41207 matches found
ALCASAR-Remote
By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...
ALCASAR 2.8 - Remote Code Execution
ALCASAR 2.8 - Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d...
PHP Stock Management System 1.02 - Multiple Vulnerabilities
PHP Stock Management System 1.02 - Multiple Vulnerabilities Exploit Title: PHP Stock Management System 1.02 - Multiple Vulnerabilty Date : 9-9-2014 Author : jsass Vendor Homepage: http://www.posnic.com/ Software Link: http://sourceforge.net/projects/stockmanagement/ Version: 1.02 Tested on:...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dor...
WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities
WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities Exploit Title: Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities Google Dork: N/A Date: 09.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor...
WordPress Theme Antioch - download.php Arbitrary File Download
WordPress Theme Antioch - download.php Arbitrary File Download source: https://www.securityfocus.com/bid/69673/info Antioch theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain...
WordPress Plugin WP to Twitter - Authentication Bypass
WordPress Plugin WP to Twitter - Authentication Bypass source: https://www.securityfocus.com/bid/69741/info WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...
Atmail Webmail 7.2 - Multiple Vulnerabilities
Atmail Webmail 7.2 - Multiple Vulnerabilities Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.com Version: =7.2 Latest ATM, tested also on 7.1.1 Authors: Smash & Brag / smashatdevilteam.pl PoC: poczta.pl / demo.atmail.com 1. Cross Site Scripting a GET -...
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthoriz...
WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery
WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/69744/info Xhanch My Twitter plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized...
WordPress Theme Authentic - download.php Arbitrary File Download
WordPress Theme Authentic - download.php Arbitrary File Download source: https://www.securityfocus.com/bid/69671/info Authentic theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain...
WordPress Theme Acento - view-pdf.php?File Arbitrary File Download
WordPress Theme Acento - view-pdf.php?File Arbitrary File Download +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : WordPress acento theme Arbitrary File Download Vulnerability Author : alieye vondor : http://www.wpbyexample.com/detail/acentocultural.com Contact : [email protected]...
phpMyFAQ 2.8.x - Multiple Vulnerabilities
phpMyFAQ 2.8.x - Multiple Vulnerabilities Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specif...
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
Joomla! Component Spider Calendar 3.2.6 - SQL Injection !/usr/bin/env python Exploit Title : Joomla Spider Calendar = 3.2.6 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link :...
vBulletin 5.1.x - Persistent Cross-Site Scripting
vBulletin 5.1.x - Persistent Cross-Site Scripting Title: vBulletin 5.1.X - Cross Site Scripting Date: 05.09.14 Version: = 5.1.2 Latest ATM Vendor: vbulletin.com Contact: smash at devilteam.pl 1 Agenda Latest vBulletin forum software suffers on persistent cross site scripting vulnerability, which...
Jenkins 1.578 - Multiple Vulnerabilities
Jenkins 1.578 - Multiple Vulnerabilities Affected Vendor: http://jenkins-ci.org/ Date: 03/09/2014 Discovered by: JoeV Type of vulnerability: CSRF and Command Execution Tested on: Windows 7 Version : 1.578 Description: Jenkins is susceptible to CSRF attack and command execution. Using groovy one c...
WordPress Theme Epic - download.php Arbitrary File Download
WordPress Theme Epic - download.php Arbitrary File Download source: https://www.securityfocus.com/bid/69672/info Epic theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially...
TP-Link TL-WR841N TL-WR841ND - Multiple Vulnerabilities
TP-Link TL-WR841N TL-WR841ND - Multiple Vulnerabilities Title: TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities Date: 30.06.14 Vendor: TP-LINK Affected versions: TL-WR841N / TL-WR841ND Tested on: Firmware Version - 3.13.27 Build 121101 Rel.38183n, Hardware Version - WR841N v8...
osCommerce 2.3.4 - Multiple Vulnerabilities
osCommerce 2.3.4 - Multiple Vulnerabilities Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerabl...
WordPress Plugin Bulk Delete Users by Email 1.0 - Cross-Site Request Forgery
WordPress Plugin Bulk Delete Users by Email 1.0 - Cross-Site Request Forgery Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 - CSRF Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage - http://www.speakdigital.co.uk/...
WordPress Plugin W3 Total Cache - admin.php Cross-Site Request Forgery
WordPress Plugin W3 Total Cache - admin.php Cross-Site Request Forgery source: https://www.securityfocus.com/bid/69745/info W3 Total Cache plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform...
Zen Cart 1.5.3 - Multiple Vulnerabilities
Zen Cart 1.5.3 - Multiple Vulnerabilities Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS Date: 09.07.14 Vendor: zen-cart.com Tested on: Apache 2.2 at Linux Contact: smashatdevilteam.pl 1 - CSRF - Delete admin GET profile stands for user id...
WordPress Theme Urban City - download.php Arbitrary File Download
WordPress Theme Urban City - download.php Arbitrary File Download source: https://www.securityfocus.com/bid/69670/info Urban City theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain...
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - ·...
TP-Link TL-WR340G TL-WR340GD - Multiple Vulnerabilities
TP-Link TL-WR340G TL-WR340GD - Multiple Vulnerabilities Title: TP-LINK Model No. TL-WR340G/TL-WR340GD - Multiple Vulnerabilities Date: 01.07.14 Vendor: TP-LINK Affected versions: TL-WR340G/TL-WR340GD Tested on: Firmware Version - 4.3.7 Build 090901 Rel.61899n, Hardware Version - WR340G v5 081520C...
WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection
WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection Title : Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability Risk : High+/Critical Exploit Author : XroGuE Google Dork : inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajaxcounter.php AND...
Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery Token Hjiacking
Invision Power Board IP.Board 3.x - Cross-Site Request Forgery Token Hjiacking Title: IP Board 3.x CSRF - Token hjiacking Date: 03.09.14 Version: = 3.4.6 Vendor: invisionpower.com Author: Piotr S. Video-PoC: https://www.youtube.com/watch?v=G5P21TA4DjY 1 Introduction Latest and propabbly previous...
PhpOnlineChat 3.0 - Cross-Site Scripting
PhpOnlineChat 3.0 - Cross-Site Scripting Exploit Title: phponlinechat xss Date: 5/9/2014 Exploit Author: N0 Feel Vendor Homepage: http://phponlinechat.com/phpchat Software Link: http://phponlinechat.com/chat-free-download.php Version: 3.0 Tested on: win7 php online chat suffer from xss in user...
LoadedCommerce7 - Systemic Query Factory
LoadedCommerce7 - Systemic Query Factory Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline:...
WordPress Plugin Spider Facebook - facebook.php SQL Injection
WordPress Plugin Spider Facebook - facebook.php SQL Injection source: https://www.securityfocus.com/bid/69675/info Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiti...
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
BulletProof FTP Client 2010 - Buffer Overflow SEH Python !/usr/bin/python ----------------------------------------------------------------------------- Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Exploit Date: Sep 05 2014 Vulnerability Discovery: Gabor Seljan Exploit Author:...
MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting
MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting Exploit Title: User Social Networks MyBB Plugin 1.2 - Cross Site Scripting Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage - N/A Software Link:...
WordPress Plugin Premium Gallery Manager - Configuration Access
WordPress Plugin Premium Gallery Manager - Configuration Access Exploit Title : Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability Author : Hannaichi @dntkun Date : February 5th, 2014 Type : php, html, htm, asp, etc. Category : Web Applications...
vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection
vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection vBulletin 4.0.x = 4.1.2 AUTOMATIC SQL Injection exploit Author: D35m0nd142, Google Dork: inurl:search.php?searchtype=1 Date: 02/09/2014 Vendor Homepage: http://www.vbulletin.com/ Tested on: vBulletin 4.1.2 Usage: perl exploit.pl Tutorial video:...
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting Python Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and...
WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection
WordPress Plugin Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection Exploit Title : Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://huge-it.com/ Software Link :...
Mozilla Firefox 9.0.1 Thunderbird 3.1.20 - Information Disclosure
Mozilla Firefox 9.0.1 Thunderbird 3.1.20 - Information Disclosure source: https://www.securityfocus.com/bid/69525/info Mozilla Firefox and Thunderbird are prone to an information-disclosure vulnerability. Attackers can exploit this issue to disclose sensitive information that may aid in further...
LeapFTP 3.1.0 - URL Handling Buffer Overflow (SEH)
LeapFTP 3.1.0 - URL Handling Buffer Overflow SEH Exploit Title: LeapFTP 3.1.0 URL Handling SEH Exploit Google Dork: "k3170makan is totally awesome" hehehe Date: 2014-08-28 Exploit Author: k3170makan Vendor Homepage: http://www.leapware.com/ Software Link: http://www.leapware.com/download.html...
Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting
Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference:...
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage:...
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)
ManageEngine EventLog Analyzer - Multiple Vulnerabilities 1 Mogwai Security Advisory MSA-2014-01 ---------------------------------------------------------------------- Title: ManageEngine EventLog Analyzer Multiple Vulnerabilities Product: ManageEngine EventLog Analyzer Affected versions: EventLo...
Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download
Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution
ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution Arbitrary file upload / remote code execution in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security...
HTML Help Workshop 1.4 - Local Buffer Overflow (SEH)
HTML Help Workshop 1.4 - Local Buffer Overflow SEH import subprocess Exploit Title: HTML Help Workshop 1.4 - Local Buffer Overflow Exploit SEH Date: 31/08/2014 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link:...
NRPE 2.15 - Remote Code Execution
NRPE 2.15 - Remote Code Execution !/usr/bin/python Exploit Title : NRPE http://www.abcompcons.com/files/nrpeclient.py pyOpenSSL Library required http://pyopenssl.sourceforge.net/ root@localhost pip-python install pyOpenSSL NRPE = 2.15 Remote Command Execution Vulnerability Release date: 17.04.201...
F5 Big-IP - rsync Access
F5 Big-IP - rsync Access When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. The BigIP platform configures an rsync daemon listenin...
HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC)
HTML Help Workshop 1.4 - Buffer Overflow SEH PoC ---------------------------------------------------------------------------------------------------- Exploit Title: HTML Help Workshop - SEH Buffer Overflow Date: August 24 2014 Exploit Author: Moroccan Kingdom MKD Software Link:...
ManageEngine DeviceExpert 5.9 - User Credential Disclosure
ManageEngine DeviceExpert 5.9 - User Credential Disclosure User credential disclosure in ManageEngine DeviceExpert 5.9 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Background on the affected...
PhpWiki - Remote Command Execution
PhpWiki - Remote Command Execution / / / / / / // / / / / / / / \ | /| / / / /// / / / // / // / / // / / / / // / |/ |/ / / ,&2;'+cmd+' 1&2;echo ':::'123 1&2;" -prefab= -csmap= data= alt= help= ','editpreview','Preview','action','edit' cmd1 = urllib2.Requestdomain +'/index.php/HeIp',data cmd2...
ActualAnalyzer Lite 2.81 - Command Execution
ActualAnalyzer Lite 2.81 - Command Execution ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/2011 import urllib import...