NETGEAR WNR500 Wireless Router - webproc?getpage Traversal Arbitrary File Access

NETGEAR WNR500 Wireless Router - webproc?getpage Traversal Arbitrary File Access Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit Vendor: NETGEAR Product web page: http://www.netgear.com Affected version: WNR500 firmware: 1.0.7.2 Summary: The NETGEAR compact N150...

Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation

Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege Escalation Vendor: PWI, Inc. Product web page: http://www.privacyware.com Affected version: 7.0.30.3 Summary: Privatefirewall multi-layered endpoint securit...

Microsoft Windows - win32k.sys Denial of Service

Microsoft Windows - win32k.sys Denial of Service Exploit Title: Microsoft Windows Win32k.sys Denial of Service Date: 20-11-2014 Exploit Author: Kedamsky [email protected] Vendor Homepage: http://microsoft.com Software Link: http://www.microsoft.com/en-us/download/windows.aspx Version: XP SP3, Vist...

FluxBB 1.5.6 - SQL Injection

FluxBB 1.5.6 - SQL Injection !/usr/bin/env python Friday, November 21, 2014 - secthrowaway safe-mail net FluxBB 80: sys.exit'SQL too long, max 80 chars' print "1st stage: %s %d chars" % sql, lensql r = urlopenRequest'%sprofile.php?action=changeemail&id=%s' % url, uid,...

WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection

WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection Vulnerability title: Multi SQL Injection in SP Client Document Manager plugin CVE: N/A Vendor: http://smartypantsplugins.com Plugin: SP Client Document Manager Download link: https://wordpress.org/plugins/sp-client-document-manager...

Microsoft Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution PowerShell VirtualAlloc (MS14-064)

Microsoft Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution PowerShell VirtualAlloc MS14-064 |--------------------------------------------------------------------------| | Title: OLE Automation Array Remote Code Execution = Pre IE11 | | Original Exploit: yuange -...

Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)

Snowfox CMS 1.0 - Cross-Site Request Forgery Add Admin input type="hidden" name="userGroups"...

Minix 3.3.0 - Remote TCPIP Stack Denial of Service

Minix 3.3.0 - Remote TCPIP Stack Denial of Service / ------------------------------------------------------- ||------+ MINIX =--|| ||--= Nov 2014 =--|| ||--= Mexico =--|| -- MINIX IS PRONE TO DENIAL OF SERVICE IN THE TCP/IP STACK /service/inet BY SENDING A SINGLE TCP PACKET WITH A MALFORMED TCP...

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip...

ZTE ZXHN H108L - Authentication Bypass (1)

ZTE ZXHN H108L - Authentication Bypass 1 Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-84...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.1 Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2...

WebsiteBaker 2.8.3 - Multiple Vulnerabilities

WebsiteBaker 2.8.3 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score...

Apple Mac OSX Safari 8.0 - Crash (PoC)

Apple Mac OSX Safari 8.0 - Crash PoC @w3bd3vil svg padding-top: 1337%; box-sizing: border-box; 0x7fff8ab10282: jae 0x7fff8ab1028c ; pthreadkill + 20 0x7fff8ab10284: movq %rax, %rdi 0x7fff8ab10287: jmp 0x7fff8ab0bca3 ; cerrornocancel 0x7fff8ab1028c: retq lldb register read General Purpose Register...

PHPFox - Persistent Cross-Site Scripting

PHPFox - Persistent Cross-Site Scripting Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system store...

Zoph 0.9.1 - Multiple Vulnerabilities

Zoph 0.9.1 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-005 - Original release date: March 5, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I...

.NET Remoting Services - Remote Command Execution

.NET Remoting Services - Remote Command Execution Source: https://github.com/tyranid/ExploitRemotingService Exploit Database Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35280.zip ExploitRemotingService c 2014 James Forshaw...

MyBB Forums 1.8.2 - Persistent Cross-Site Scripting

MyBB Forums 1.8.2 - Persistent Cross-Site Scripting Exploit Title:Stored XSS vulnerability in MyBB 1.8.2 Date: 16th November'2014 Exploit Author: Avinash Kumar Thapa Vendor Homepage: http://www.mybb.com/ Software Link: http://www.mybb.com/download/ Version: MyBB 1.8.2 latest Tested on: Operating...

Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies

Maarch LetterBox 2.8 - Authentication Bypass Insecure Cookies Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier...

ZTE ZXHN H108L - Authentication Bypass (2)

ZTE ZXHN H108L - Authentication Bypass 2 About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely...

Proticaret E-Commerce Script 3.0 - SQL Injection (2)

Proticaret E-Commerce Script 3.0 - SQL Injection 2 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...

clientResponse Client Management 4.1 - Cross-Site Scripting

clientResponse Client Management 4.1 - Cross-Site Scripting Exploit Title: clientResponse Client Management XSS Vulnerability Date: 14-10-2014 Exploit Author: Halil Dalabasmaz Version: v4.1 Vendor Homepage: http://codecanyon.net/item/clientresponse-responsive-php-client-management/3797780 Tested...

Joomla! Component com_hdflvplayer 2.1.0.1 - Arbitrary File Download

Joomla! Component comhdflvplayer 2.1.0.1 - Arbitrary File Download !/usr/bin/env python Exploit Title : Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : http://www.hdflvplayer.net/ Software Link :...

Gogs - label SQL Injection

Gogs - label SQL Injection Blind SQL Injection in Gogs label search ======================================== Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...

Gogs - usersrepos ?q SQL Injection

Gogs - usersrepos ?q SQL Injection Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very simili...

OSSEC 2.8 - hosts.deny Local Privilege Escalation

OSSEC 2.8 - hosts.deny Local Privilege Escalation !/usr/bin/python Exploit Title: ossec 2.8 Insecure Temporary File Creation Vulnerability Privilege Escalation Date: 14-11-14 Exploit Author: skynet-13 Vendor Homepage: www.ossec.net/ Software Link:...

Piwigo 2.6.0 - picture.php?rate SQL Injection

Piwigo 2.6.0 - picture.php?rate SQL Injection ============================================= MGC ALERT 2014-001 - Original release date: January 12, 2014 - Last revised: November 12, 2014 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

MyBB 1.8.x - Multiple Vulnerabilities

MyBB 1.8.x - Multiple Vulnerabilities Title: MyBB 1.8.X - Multiple Vulnerabilities Date: 13.11.2014 Tested on: Linux / Apache 2.2 / PHP 5 localhost Vendor: mybb.com Version: = 1.8.1 - Latest ATM Contact: [email protected] Author: Smash Latest MyBB forum software suffers on multiple...

F5 BIG-IP 10.1.0 - Directory Traversal

F5 BIG-IP 10.1.0 - Directory Traversal +------------------------------------------------------+ + F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability + +------------------------------------------------------+ Affected Product : F5 BIG-IP Vendor Homepage : http://www.f5.com/ Version : 10.1.0...

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (Metasploit)

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 "Windows...

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (1)

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution 1 // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set...

Digi Online Examination System 2.0 - Unrestricted Arbitrary File Upload

Digi Online Examination System 2.0 - Unrestricted Arbitrary File Upload Exploit Title: Digi Online Examination System Unrestricted File Upload Vulnerability Date: 12-10-2014 Exploit Author: Halil Dalabasmaz Version: v2.0 Software Link:...

Joomla! Component com_hdflvplayer 2.1.0.1 - SQL Injection

Joomla! Component comhdflvplayer 2.1.0.1 - SQL Injection !/usr/bin/python Exploit Title : Joomla HD FLV 2.1.0.1 and below SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://www.hdflvplayer.net/ Software Link : http://www.hdflvplayer.net/downloadcount.php?pid=5 Dork google 1:...

Proticaret E-Commerce Script 3.0 - SQL Injection (1)

Proticaret E-Commerce Script 3.0 - SQL Injection 1 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...

Microsoft Office 20072010 - OLE Arbitrary Command Execution

Microsoft Office 20072010 - OLE Arbitrary Command Execution Full exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking...

CorelDRAW X7 CDR File - CdrTxt.dll Off-by-One Stack Corruption

CorelDRAW X7 CDR File - CdrTxt.dll Off-by-One Stack Corruption CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW i...

WordPress Plugin SupportEzzy Ticket System 1.2.5 - Persistent Cross-Site Scripting

WordPress Plugin SupportEzzy Ticket System 1.2.5 - Persistent Cross-Site Scripting Exploit Title: SupportEzzy Ticket System - WordPress Plugin Stored XSS Vulnerability Date: 12-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.2.5 Vendor Homepage:...

WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload

WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload Exploit Title: Photo Gallery 1.2.5 Unrestricted File Upload Date: 11-11-2014 Software Link: https://wordpress.org/plugins/photo-gallery/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

Subex Fms 7.4 - SQL Injection

Subex Fms 7.4 - SQL Injection ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection =======================================================================================...

Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities

Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.1 Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098 Softwa...

vldPersonals 2.7 - Multiple Vulnerabilities

vldPersonals 2.7 - Multiple Vulnerabilities Exploit Title: VLD Personal – Multiple Vulnerabilities Date: 09/11/2014 Exploit Author: Mr T Exploit Authors Website: http://www.securitypentester.ninja Vendor Homepage: http://www.vldpersonals.com/ Software Link:...

Barracuda - Multiple Unauthentication Logfile Downloads

Barracuda - Multiple Unauthentication Logfile Downloads Exploit Title: multiple Barracuda products logfile disclosure Date: 03/26/2014 Exploit Author: Juergen Grieshofer / 4CKnowLedge Author Homepage: https://4ck.eu/ Vendor Homepage: https://barracudalabs.com Software Link:...

PHP-Fusion 7.02.07 - SQL Injection

PHP-Fusion 7.02.07 - SQL Injection Exploit Title: PHP-Fusion 7.02.07 SQL Injection Date: 06/11/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.php-fusion.co.uk Software Link: http://ufpr.dl.sourceforge.net/project/php-fusion/PHP-Fusion%20Archives/7.x/ PHP-Fusion-7.02.07.zip Version:...

Microsoft Internet Explorer 11 - Denial of Service

Microsoft Internet Explorer 11 - Denial of Service Exploit Title: IE D.O.S Date: 10/28/2014 Exploit Author: Behrooz Abbassi Vendor Homepage: http://microsoft.com Software Link: http://windows.microsoft.com/en-us/internet-explorer/download-ie Version: tested on 8 to 11 Tested on: XP to 8.1 x64/x86...

ZTE ZXDSL 831CII - Insecure Direct Object Reference

ZTE ZXDSL 831CII - Insecure Direct Object Reference Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct obje...

phpSound Music Sharing Platform 1.0.5 - Multiple Cross-Site Scripting Vulnerabilities

phpSound Music Sharing Platform 1.0.5 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link:...

WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection

WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injectio...

Password Manager Pro Pro MSP - Blind SQL Injection

Password Manager Pro Pro MSP - Blind SQL Injection Authenticated blind SQL injection in Password Manager Pro / Pro MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Last...

WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities

WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ==========================================================================...

i.Mage 1.11 - Local Crash (PoC)

i.Mage 1.11 - Local Crash PoC !/usr/bin/python Exploit Title:i.Mage Local Crash Poc Homepage:http://www.memecode.com/image.php Software Link:http://sourceforge.net/projects/image-editor/files/i.mage-win32-v111.exe/download Version:i.i.Mage v1.11 Win32 Release Description:i.Mage is a small and fas...