41207 matches found
XRms - Blind SQL Injection Command Execution
XRms - Blind SQL Injection Command Execution XRMS Blind SQLi via $SESSION poisoning, then command exec import urllib import urllib2 import time import sys usercharac =...
Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload
Plogger 1.0-RC1 - Authenticated Arbitrary File Upload !/usr/bin/env python Exploit Title: Plogger Authenticated Arbitrary File Upload Date: Feb 2014 Exploit Author: b0z Vendor Homepage: www.plogger.org Software Link: www.plogger.org/download Version: Plogger prior to 1.0-RC1 CVE : 2014-2223 impor...
Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)
Microsoft Internet Explorer - Memory Corruption PoC MS14-029 function stc var Then = new Date; Then.setTimeThen.getTime + 1000 3600 24 7 ; document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString; function cid var swf = 0; try swf = new ActiveXObject'ShockwaveFlash.ShockwaveFlash';...
WordPress Plugin ShortCode 0.2.3 - Local File Inclusion
WordPress Plugin ShortCode 0.2.3 - Local File Inclusion Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download...
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage:...
glibc - NUL Byte gconv_translit_find Off-by-One
glibc - NUL Byte gconvtranslitfind Off-by-One // // Full Exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421.tar.gz CVE-2014-5119.tar.gz // // // --------------------------------------------------- // CVE-2014-5119 glibc gconvtranslitfind exploit //...
Joomla! Component spidervideoplayer - theme SQL Injection
Joomla! Component spidervideoplayer - theme SQL Injection source: https://www.securityfocus.com/bid/69422/info Spider Video Player extension for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An...
ntopng 1.2.0 - Cross-Site Scripting Injection
ntopng 1.2.0 - Cross-Site Scripting Injection ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based...
VTLS Virtua InfoStation.cgi - SQL Injection
VTLS Virtua InfoStation.cgi - SQL Injection =====Alligator Security Team - Security Advisory============================ - VTLS Virtua InfoStation.cgi SQLi - CVE-2014-2081 - Author: José Tozo =====Table of Contents====================================================== 1. Background 2. Detailed...
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure source: https://www.securityfocus.com/bid/69390/info Grand MA 300 is prone to multiple security weaknesses. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-for...
Granding MA300 - Weak Pin Encryption Brute Force
Granding MA300 - Weak Pin Encryption Brute Force source: https://www.securityfocus.com/bid/69390/info Grand MA 300 is prone to multiple security weaknesses. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-force attacks on pin to gain...
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery Title: Innovaphone PBX Admin-GUI CSRF Impact: High CVSS2 Score: 7.8 AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C Announced: August 21, 2014 Reporter: Rainer Giedat NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de Products: Innovaphone PBX...
PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities
PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities in PHP Stock Management System 1.02 Date: 25 Aug 2014 Exploit Author: Ragha Deepthi K R Vendor Homepage: http://www.posnic.com/...
ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)
ManageEngine Password Manager - MetadataServlet.dat SQL Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3 "ManageEngine...
WordPress Plugin KenBurner Slider - admin-ajax.php Arbitrary File Download
WordPress Plugin KenBurner Slider - admin-ajax.php Arbitrary File Download source: https://www.securityfocus.com/bid/69387/info The KenBurner Slider plugin for WordPress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the w...
Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities
Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities Exploit Title: Air Transfer Iphone v1.3.9 -Remote crash, Broken Authentication file download and Memo Access. Date: 08/23/2014 Author: Samandeep Singh SaMaN - @samanL33T Vendor Homepage:http://www.darinsoft.co.kr/subhtmls/airtransferguide.html...
LiveWorld Multiple Products - Cross Site Scripting
LiveWorld Multiple Products - Cross Site Scripting LiveWorld Cross Site Scripting Vendor: LiveWorld, Inc Product: LiveWorld Version: Multiple Products Website: http://www.liveworld.com CVE: CVE-2004-2566 OSVDB: 9180 PACKETSTORM: 34143 Description: LiveWorld provides collaborative services for...
MyAwards MyBB Module - Cross-Site Request Forgery
MyAwards MyBB Module - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/69386/info MyAwards module for MyBB is prone to a cross-site request-forgery vulnerability. An attacker may exploit this issue to perform certain unauthorized actions. This may lead to further attacks...
MyBB 1.8 Beta 3 - Multiple Vulnerabilities
MyBB 1.8 Beta 3 - Multiple Vulnerabilities Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection Google Dork: intext:"Powered By MyBB" Date: 15.08.2014 Author: DemoLisH Vendor Homepage: http://www.mybb.com/ Software Link: http://www.mybb.com/downloads Version: 1.8 - Beta 3 Contact:...
BlazeDVD Pro Player 7.0 - .plf Local Buffer Overflow (SEH)
BlazeDVD Pro Player 7.0 - .plf Local Buffer Overflow SEH BlazeDVD Pro v7.0 - .plf Buffer Overflow SEH Date: 19.08.2014 Exploit Author: metacom Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Win 7 EN, W...
ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection
ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using ...
ArticleFR - id SQL Injection
ArticleFR - id SQL Injection source: https://www.securityfocus.com/bid/69307/info ArticleFR is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the...
WordPress Plugin WP Content Source Control - download.php Directory Traversal
WordPress Plugin WP Content Source Control - download.php Directory Traversal source: https://www.securityfocus.com/bid/69278/info WP Content Source Control plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiti...
Tenda A5s Router 3.02.05_CN - Authentication Bypass
Tenda A5s Router 3.02.05CN - Authentication Bypass ----------------------------------------------------------------------- Tenda A5s Router Authentication Bypass Vulnerability ----------------------------------------------------------------------- Author : zixian Mail : [email protected] Date : Aug,...
off
A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...
.
A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...
Alienvault Open Source SIEM (OSSIM) 4.7.0 - get_license Remote Command Execution (Metasploit)
Alienvault Open Source SIEM OSSIM 4.7.0 - getlicense Remote Command Execution Metasploit require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlicense', 'Description' = %q This module exploits a command injection flaw found in the...
WordPress Plugin Disqus 2.7.5 - Cross-Site Request Forgery (Admin Persistent) Cross-Site Scripting
WordPress Plugin Disqus 2.7.5 - Cross-Site Request Forgery Admin Persistent Cross-Site Scripting disqus csrf reset -- -- alert1;' /...
BlazeDVD Pro Player 7.0 - .plf Direct RET Local Stack Buffer Overflow
BlazeDVD Pro Player 7.0 - .plf Direct RET Local Stack Buffer Overflow BlazeDVD Pro v7.0 - .plf Stack Based Buffer Overflow direct RET - ALSR/DEP bypass on Win8.1 Pro Date: Mon, Aug 11 2014 12:58:06 GMT Exploit Author: Giovanni Bartolomucci Vendor Homepage: http://www.blazevideo.com/ Software Link...
WordPress Plugin GB Gallery Slideshow - wp-adminadmin-ajax.php SQL Injection
WordPress Plugin GB Gallery Slideshow - wp-adminadmin-ajax.php SQL Injection source: https://www.securityfocus.com/bid/69181/info The GB Gallery Slideshow plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it i...
Easy FTP Pro 4.2 iOS - Command Injection
Easy FTP Pro 4.2 iOS - Command Injection Document Title: =============== Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID:...
TomatoCart 1.x - SQL Injection
TomatoCart 1.x - SQL Injection Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU General...
PhotoSync Wifi Bluetooth 1.0 - Local File Inclusion
PhotoSync Wifi Bluetooth 1.0 - Local File Inclusion Document Title: =============== PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1289 Release Date: ============= 2014-08-04 Vulnerability...
Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm
Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm Exploit Title: Sky Broadband Router Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Categor...
SHARP MX Series - Denial of Service
SHARP MX Series - Denial of Service Exploit Title: SHARP MX Series - Denial Of Service Date: 08/08/2014 Exploit Author: pws Vendor Homepage: Sharp Printers Firmware Link: Not found Tested on: Latest version Shodan d0rk: "SHARP Telnet server" 4000 devices CVE : None yet $ python -c 'print "A"200 +...
VoipSwitch - user.php Local File Inclusion
VoipSwitch - user.php Local File Inclusion source: https://www.securityfocus.com/bid/69109/info VoipSwitch is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scrip...
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...
Feng Office - Persistent Cross-Site Scripting
Feng Office - Persistent Cross-Site Scripting Affected software: Feng Office - URL: http://www.fengoffice.com/web/demo.php Discovered by: Provensec Website: http://www.provensec.com Type of vulnerability: XSS Stored Feng Office is a Collaboration tool that includes a CRM, Communication, Document...
WordPress Plugin wpSS - ss_handler.php SQL Injection
WordPress Plugin wpSS - sshandler.php SQL Injection source: https://www.securityfocus.com/bid/69089/info The WordPress Spreadsheet plugin wpSS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can...
HybridAuth 2.2.2 - Remote Code Execution
HybridAuth 2.2.2 - Remote Code Execution | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| HybridAuth = 2.2.2 Remote Code Execution Website : http://hybridauth.sourceforge.net/ Exploit Author : @u0x Pichaya Morimoto Release dates : August 5,...
Symantec Endpoint Protection 11.x12.x - Kernel Pool Overflow Local Privilege Escalation
Symantec Endpoint Protection 11.x12.x - Kernel Pool Overflow Local Privilege Escalation Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow http://www.offensive-security.com Tested on Windows 7 http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/ Authors: Matteo...
Video WiFi Transfer 1.01 - Directory Traversal
Video WiFi Transfer 1.01 - Directory Traversal Document Title: =============== Video WiFi Transfer 1.01 - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1288 Release Date: ============= 2014-08-02 Vulnerability Laborato...
Barracuda Web Application Firewall - Authentication Bypass
Barracuda Web Application Firewall - Authentication Bypass source: https://www.securityfocus.com/bid/69028/info Barracuda Web Application Firewall is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the...
FreeDisk 1.01 iOS - Multiple Vulnerabilities
FreeDisk 1.01 iOS - Multiple Vulnerabilities Document Title: =============== FreeDisk v1.01 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1287 Release Date: ============= 2014-08-01 Vulnerability Laboratory ID VL-ID:...
RaidenTunes - music_out.php Cross-Site Scripting
RaidenTunes - musicout.php Cross-Site Scripting source: https://www.securityfocus.com/bid/42167/info RaidenTunes is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution
TP-Link TL-WR740N v4 Router FW-Ver. 3.16.6 Build 130529 Rel.47286n - Command Execution Exploit Title: TP-Link TL-WR740N v4 router FW-Ver. 3.16.6 Build 130529 Rel.47286n arbitrary shell command execution Date: 08/03/2014 Exploit Author: Christoph Kuhl Vendor Homepage: http://www.tp-link.com Softwa...
Status2k Server Monitoring Software - Multiple Vulnerabilities
Status2k Server Monitoring Software - Multiple Vulnerabilities Exploit Title: Status2k Multiple Vulnerabilities/0days Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://status2k.com/ Version: All Tested on: Linux/Windows CVE :...
Sphider Search Engine - Multiple Vulnerabilities
Sphider Search Engine - Multiple Vulnerabilities Exploit Title: Sphider Search Engine - Multiple Vulnerabilities Google Dork: ext:php intext:sphider inurl:search.php Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.sphider.eu/ Version: Sphider 1.3.6 ...
Photo WiFi Transfer 1.01 - Directory Traversal
Photo WiFi Transfer 1.01 - Directory Traversal Document Title: =============== Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1285 Release Date: ============= 2014-07-31 Vulnerability Laborato...
ArticleFR 11.06.2014 - data.php Privilege Escalation
ArticleFR 11.06.2014 - data.php Privilege Escalation Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014...