnet SecurView Wireless Network Camera TV-IP422WN - UltraCamX.ocx Stack Buffer Overflow PoC TRENDnet SecurView Wireless Network Camera TV-IP422WN UltraCamX.ocx Stack BoF Vendor: TRENDnet Product web page: http://www.trendnet.com Affected version: TV-IP422WN/TV-IP422W Summary: SecurView...
Arris VAP2500 - Authentication Bypass
Arris VAP2500 - Authentication Bypass !/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV0 puts "Usage: $0 " exit0 end host = ARGV0 newpass = "h4x0r3d!" http = Net::HTTP.newhost.start users = nil users = http.requestget"/admin.conf".body.split"\n".map! |user| user.sub/^.?,.$/,"\1"...
PHPMyRecipes 1.2.2 - dosearch.php?words_exact SQL Injection
PHPMyRecipes 1.2.2 - dosearch.php?wordsexact SQL Injection !/usr/bin/python import httplib from bs4 import BeautifulSoup import re import os Function that takes an SQL select statement and inject it into the wordsexact variable of dosearch.php Returns BeautifulSoup object def sqliselect: inject =...
Crea8Social 1.3 - Persistent Cross-Site Scripting
Crea8Social 1.3 - Persistent Cross-Site Scripting Exploit Title: crea8social 1.3 Stored XSS Vulnerability Date: 24-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.3 Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270 Tested on: Chrome & Icewease...
WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection
WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection Exploit Title: Google Doc Embedder 2.5.14 SQL Injection Date: 10-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl http://twitter.com/KacperSzurek Software Link:...
Linux Kernel 3.14.5 (CentOS 7 RHEL) - libfutex Local Privilege Escalation
Linux Kernel 3.14.5 CentOS 7 RHEL - libfutex Local Privilege Escalation / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen [email protected] Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include...
RobotStats 1.0 - HTML Injection
RobotStats 1.0 - HTML Injection Title : RobotStats v1.0 HTML Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstat...
Microsoft Windows 8.1 Server 2012 - Win32k.sys Local Privilege Escalation (MS14-058)
Microsoft Windows 8.1 Server 2012 - Win32k.sys Local Privilege Escalation MS14-058 include "hd.h" // EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46945.rar byte scode= 0x48 ,0x8B ,0xC4 ,0x48 ,0x89 ,0x58 ,0x08 ,0x48 ,0x89 ,0x68 ,0x20 ,0x56...
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption Denial of Service Exploit Title: JourneyMap Disk-space consumption exploit Date: 23Nov2014 Exploit Author: CovertCodes Vendor Homepage: http://journeymap.techbrew.net/ Software Link: http://journeymap.techbrew.net/download/ Version:...
WordPress Plugin wpDataTables 1.5.3 - SQL Injection
WordPress Plugin wpDataTables 1.5.3 - SQL Injection Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-...
tcpdump 4.6.2 - Geonet Decoder Denial of Service
tcpdump 4.6.2 - Geonet Decoder Denial of Service CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or...
PHP 5.5.12 - Locale::parseLocale Memory Corruption
PHP 5.5.12 - Locale::parseLocale Memory Corruption Full Package: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35358.tgz Description: ------------ PHP 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote...
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload !/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit written by Claudio Viviani Video Demo:...
RobotStats 1.0 - robot SQL Injection
RobotStats 1.0 - robot SQL Injection Title : RobotStats v1.0 robot param SQL Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo :...
WordPress Plugin Download Manager 2.7.2 - Privilege Escalation
WordPress Plugin Download Manager 2.7.2 - Privilege Escalation Exploit Title: WordPress Download Manager 2.7.2 Privilege Escalation Date: 24-11-2014 Software Link: https://wordpress.org/plugins/download-manager/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...
WordPress Plugin DukaPress 2.5.2 - Directory Traversal
WordPress Plugin DukaPress 2.5.2 - Directory Traversal Exploit Title: DukaPress 2.5.2 Path Traversal Date: 27-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/dukapress.2.5.2.zip Category: webapps CVE: CVE-2014-8799 1...
TP-Link TL-WR740N - Denial of Service
TP-Link TL-WR740N - Denial of Service TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.17.0 Build 140520 Rel.75075n Released: 5/20/2014 - Firmware version: 3.16.6...
Advantech EKI-6340 - Command Injection
Advantech EKI-6340 - Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL:...
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
WordPress Plugin CM Download Manager 2.0.0 - Code Injection Vulnerability title: Code Injection in Wordpress CM Download Manager plugin 2.0.0 CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Link download:...
MyBB 1.8.2 - unset_globals() Function Bypass Remote Code Execution
MyBB 1.8.2 - unsetglobals Function Bypass Remote Code Execution Exploit Title: MyBB - 2014.03.06 MyBB's unsetglobals function can be bypassed under special conditions and it is possible to allows remote code execution. I. MyBB's unsetglobals Function Bypass When PHP's register\globals configurati...