McAfee ePolicy Orchestrator 4.6.0 4.6.5 - ePowner Multiple Vulnerabilities

McAfee ePolicy Orchestrator 4.6.0 4.6.5 - ePowner Multiple Vulnerabilities Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 ePowner - Multiple vulnerabilities Date: 20 November 2012 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage:...

Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)

Symantec Endpoint Protection Manager 12.1.x - Overflow SEH PoC Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/33056-sepm-secars-poc-v0.3.tar.gz !/usr/bin/perl -w Exploit Title: Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC...

ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities

ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities ----------exploit Debut Multiple Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com ----------Script Info Site : http://www.apphp.com Download : http://www.apphp.com/downloadsfree/phpmicroblog101.zip ----------exploit Info RCE...

Kolibri Web Server 2.0 - GET Stack Buffer Overflow

Kolibri Web Server 2.0 - GET Stack Buffer Overflow !/usr/bin/python Exploit Title: Kolibri GET request Stack buffer Overflow Date: 25 April 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Vendor Homepage: http://www.senkas.com/kolibri/download.php Version: Kolibri 2.0...

cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial of Service)

cFos Personal Net 3.09 - Remote Heap Memory Corruption Denial of Service cFos Personal Net v3.09 Remote Heap Memory Corruption Denial of Service Vendor: cFos Software GmbH Product web page: https://www.cfos.de Affected version: 3.09 Summary: cFos Personal Net PNet is a full-featured HTTP server...

JRuby Sandbox 0.2.2 - Sandbox Escape

JRuby Sandbox 0.2.2 - Sandbox Escape Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport,...

miSecureMessages 4.0.1 - Session Management Authentication Bypass

miSecureMessages 4.0.1 - Session Management Authentication Bypass Affected Product ================================== miSecureMessages from Amtelco - Tested on version: Client=4.0.1 Server=6.2.4552.30017 iOS: https://itunes.apple.com/us/app/misecuremessages/id423957478?mt=8 android:...

Depot WiFi 1.0.0 iOS - Multiple Vulnerabilities

Depot WiFi 1.0.0 iOS - Multiple Vulnerabilities Document Title: =============== Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1259 Release Date: ============= 2014-04-23 Vulnerability Laboratory ID...

Bonefire 0.7.1 - Reinstall Admin Account

Bonefire 0.7.1 - Reinstall Admin Account !/usr/bin/env python coding: utf-8 Bonefire v.0.7.1 Reinstall Admin Account Exploit Author : Mehmet INCE Analysis write-up : http://www.mehmetince.net/ci-bonefire-reinstall-admin-account-vulnerability-analysis-exploit/ Description : Forgotten controls lead...

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (2) (DTLS Support)

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 2 DTLS Support / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leake...

WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion

WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance AVA vulnerable version: All Arkeia...

WordPress Plugin Work-The-Flow 1.2.1 - Arbitrary File Upload

WordPress Plugin Work-The-Flow 1.2.1 - Arbitrary File Upload Author: nopesled Date: 24/04/14 Software: https://wordpress.org/plugins/work-the-flow-file-upload/ Company: http://wtf-fu.com/ Version: 1.2.1 Tested on: Windows 7 Vulnerability: Unrestricted File Upload Submit an image file via the wtf...

Acunetix 8 build 20120704 - Remote Stack Overflow

Acunetix 8 build 20120704 - Remote Stack Overflow !/usr/bin/python Title: Acunetix Web Vulnerability Scanner Buffer Overflow Exploit Version: 8 Build: 20120704 Tested on: Windows XP SP2 en Vendor: http://www.acunetix.com/ Original Advisory:...

Alienvault 4.3.1 - SQL Injection Cross-Site Scripting

Alienvault 4.3.1 - SQL Injection Cross-Site Scripting AlienVault 4.3.1 Unauthenticated SQL Injection Vulnerability Type: SQL Injection Reporter: Sasha Zivojinovic Company: Gotham Digital Science Affected Software: AlienVault 4.3.1 Severity: Critical...

dompdf 0.6.0 - dompdf.php?read Arbitrary File Read

dompdf 0.6.0 - dompdf.php?read Arbitrary File Read Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is...

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV0; Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL Google Dork: n/a Date: 4/22/14 Exploit Author:...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

Sixnet Sixview 2.4.1 - Web Console Directory Traversal Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview w...

iDevAffiliate - idevads.php SQL Injection

iDevAffiliate - idevads.php SQL Injection source: https://www.securityfocus.com/bid/67031/info iDevAffiliate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

kitForm CRM Extension 0.43 - sorter.ph?sorter_value SQL Injection

kitForm CRM Extension 0.43 - sorter.ph?sortervalue SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. SQLi = "or 1=1...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key

No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit...

Apple Mac OSX - Local Security Bypass

Apple Mac OSX - Local Security Bypass // source: https://www.securityfocus.com/bid/67023/info Apple Mac OS X is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple Mac OS X 10.9.2 is...

COMTREND CT-5361T Router - Password.cgi Cross-Site Request Forgery (Admin Password Manipulation)

COMTREND CT-5361T Router - Password.cgi Cross-Site Request Forgery Admin Password Manipulation source: https://www.securityfocus.com/bid/67033/info Comtrend CT-5361T ADSL Router is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker can exploi...

Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery

Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A...

PTCeffect 4.6 - Local File Inclusion SQL Injection

PTCeffect 4.6 - Local File Inclusion SQL Injection Exploit Title: PTCeffect LFI & SQL Injection Vulnerabilities Google Dork: find it : Date: 2014-04-19 Exploit Author: Walidz Software Link: http://www.ptceffect.com/ Version: 4.6 Tested on: windows,linux,mac os CVE : N/A The LFI vulnerability is i...

Linux Kernel - group_info refcounter Overflow Memory Corruption

Linux Kernel - groupinfo refcounter Overflow Memory Corruption / DoS poc for CVE-2014-2851 Linux groupinfo refcounter overflow memory corruption https://lkml.org/lkml/2014/4/10/736 @Tohmaxx - http://thomaspollet.blogspot.be If the app doesn't crash your system, try a different count argv1 Executi...

CMSimple 4.44.4.2 - Remote File Inclusion

CMSimple 4.44.4.2 - Remote File Inclusion ============================================================================================================= o CMSimple - Open Source CMS with no database = Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Versio...

Sercomm TCP32674 - Backdoor Reactivation

Sercomm TCP32674 - Backdoor Reactivation / PoC to reactivate Sercomm TCP/32674 backdoor See http://www.synacktiv.com/ressources/TCP32764backdooragain.pdf Eloi Vanderbeken - Synacktiv THIS SOFTWARE IS PROVIDED BY SYNACKTIV ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED...

NRPE 2.15 - Remote Command Execution

NRPE 2.15 - Remote Command Execution ============================================= - Release date: 17.04.2014 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- NRPE - Nagios Remote Plugin Executor = 2.15 Remot...

SAP Router - Timing Attack Password Disclosure

SAP Router - Timing Attack Password Disclosure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

Jzip - Buffer Overflow (PoC) (SEH Unicode)

Jzip - Buffer Overflow PoC SEH Unicode !/usr/bin/python Exploit title: seh unicode buffer overflow DOS Date: 16/04/2014 Exploit Author: motaz reda motazkhodairatgmail.com Software Link : http://www.jzip.com/ Version: jZip v2.0.0.132900 Tested On: Windows 7 ultimate import sys, os filename =...

NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities

NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities Title: Multiple vulnerabilities in NETGEAR N600 WIRELESS DUAL BAND WNDR3400 ==================================================================================== Notification Date: 4/14/2014 Affected Vendor: NETGEAR N600 WIRELESS...

lxml - clean_html Security Bypass

lxml - cleanhtml Security Bypass source: https://www.securityfocus.com/bid/67159/info lxml is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to lxml 3.3...

Xerox DocuShare - SQL Injection

Xerox DocuShare - SQL Injection The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution

Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution ------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April...

Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit)

Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution Metasploit Unitrends Enterprise Backup 7.3.0 Multiple vulnerabilities exist within this piece of software. The largest one is likely the fact that the ‘auth’ string used for authorization isn’t random at all. After authentication, any...

Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)

Microsoft Internet Explorer 10 - CMarkup Use-After-Free MS14-012 mxmlc.exe AsXploit.as -o AsXploit.swf Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/32851-AsXploit.as -- var garr = ; var arrLen = 0x250; function dword2datadword var d =...

Xangati - servletInstaller?file Directory Traversal

Xangati - servletInstaller?file Directory Traversal source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to access or...

WordPress Theme LineNity 1.20 - Local File Inclusion

WordPress Theme LineNity 1.20 - Local File Inclusion + Local File Inclusion in WordPress Theme LineNity + Date: 13/04/2014 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://themeforest.net/item/linenity-clean-responsive-wordpress-magazine/4417803 + Contact:...

Xangati XSR XNR - gui_input_test.pl Remote Command Execution

Xangati XSR XNR - guiinputtest.pl Remote Command Execution source: https://www.securityfocus.com/bid/66819/info Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...

Xangati - servletMGConfigData Multiple Directory Traversals

Xangati - servletMGConfigData Multiple Directory Traversals source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to...

Sagem Fast 3304-V2 - Authentication Bypass (1)

Sagem Fast 3304-V2 - Authentication Bypass 1 Title : Sagem F@st 3304-V2 Authentication Bypass Vendor : http://www.sagemcom.com Severity : High Tested on : Firefox, Google Chrome, Internet Explorer Tested Router : Sagem F@st 3304-V2 3304, 3464, 3504 may also be affected Date : 2014-09-04 Author :...

Jigowatt PHP Event Calendar - day_view.php SQL Injection

Jigowatt PHP Event Calendar - dayview.php SQL Injection source: https://www.securityfocus.com/bid/66923/info Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit ma...

PDF Album 1.7 iOS - Local File Inclusion

PDF Album 1.7 iOS - Local File Inclusion Document Title: =============== PDF Album v1.7 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1255 Release Date: ============= 2014-04-11 Vulnerability Laboratory ID VL-ID:...

WordPress Plugin Quick PagePost Redirect 5.0.3 - Multiple Vulnerabilities

WordPress Plugin Quick PagePost Redirect 5.0.3 - Multiple Vulnerabilities Details ================ Software: Quick Page/Post Redirect Plugin Version: 5.0.3 Homepage: http://wordpress.org/plugins/quick-pagepost-redirect-plugin/ Advisory ID: dxw-1970-1091 CVE: CVE-2014-2598 CVSS: 6.8 Medium;...

WhatsApp 2.11.7 - Remote Crash

WhatsApp 2.11.7 - Remote Crash !/usr/bin/python -- coding: utf-8 - Title: WhatsApp Remote Crash on non-printable characters Product: WhatsApp Vendor Homepage: http://www.whatsapp.com Vulnerable Versions: 2.11.7 and prior on iOS Tested on: WhatsApp v2.11.7 on iPhone 5 running iOS 7.0.4 Solution...

WordPress Plugin Twitget 3.3.1 - Multiple Vulnerabilities

WordPress Plugin Twitget 3.3.1 - Multiple Vulnerabilities Details ================ Software: Twitget Version: 3.3.1 Homepage: http://wordpress.org/plugins/twitget/ Advisory ID: dxw-1970-435 CVE: CVE-2014-2559 CVSS: 6.4 Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N Description ================ CSRF/XSS...

Microweber CMS 0.93 - Cross-Site Request Forgery

Microweber CMS 0.93 - Cross-Site Request Forgery Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where...

CubeCart 5.2.8 - Session Fixation

CubeCart 5.2.8 - Session Fixation Exploit Title: CubeCart 5.2.8 Session Fixation Exploit Author: James Sibley absane Blog: http://www.pentester.co Download link: http://www.cubecart.com/download/5.2.8/zip Discovery date: March 14th, 2014 Vendor notified: March 15th, 2014 Vendor fixed: April 10th,...

ICOMM 610 Wireless Modem - Cross-Site Request Forgery

ICOMM 610 Wireless Modem - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/66593/info ICOMM 610 is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks...

Sendy 1.1.9.1 - SQL Injection

Sendy 1.1.9.1 - SQL Injection Exploit Title: Sendy 1.1.9.1 - SQL Injection Vulnerability Date: 2014-04-10 Exploit Author: marduk369 Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.9.1 root@kali: sqlmap -u 'http://server1/send-to?i=1&c=10' --cookie="version=1.1.9.1;...