Fonality trixbox - endpoint_generic.php SQL Injection

Fonality trixbox - endpointgeneric.php SQL Injection source: https://www.securityfocus.com/bid/68720/info Trixbox is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site scripting vulnerability 3. Multiple local file-include vulnerabilities 4. A remot...

Fonality trixbox - index.php Remote Code Execution

Fonality trixbox - index.php Remote Code Execution source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

Omeka 2.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting

Omeka 2.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting !-- Omeka 2.2 CSRF And Stored XSS Vulnerability Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the...

OL-Commerce - OL-Commerceaffiliate_show_banner.php?affiliate_banner_id SQL Injection

OL-Commerce - OL-Commerceaffiliateshowbanner.php?affiliatebannerid SQL Injection source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize...

Fonality trixbox - repo.php Directory Traversal

Fonality trixbox - repo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

Fonality trixbox - endpointcfg.php Directory Traversal

Fonality trixbox - endpointcfg.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting...

Boat Browser 8.08.0.1 - Remote Code Execution

Boat Browser 8.08.0.1 - Remote Code Execution CreatMalTxt POC - WebView var obj; function TestVulnerability temp="not"; var myObject = window; for var name in myObject if myObject.hasOwnPropertyname try...

Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application Date: 10/15/13 Exploit Author:Vivek N http://nvivek.weebly.com/ Vendor Homepage: http://www.bilboplanet.com/ Software Link:...

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact:...

Alfresco - proxy?endpoint Server-Side Request Forgery

Alfresco - proxy?endpoint Server-Side Request Forgery source: https://www.securityfocus.com/bid/68/info http://www.example.com/alfresco/proxy?endpoint=http://internalsystem:port 663/info Alfresco Community Edition is prone to multiple security vulnerabilities. An attacker may leverage these issue...

Node Browserify 4.2.0 - Remote Code Execution

Node Browserify 4.2.0 - Remote Code Execution !/usr/bin/python """ Browserify POC exploit http://iops.io/blog/browserify-rce-vulnerability/ To run, just do: $ python poc.py exploit.js $ browserify exploit.js BITCH I TOLD YOU THIS SHIT IS FABULOUS garbage output ,,,1 00:08:32 up 12:29, 3 users, lo...

Alfresco - cmisbrowser?url Server-Side Request Forgery

Alfresco - cmisbrowser?url Server-Side Request Forgery source: https://www.securityfocus.com/bid/68/info http://www.example.com/alfresco/proxy?endpoint=http://internalsystem:port 663/info Alfresco Community Edition is prone to multiple security vulnerabilities. An attacker may leverage these issu...

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection Exploit Title: Joomla component comyoutubegallery - SQL Injection vulnerability Google Dork: inurl:index.php?option=comyoutubegallery Date: 15-07-2014 Exploit Author: Pham Van Khanh [email protected] Vendor Homepage:...

Shopizer 1.1.5 - Multiple Vulnerabilities

Shopizer 1.1.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable...

WEBMIS CMS - Arbitrary File Upload

WEBMIS CMS - Arbitrary File Upload source: https://www.securityfocus.com/bid/68658/info WEBMIS CMS is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code...

WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload

WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload source: https://www.securityfocus.com/bid/68656/info The CopySafe PDF Protection plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary...

HP Data Protector Manager 8.10 - Remote Command Execution

HP Data Protector Manager 8.10 - Remote Command Execution !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...

Kolibri Web Server 2.0 - GET (SEH)

Kolibri Web Server 2.0 - GET SEH !/usr/bin/python Exploit Title : Kolibri WebServer 2.0 Get Request SEH Exploit Exploit Author : Revin Hadi S Date : 14/07/2014 Vendor : http://www.senkas.com Version : 2.0 Tested on : Windows XP SP2 Eng, Windows Server 2003 Eng, Win 7 SP1 Eng import socket, sys he...

WordPress Plugin DZS-VideoGallery - Cross-Site Scripting Command Injection

WordPress Plugin DZS-VideoGallery - Cross-Site Scripting Command Injection source: https://www.securityfocus.com/bid/68525/info WordPress DZS-VideoGallery plugin is prone to multiple cross site scripting vulnerabilities and a command-injection vulnerability. An attacker may leverage these issues ...

OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation

OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation OpenVPN Private Tunnel Core Service Unquoted Service Path Elevation Of Privilege Vendor: OpenVPN Technologies, Inc Product web page: http://www.openvpn.net Affected version: 2.1.28.0 PrivateTunnel 2.3.8 Summary:...

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

Infoblox 6.8.2.11 - OS Command Injection

Infoblox 6.8.2.11 - OS Command Injection Product: Network Automation, licensed as: • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: Infoblox Vulnerable Versions: 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Vendor Patc...

OpenVAS Manager 4.0 - Authentication Bypass

OpenVAS Manager 4.0 - Authentication Bypass !/usr/bin/python Exploit Title: OpenVAS Manager 4.0 Authentication Bypass Vulnerability PoC Date: 09/07/2014 Exploit Author: EccE Vendor Homepage: http://www.openvas.org/ Software Link: http://wald.intevation.org/frs/?groupid=29 Version: OpenVAS Manager...

C99Shell (Web Shell) - c99.php Authentication Bypass

C99Shell Web Shell - c99.php Authentication Bypass Exploit Title: C99 Shell Authentication Bypass via Backdoor Google Dork: inurl:c99.php Date: June 23, 2014 Exploit Author: mandatory Matthew Bryant Vendor Homepage: http://ccteam.ru/ Software Link: https://www.google.com/ Version: ", " ",...

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities source: https://www.securityfocus.com/bid/68519/info WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, acces...

WordPress Plugin BSK PDF Manager - wp-adminadmin.php Multiple SQL Injections

WordPress Plugin BSK PDF Manager - wp-adminadmin.php Multiple SQL Injections source: https://www.securityfocus.com/bid/68488/info BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these...

Microsoft Internet Explorer 910 - CFormElement Use-After-Free Memory Corruption (PoC) (MS14-035)

Microsoft Internet Explorer 910 - CFormElement Use-After-Free Memory Corruption PoC MS14-035 loaded = false ; function func if loaded document.body.innerHTML = "" ; // free CFormElement input1 = document.getElementById"input1" ; input1.onclick = func ; loaded = true ; input1.click; // Call DoClic...

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was...

Photo Org WonderApplications 8.3 iOS - Local File Inclusion

Photo Org WonderApplications 8.3 iOS - Local File Inclusion Document Title: =============== Photo Org WonderApplications v8.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1277 Release Date: ============= 2014-07-04...

xClassified - ads.php SQL Injection

xClassified - ads.php SQL Injection source: https://www.securityfocus.com/bid/68438/info xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

AtomCMS - SQL Injection Arbitrary File Upload

AtomCMS - SQL Injection Arbitrary File Upload source: https://www.securityfocus.com/bid/68437/info AtomCMS is prone to an SQL-injection vulnerability and an arbitrary file-upload vulnerability. Exploiting these issues could allow an attacker to upload arbitrary files, compromise the application,...

NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)

NETGEAR WNR1000v3 - Password Recovery Credential Disclosure Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit Title: Netgear WNR1000v3 Password Recovery Credential Disclosure Vulnerability Date: 7-5-14...

Frog CMS 0.9.5 - Arbitrary File Upload

Frog CMS 0.9.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the C...

Ubisoft Uplay 4.6 - Insecure File Permissions Privilege Escalation

Ubisoft Uplay 4.6 - Insecure File Permissions Privilege Escalation Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation Vendor: Ubisoft Entertainment S.A. Product web page: http://www.ubi.com Affected version: 4.6.3208 PC 4.5.2.3010 PC Summary: Uplay is a digital distribution,...

Zurmo CRM - Persistent Cross-Site Scripting

Zurmo CRM - Persistent Cross-Site Scripting Affected software: Zurmo CRM Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. Type of vulnerability: XSS Stored UR...

Kerio Control 8.3.1 - Blind SQL Injection

Kerio Control 8.3.1 - Blind SQL Injection Document Title: ====================== Kerio Control = 8.3.1 Boolean-based blind SQL Injection Primary Informations: ====================== Product Name: Kerio Control Software Description: Kerio Control brings together multiple capabilities including a...

Baidu Spark Browser 26.5.9999.3511 - Remote Stack Overflow (Denial of Service)

Baidu Spark Browser 26.5.9999.3511 - Remote Stack Overflow Denial of Service !-- Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability DoS Vendor: Baidu, Inc. Product web page: http://www.baidu.com Affected version: 26.5.9999.3511 Summary: Spark Browser is a free Internet browse...

Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure

Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP + EMET 4.1.x Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var...

IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities

IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICO...

Gitlist 0.4.0 - Remote Code Execution

Gitlist 0.4.0 - Remote Code Execution from commands import getoutput import urllib import sys """ Exploit Title: Gitlist 2: path = sys.argv2 print '! Using cache location %s' % path payload payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo=" sploit; python requests does not like this URL, hence wget...

Chkrootkit 0.49 - Local Privilege Escalation

Chkrootkit 0.49 - Local Privilege Escalation We just found a serious vulnerability in the chkrootkit package, which may allow local attackers to gain root access to a box in certain configurations /tmp not mounted noexec. The vulnerability is located in the function slapper in the shellscript...

Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition

Nagios Plugins checkdhcp 2.0.2 - Arbitrary Option File Read Race Condition ============================================= - Release date: 28.06.2014 - Discovered by: Dawid Golunski - Severity: Moderate ============================================= I. VULNERABILITY ------------------------- checkdh...

Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities

Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities Document Title: ============ Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Release Date: =========== June 21, 2014 Product & Service Introduction: ======================== Mailspect is the email security and archiving brand...

Endeca Latitude 2.2.2 - Cross-Site Request Forgery

Endeca Latitude 2.2.2 - Cross-Site Request Forgery Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the...

WordPress Plugin Simple Share Buttons Adder 4.4 - Multiple Vulnerabilities

WordPress Plugin Simple Share Buttons Adder 4.4 - Multiple Vulnerabilities Details ================ Software: Simple Share Buttons Adder Version: 4.4 Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/ Advisory report:...

Python CGIHTTPServer - Encoded Directory Traversal

Python CGIHTTPServer - Encoded Directory Traversal Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute...

Thomson TWG87OUIR - POST Password Cross-Site Request Forgery

Thomson TWG87OUIR - POST Password Cross-Site Request Forgery Author: nopesled Date: 24/06/14 Vulnerability: POST Password Reset CSRF Tested on: Thomson TWG87OUIR Hardware Version Thomson TWG87OUIR CSRF document.exploit.submit;...

Lunar CMS 3.3 - Remote Command Execution

Lunar CMS 3.3 - Remote Command Execution !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written...

Multiple WordPress Plugins (TimThumb 2.8.13 WordThumb 1.07) - WebShot Remote Code Execution

Multiple WordPress Plugins TimThumb 2.8.13 WordThumb 1.07 - WebShot Remote Code Execution | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress...