DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload (Metasploit)

DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload Metasploit Exploit Title: DotNetNuke DNNspot Store UploadifyHandler.ashx windows/shell/reversetcp LHOST = 192.168.13.37 LPORT = 31337 RHOST = 192.168.31.33 - Handler failed to bind to 192.168.13.37:31337 Started reverse handler on...

Microsoft Windows - OLE Package Manager SandWorm

Microsoft Windows - OLE Package Manager SandWorm !/usr/bin/env python import os import zipfile import sys ''' Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title:...

Aireplay-ng 1.2 beta3 - tcp_test Length Stack Overflow

Aireplay-ng 1.2 beta3 - tcptest Length Stack Overflow / Exploit Title: Aireplay "tcptest" Length Parameter Inconsistency Date: 10/3/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://www.aircrack-ng.org/ Version: Aireplay-ng 1.2 beta3 Tested on: Kali Linux 1.0.9 x64 CVE : CVE-2014-8322...

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Add Admin User)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection Add Admin User !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for...

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (PoC) (Reset Password) (2)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection PoC Reset Password 2 array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx;...

SAP NetWeaver Enqueue Server - Denial of Service

SAP NetWeaver Enqueue Server - Denial of Service Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability...

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (PoC) (Reset Password) (1)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection PoC Reset Password 1 Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Creditz to https://www.reddit.com/user/fyukyuk EDB Note Updated version:...

Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities Document Title: =============== Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1303 Release Date: ============= 2014-10-13 Vulnerability...

Change CMS 3.6.8 - Multiple Cross-Site Request Forgery Vulnerabilities

Change CMS 3.6.8 - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: RBS Change Complet Open Source multiple CSRF vulnerabilities POST and GET Date: 10/10/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...

Bosch Security Systems DVR 630650670 Series - Multiple Vulnerabilities

Bosch Security Systems DVR 630650670 Series - Multiple Vulnerabilities :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2014-10-01 Bosch Security Systems DVR 630/650/670 Series...

Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation

Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Telefonica O2 Connection Manager 3.4 Local Privilege Escalation Vulnerability Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 3.4.R1 108 Summary: O2 Connection Manager...

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="...

Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation

Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 8.7.6.792 Summary: O2...

Tenda A32 Router - Cross-Site Request Forgery

Tenda A32 Router - Cross-Site Request Forgery Exploit Title: Tenda A32 Router CSRF Vulnerabilityreboot the Router CVE ID :CVE-2014-7281 Date: 2014-10-10 Exploit Author: zixian Vendor Homepage: http://tenda.com.cn/ Software Link: http://tenda.com.cn/Catalog/Product/325 Version: V5.07.53CN When the...

YourMembers Plugin - Blind SQL Injection

YourMembers Plugin - Blind SQL Injection Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: https://github.com/YourMembers/yourmembers/tree/master/ymtrunk Affected version: Version 3, 29 June 2007...

PayPal Inc BB #85 MB iOS 4.6 - Authentication Bypass

PayPal Inc BB 85 MB iOS 4.6 - Authentication Bypass Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...

SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

SEO Control Panel 3.6.0 - Authenticated SQL Injection Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link:...

Croogo 2.0.0 - Arbitrary PHP Code Execution

Croogo 2.0.0 - Arbitrary PHP Code Execution !/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under...

vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting

vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview...

GetSimple CMS 3.3.1 - Cross-Site Scripting

GetSimple CMS 3.3.1 - Cross-Site Scripting PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Disclosure: 12/05/2014 / Last updated: 12/10/2014 Timeline: 04/11/2013 - Found bugs, produced proof of concept...

vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection

vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================== Overview -------- date : 10/12/2014 cvss : 7.1...

CMS Made Simple 1.11.9 - Multiple Vulnerabilities

CMS Made Simple 1.11.9 - Multiple Vulnerabilities Vulnerabilities in CMS Made Simple, version 1.11.9 Discovered by Pedro Ribeiro [email protected] of Agile Information Security Reported to [email protected] and [email protected] Disclosure: 28/02/2014 / Last updated: 12/10/2014 CMS...

Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities

Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014...

Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting

Nessus Web UI 2.3.3 - Persistent Cross-Site Scripting Nessus Web UI 2.3.3: Stored XSS ========================================================= CVE number: CVE-2014-7280 Permalink: http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html Vendor advisory:...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This is not so much a software vulnerability but more a configuration issue. 2.2 Unauthenticated...

BMC Track-It! - Multiple Vulnerabilities

BMC Track-It! - Multiple Vulnerabilities Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting...

Linux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation

Linux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation / FUSE-based exploit for CVE-2014-5207 Copyright c 2014 Andy Lutomirski Based on code that is: Copyright C 2001-2007 Miklos Szeredi This program can be distributed under the terms of the GNU GPL. See the file COPYING. gcc -Wall...

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...

OpenSSH 6.6 SFTP (x64) - Command Execution

OpenSSH 6.6 SFTP x64 - Command Execution define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include include include...

HttpCombiner ASP.NET - Remote File Disclosure

HttpCombiner ASP.NET - Remote File Disclosure Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...

Asx to Mp3 2.7.5 - Local Stack Overflow

Asx to Mp3 2.7.5 - Local Stack Overflow Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow Date: 6 Oct 2014 Exploit Author: Amir Reza Tavakolian Vendor Homepage: http://binarylife.blog.ir/ Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-21684-10385919.html Version:...

Postfix SMTP 4.2.x 4.2.48 - Shellshock Remote Command Injection

Postfix SMTP 4.2.x 4.2.48 - Shellshock Remote Command Injection !/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x " argc = lensys.argv ifargc 3: usage sys.exit0 rport ...

Apache mod_cgi - Shellshock Remote Command Injection

Apache modcgi - Shellshock Remote Command Injection ! /usr/bin/env python from socket import from threading import Thread import thread, time, httplib, urllib, sys stop = False proxyhost = "" proxyport = 0 def usage: print """ Shellshock apache modcgi remote exploit Usage: ./exploit.py var= Vars:...

Ultra Electronics 7.2.0.197.4.0.7 - Multiple Vulnerabilities

Ultra Electronics 7.2.0.197.4.0.7 - Multiple Vulnerabilities Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

Bash CGI - Shellshock Remote Command Injection (Metasploit)

Bash CGI - Shellshock Remote Command Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Shellshock Bashed CGI RCE', 'Description' = %q This module exploits the...

OpenVPN 2.2.29 - Shellshock Remote Command Injection

OpenVPN 2.2.29 - Shellshock Remote Command Injection Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

Epicor Enterprise 7.4 - Multiple Vulnerabilities "Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associat...

TeamSpeak Client 3.0.14 - Buffer Overflow

TeamSpeak Client 3.0.14 - Buffer Overflow Title : TeamSpeak Client v3.0.14 - Buffer Overflow Vulnerability Severity : High+/Critical Reporters : SpyEye & Christian Galeone Software Version : 3.0.14 & Previous Versions Software Name : TeamSpeak Client Software Download Link :...

TestLink 1.9.11 - Multiple SQL Injections

TestLink 1.9.11 - Multiple SQL Injections Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...

PHPComptaNOALYSS 6.7.1 5638 - Remote Command Execution

PHPComptaNOALYSS 6.7.1 5638 - Remote Command Execution Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does no...

RBS Change Complet Open Source 3.6.8 - Cross-Site Request Forgery

RBS Change Complet Open Source 3.6.8 - Cross-Site Request Forgery Exploit Title: RBS Change Complet Open Source CSRF Google Dork: intext:"une réalisation rbs" Date: 10/01/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...

Kolibri WebServer 2.0 - Remote Buffer Overflow (EMET 5.0 EMET 4.1 Partial Bypass)

Kolibri WebServer 2.0 - Remote Buffer Overflow EMET 5.0 EMET 4.1 Partial Bypass !/bin/python import socket, sys, re Exploit Title: Kolibri POST Buffer overflow with EMET 5.0 and EMET 4.1 Partial Bypass Date: September 30th 2014 Author: tekwizz123 Vendor Homepage: http://www.senkas.com Software...

Bacula-Web 5.2.10 - joblogs.php?jobid SQL Injection

Bacula-Web 5.2.10 - joblogs.php?jobid SQL Injection bacula-web 5.2.10 vulnerability Bacula-web is an web base application that provide you a summarized view all of the jobs bacula-director. title : Bacula-web 5.2.10 godork : "jobid=" bacula-web vulnerability : + Sql injection example :...

GNU bash 4.3.11 - Environment Variable dhclient

GNU bash 4.3.11 - Environment Variable dhclient !/usr/bin/python Exploit Title: dhclient shellshocker Google Dork: n/a Date: 10/1/14 Exploit Author: @0x00string Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz Version: 4.3.11 Tested on: Ubuntu 14.04.1 CVE :...

WordPress Plugin All In One WP Security Firewall 3.8.3 - Persistent Cross-Site Scripting

WordPress Plugin All In One WP Security Firewall 3.8.3 - Persistent Cross-Site Scripting Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date:...

Moab 7.2.9 - Authentication Bypass

Moab 7.2.9 - Authentication Bypass Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computi...

Rejetto HTTP File Server (HFS) 2.3a2.3b2.3c - Remote Command Execution

Rejetto HTTP File Server HFS 2.3a2.3b2.3c - Remote Command Execution ========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Lin...

ManageEngine OpManager Social IT - Arbitrary File Upload (Metasploit)

ManageEngine OpManager Social IT - Arbitrary File Upload Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload',...

IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection

IPFire - CGI Web Interface Authenticated Bash Environment Variable Code Injection !/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link:...

dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

dhclient 4.1 - Bash Environment Variable Command Injection Shellshock !/usr/bin/python Exploit Title: ShellShock dhclient Bash Environment Variable Command Injection PoC Date: 2014-09-29 Author: @fdiskyou e-mail: rui at deniable.org Version: 4.1 Tested on: Debian, Ubuntu, Kali CVE: CVE-2014-6277,...