41207 matches found
Huawei E303 Router - Cross-Site Request Forgery
Huawei E303 Router - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67747/info Huawei E303 Router is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further...
Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero
Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero var a = new WeakMap; a.pushnew WeakMap; a1.seta0, a1; a0.deletea0; ,1::TryGetValueAndRemove+0x1f: 668756f0 f736 div eax,dword ptr esi ds:002b:04598cc8=00000000 --...
TORQUE Resource Manager 2.5.x 2.5.13 - Stack Buffer Overflow Stub
TORQUE Resource Manager 2.5.x 2.5.13 - Stack Buffer Overflow Stub !/usr/bin/env python Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub Date: 27 May 2014 Exploit Author: bwall - @botnethunter Vulnerability discovered by: MWR Labs CVE: CVE-2014-0749 Vendor...
WordPress Plugin HDW Player - wp-adminadmin.php SQL Injection
WordPress Plugin HDW Player - wp-adminadmin.php SQL Injection source: https://www.securityfocus.com/bid/69105/info The WordPress HDW Player plugin Video Player & Video Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it i...
Sharetronix 3.3 - Multiple Vulnerabilities
Sharetronix 3.3 - Multiple Vulnerabilities Advisory ID: HTB23214 Product: Sharetronix Vendor: Blogtronix, LLC Vulnerable Versions: 3.3 and probably prior Tested Version: 3.3 Advisory Publication: May 7, 2014 without technical details Vendor Notification: May 7, 2014 Vendor Patch: May 27, 2014...
webEdition CMS - we_fs.php SQL Injection
webEdition CMS - wefs.php SQL Injection source: https://www.securityfocus.com/bid/67689/info webEdition CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit will allow an attacker to compromise the application,...
WordPress Plugin ENL NewsLetter - wp-adminadmin.php SQL Injection
WordPress Plugin ENL NewsLetter - wp-adminadmin.php SQL Injection source: https://www.securityfocus.com/bid/68558/info ENL Newsletter plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue t...
Wireshark CAPWAP Dissector - Denial of Service (Metasploit)
Wireshark CAPWAP Dissector - Denial of Service Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wireshark CAPWAP Dissector DoS', 'Description' = %q This module inject a...
WordPress Plugin WP Rss Poster - wp-adminadmin.php SQL Injection
WordPress Plugin WP Rss Poster - wp-adminadmin.php SQL Injection source: https://www.securityfocus.com/bid/68557/info WP Rss Poster plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to...
WordPress Plugin Tera Charts (tera-charts) - chartszoomabletreemap.php?fn Directory Traversal
WordPress Plugin Tera Charts tera-charts - chartszoomabletreemap.php?fn Directory Traversal source: https://www.securityfocus.com/bid/68662/info Tera Charts plugin for WordPress is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An...
WordPress Plugin BookX 1.7 - bookx_export.php Local File Inclusion
WordPress Plugin BookX 1.7 - bookxexport.php Local File Inclusion source: https://www.securityfocus.com/bid/68556/info BookX plugin for WordPress is prone to a local file-include vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this vulnerability ...
WordPress Plugin Tera Charts (tera-charts) - chartstreemap.php?fn Directory Traversal
WordPress Plugin Tera Charts tera-charts - chartstreemap.php?fn Directory Traversal source: https://www.securityfocus.com/bid/68662/info Tera Charts plugin for WordPress is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...
AuraCMS 3.0 - Multiple Vulnerabilities
AuraCMS 3.0 - Multiple Vulnerabilities Exploit Title: AuraCMS 3.0 Multiple Vulnerabilities Date: 05/28/2014 Author: Mustafa ALTINKAYNAK Download URL :http://auracms.org/ Software Link: http://codeload.github.com/auracms/AuraCMS/zip/master Vuln Category: CWE-79 XSS - CWE-98 LFI Tested on: AuraCMS...
Linux Kernel 3.3.5 - driversmediamedia-device.c Local Information Disclosure
Linux Kernel 3.3.5 - driversmediamedia-device.c Local Information Disclosure / source: https://www.securityfocus.com/bid/68048/info The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to cause a memory leak to obtain sensitive...
Easy File Sharing FTP Server 3.5 - Remote Stack Buffer Overflow
Easy File Sharing FTP Server 3.5 - Remote Stack Buffer Overflow !/usr/bin/env python Exploit Title: Easy File Sharing FTP Server 3.5 stack buffer overflow Date: 27 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vulnerability discovered by: h07 CVE: CVE-2006-3952 OSVDB: 27646...
Castor Library - XML External Entity Information Disclosure
Castor Library - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/67676/info Castor Library is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Caster...
Videos Tube 1.0 - Multiple SQL Injections
Videos Tube 1.0 - Multiple SQL Injections Exploit Title: Videos Tube SQL Injection and Remote Code Execution Google Dork: inurl:"single.php?url=" video Date: 05.05.2014 Exploit Author: Mustafa ALTINKAYNAK Vendor Homepage: http://www.phpscriptlerim.com Software Link:...
ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery
ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery Exploit Title: Zyxel P-660HW-T1 v3 Wireless Router - CSRF Vulnerabilities Date: 05/22/2014 Author: Mustafa ALTINKAYNAK Vendor Homepage:http://www.zyxel.com/tr/tr/productsservices/p660hwseries.shtml?t=p Category: Hardware/Wireless...
D-Link Routers - Multiple Vulnerabilities
D-Link Routers - Multiple Vulnerabilities The following five D-Link model routers suffer from several vulnerabilities including Clear Text Storage of Passwords, Cross Site Scripting and Sensitive Information Disclosure. DIR-652 D-Link Wireless N Gigabit Home Router DIR-835 D-Link Network DIR-835L...
Linux Kernel 3.14-rc1 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
Linux Kernel 3.14-rc1 3.15-rc4 x64 - Raw Mode PTY Echo Race Condition Privilege Escalation / CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving symbols + Resolved commitcreds: 0xffffffff81056694 + Resolved preparekernelcred...
InfraRecorder - .m3u File Buffer Overflow (PoC)
InfraRecorder - .m3u File Buffer Overflow PoC source: https://www.securityfocus.com/bid/67076/info InfraRecorder is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote...
User Cake - Cross-Site Request Forgery
User Cake - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67604/info User Cake is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. An attacker can exploit this issue to perform unauthorized actions in the context of a...
dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals
dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals source: https://www.securityfocus.com/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will...
Web Terra 1.1 - books.cgi Remote Command Execution
Web Terra 1.1 - books.cgi Remote Command Execution + Remote Comand Execution on books.cgi Web Terra v. 1.1 + Date: 21/05/2014 + CWE number: CWE-78 + Risk: High + Author: Felipe Andrian Peixoto + Contact: [email protected] + Tested on: Windows 7 and Linux + Vendor Homepage:...
Core FTP Server 1.2 build 535 (32-bi)t - Crash (PoC)
Core FTP Server 1.2 build 535 32-bit - Crash PoC !/usr/bin/python import socket,sys,time def Usage: print "Core FTP Server Version 1.2, build 535, 32-bit - Crash P.O.C." print "Usage: ./coreftpdos.py " print "Ex: ./coreftpdos.py 192.168.10.10 21 ftp ftp\n" if lensys.argv 5: Usage sys.exit1 else:...
PHP-Nuke Submit_News Component - SQL Injection
PHP-Nuke SubmitNews Component - SQL Injection source: https://www.securityfocus.com/bid/67656/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the...
Mayan-EDms Web-Based Document Management OS System - Multiple Persistent Cross-Site Scripting Vulnerabilities
Mayan-EDms Web-Based Document Management OS System - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Stored XSS Software: Maya EDMS Software Link: http://www.mayan-edms.com/downloads/Mayan%20EDMS%20v0.13.ova Version: 0.13 - latest Author: Dolev Farhi, email:...
Pyplate - addScript.py Cross-Site Request Forgery
Pyplate - addScript.py Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67610/info Pyplate is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Pypla...
Microsoft Windows - Touch Injection API Local Denial of Service
Microsoft Windows - Touch Injection API Local Denial of Service // source: https://www.securityfocus.com/bid/67742/info Microsoft Windows is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to crash the affected computer, denying service to legitimate user...
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities Date: 05/20/2014 Author: Samandeep Singh - SaMaN @samanL33T Vendor...
Easy Address Book Web Server 1.6 - Remote Stack Buffer Overflow
Easy Address Book Web Server 1.6 - Remote Stack Buffer Overflow !/usr/bin/env python Exploit Title: Easy Address Book Web Server 1.6 stack buffer overflow Date: 19 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.efssoft.com/web-address-book-server.ht...
Easy File Management Web Server 5.3 - Remote Stack Buffer Overflow
Easy File Management Web Server 5.3 - Remote Stack Buffer Overflow !/usr/bin/env python Exploit Title: Easy File Management Web Server 5.3 stack buffer overflow Date: 19 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.efssoft.com Software Link:...
WordPress Plugin Booking System (Booking Calendar) - booking_form_id SQL Injection
WordPress Plugin Booking System Booking Calendar - bookingformid SQL Injection source: https://www.securityfocus.com/bid/67535/info Search Everything plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issu...
Apache mod_wsgi - Information Disclosure
Apache modwsgi - Information Disclosure source: https://www.securityfocus.com/bid/67534/info modwsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. import functools import...
Clipperz Password Manager - backendPHPsrcsetuprpc.php Remote Code Execution
Clipperz Password Manager - backendPHPsrcsetuprpc.php Remote Code Execution source: https://www.securityfocus.com/bid/67498/info Clipperz Password Manager is prone to remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected...
SafeNet Sentinel Protection Server 7.0 7.4 Sentinel Keys Server 1.0.3 1.0.4 - Directory Traversal
SafeNet Sentinel Protection Server 7.0 7.4 Sentinel Keys Server 1.0.3 1.0.4 - Directory Traversal !/usr/bin/python Exploit Title: SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 Directory Traversal Date: 04/28/2014 Exploit Author: Matt Schmidt Syph0n Vendor...
XOOPS Glossaire Module - modulesglossaireglossaire-aff.php SQL Injection
XOOPS Glossaire Module - modulesglossaireglossaire-aff.php SQL Injection source: https://www.securityfocus.com/bid/67460/info Glossaire module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An...
WordPress Plugin NextGEN Gallery 1.9.1 - photocrati_ajax Arbitrary File Upload
WordPress Plugin NextGEN Gallery 1.9.1 - photocratiajax Arbitrary File Upload source: https://www.securityfocus.com/bid/68414/info The NextGEN Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitra...
SPIP CMS 2.0.23 2.1.223.0.9 - Privilege Escalation
SPIP CMS 2.0.23 2.1.223.0.9 - Privilege Escalation !/usr/bin/env python Exploit Title: SPIP - CMS " exit baseurl = sys.argv1 login =...
Softmatica SMART iPBX - Multiple SQL Injections
Softmatica SMART iPBX - Multiple SQL Injections source: https://www.securityfocus.com/bid/67465/info SMART iPBX is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
Wiser Backup - Information Disclosure
Wiser Backup - Information Disclosure source: https://www.securityfocus.com/bid/67481/info Wiser is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download backup files that contain sensitive...
AoA Audio Extractor Basic 2.3.7 - ActiveX
AoA Audio Extractor Basic 2.3.7 - ActiveX nse="\xEB\x06\xff\xff"; seh="\x58\xE4\x04\x10"; nops="\x90"; while nops.length10 nops+="\x90"; shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+ "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+...
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow SEH Unicode !/usr/bin/perl Exploit Title: CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow Discovery date: 11-26-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software/Version:...
HP Release Control - (Authenticated) XML External Entity (Metasploit)
HP Release Control - Authenticated XML External Entity Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This modu...
AoA DVD Creator 2.6.2 - ActiveX
AoA DVD Creator 2.6.2 - ActiveX nseh="\xEB\x06\x90\x90"; seh="\x1f\x5c\x03\x10"; nops="\x90"; while nops.length10 nops+="\x90"; shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+ "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+...
AoA MP4 Converter 4.1.2 - ActiveX
AoA MP4 Converter 4.1.2 - ActiveX nse="\xEB\x06\x90\x90"; seh="\x70\x6b\x04\x10"; nops="\x90"; while nops.length10 nops+="\x90"; shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+ "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+...
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload source: https://www.securityfocus.com/bid/67469/info The cnhk-slideshow plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize...
Mozilla Firefox 29.0 - Null Pointer Dereference
Mozilla Firefox 29.0 - Null Pointer Dereference Mozilla Firefox Null Pointer Dereference Vulnerability Fun side of life! Details: Title: Mozilla Firefox Null Pointer Dereference Vulnerability Version: Prior to 29.0 Date: 4/30/2014 Discovered By: Mr.XHat E-Mail: Mr.XHat AT GMail.com Tested On:...
Intel Indeo - Video Memory Corruption
Intel Indeo - Video Memory Corruption source: https://www.securityfocus.com/bid/67431/info Intel Indeo Video is prone to a memory-corruption vulnerability. Attackers can exploit this issue to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this...
ALLPlayer - .wav File Processing Memory Corruption
ALLPlayer - .wav File Processing Memory Corruption source: https://www.securityfocus.com/bid/67436/info ALLPlayer is prone to a memory-corruption vulnerability. An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this...