41207 matches found
ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities
ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities Document Title: =============== ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1230 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID...
InterWorx Control Panel 5.0.13 build 574 - xhr.php?i SQL Injection
InterWorx Control Panel 5.0.13 build 574 - xhr.php?i SQL Injection ================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89...
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...
OpenCart 1.5.6.1 - openbay Multiple SQL Injections
OpenCart 1.5.6.1 - openbay Multiple SQL Injections Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on man...
Apache CouchDB 1.5.0 - uuids Denial of Service
Apache CouchDB 1.5.0 - uuids Denial of Service Exploit Title: Couchdb uuids DOS exploit Google Dork inurl: uuids Date: 03/24/2014 Exploit Author: KrustyHack Vendor Homepage: http://couchdb.apache.org/ Software Link: http://couchdb.apache.org/ Version: up to 1.5.0 Tested on: Linux Couchdb up to...
IBM Tealeaf CX 8.8 - Remote OS Command Injection
IBM Tealeaf CX 8.8 - Remote OS Command Injection IBM Tealeaf CX v8 release 8 Remote OS Command Injection Date: 11/08/2013 Exploit author: drone More information: http://www-01.ibm.com/support/docview.wss?uid=swg21667630 Vendor homepage: http://www-01.ibm.com/software/info/tealeaf/ Version: Versio...
Beheer Systeem - pbs.cgi Remote Command Execution
Beheer Systeem - pbs.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66489/info Beheer Systeem is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execut...
DotItYourself - dot-it-yourself.cgi Remote Command Execution
DotItYourself - dot-it-yourself.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66487/info DotItYourself is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue...
VirusChaser 8.0 - Stack Buffer Overflow
VirusChaser 8.0 - Stack Buffer Overflow Exploit Title: VirusChaser 8.0 - Stack Buffer Overflow Date: 2014/03/26 Exploit Author: wh1ant Vendor Homepage: https://www.viruschaser.com/ Software Link: https://www.viruschaser.com/download/VC80b32Setup.zip Version: 8.0 Tested on: Windows 7 ultimate K Yo...
Kemana Directory 1.5.6 - task.php Local File Inclusion
Kemana Directory 1.5.6 - task.php Local File Inclusion Kemana Directory 1.5.6 run param Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with Kemana. Create your own Yahoo or...
qEngine 4.1.66.0.0 - task.php Local File Inclusion
qEngine 4.1.66.0.0 - task.php Local File Inclusion source: https://www.securityfocus.com/bid/66401/info qEngine is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input before being used to include files. An attacker can exploit this issue using...
Haihaisoft HUPlayer 1.0.4.8 - .m3u .pls .asx Buffer Overflow (SEH)
Haihaisoft HUPlayer 1.0.4.8 - .m3u .pls .asx Buffer Overflow SEH ----------------------------------------------------------------------------- Exploit Title: Haihaisoft HUPlayer 1.0.4.8 - Buffer Overflow SEH Date: Mar 25 2014 Exploit Author: Gabor Seljan Software Link:...
Kemana Directory 1.5.6 - Remote Code Execution
Kemana Directory 1.5.6 - Remote Code Execution Kemana Directory 1.5.6 Remote Code Execution Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique...
Cart Engine 3.0.0 - Remote Code Execution
Cart Engine 3.0.0 - Remote Code Execution Cart Engine 3.0.0 Remote Code Execution Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP &...
Kemana Directory 1.5.6 - Database Backup Disclosure
Kemana Directory 1.5.6 - Database Backup Disclosure $total return; ifempty$starttime $starttime=time; $now = time...
Cart Engine 3.0.0 - task.php Local File Inclusion
Cart Engine 3.0.0 - task.php Local File Inclusion Cart Engine 3.0.0 task.php Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE...
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...
Cart Engine 3.0.0 - Database Backup Disclosure
Cart Engine 3.0.0 - Database Backup Disclosure ?php / Cart Engine 3.0.0 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping...
Haihaisoft Universal Player 1.5.8 - .m3u .pls .asx Buffer Overflow (SEH)
Haihaisoft Universal Player 1.5.8 - .m3u .pls .asx Buffer Overflow SEH ----------------------------------------------------------------------------- Exploit Title: Haihaisoft Universal Player 1.5.8 - Buffer Overflow SEH Date: Mar 25 2014 Exploit Author: Gabor Seljan Software Link:...
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
Kemana Directory 1.5.6 - kemanaadminpasswd Cookie User Password Hash Disclosure Kemana Directory 1.5.6 kemanaadminpasswd Cookie User Password Hash Disclosure Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with...
qEngine CMS 6.0.0 - Multiple Vulnerabilities
qEngine CMS 6.0.0 - Multiple Vulnerabilities $total return; ifempty$starttime $starttime=time; $now = time; $perc=double$done/$total; $b...
Kemana Directory 1.5.6 - qvc_init() Cookie Poisoning CAPTCHA Bypass
Kemana Directory 1.5.6 - qvcinit Cookie Poisoning CAPTCHA Bypass !C:\Perl64\bin\perl.exe Kemana Directory 1.5.6 qvcinit Cookie Poisoning CAPTCHA Bypass Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution...
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption (PoC)
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption PoC !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: Windows Media Player 11.0.5721.5230 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor:...
GOM Media Player (GOMMP) 2.2.56.5183 - Memory Corruption (PoC)
GOM Media Player GOMMP 2.2.56.5183 - Memory Corruption PoC !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: GOMMP 2.2.56.5183 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://player.gomlab.com/eng/ + Friendly Sites:...
GOM Video Converter 1.1.0.60 - .wav Memory Corruption (PoC)
GOM Video Converter 1.1.0.60 - .wav Memory Corruption PoC !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: GOM Video Converter 1.1.0.60 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://converter.gomlab.com/ + Friendly Sites:...
Symphony 2.2.4 - Cross-Site Request Forgery
Symphony 2.2.4 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/66536/info Symphony is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the...
Light Audio Player 1.0.14 - Memory Corruption (PoC)
Light Audio Player 1.0.14 - Memory Corruption PoC !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: Light Audio Player 1.0.14 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor:...
jetVideo 8.1.1 - Basic .wav Local Crash (PoC)
jetVideo 8.1.1 - Basic .wav Local Crash PoC !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: jetVideo 8.1.1 Basic .wav Local Crash PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://www.jetaudio.com/download/jetvideo.html + Friendly Sites:...
BigDump 0.35b - Arbitrary File Upload
BigDump 0.35b - Arbitrary File Upload + Arbitrary Upload on BigDump v0.35b + Date: 23/03/2014 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.ozerov.de/bigdump/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: bigdump.php +...
WordPress Theme Felici - Uploadify.php Arbitrary File Upload
WordPress Theme Felici - Uploadify.php Arbitrary File Upload source: https://www.securityfocus.com/bid/66490/info The Felici theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize...
Immunity Debugger 1.85 - Stack Overflow (PoC)
Immunity Debugger 1.85 - Stack Overflow PoC / Filename : CrashPOC.cpp Exploit Title: title Date: 20 March 2014 Exploit Author: Veysel HATAS [email protected] - Web Page : www.binarysniper.net Vendor Homepage: https://www.immunityinc.com/ Software Link:...
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
LifeSize UVC 1.2.6 - Authenticated Remote Code Execution LifeSize UVC 1.2.6 authenticated vulnerabilities RCE as www-data: POST /server-admin/operations/diagnose/ping/ HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
innoEDIT - innoedit.cgi Remote Command Execution
innoEDIT - innoedit.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66367/info innoEDIT is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute...
OXID eShop 4.7.115.0.11 4.8.45.1.4 - Multiple Vulnerabilities
OXID eShop 4.7.115.0.11 4.8.45.1.4 - Multiple Vulnerabilities Exploit Title: OXID eShop v4.7.11/5.0.11 + v4.8.4/5.1.4 Multiple Vulnerabilities Google Dork: - Date: 12/2013 Exploit Author: //sToRm Author mail: [email protected] Vendor Homepage: http://www.oxid-esales.com Software Link: -...
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities Document Title: =============== Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1229 Release Date: ============= 2014-03-19 Vulnerability...
Kaspersky Internet Security - Remote Denial of Service
Kaspersky Internet Security - Remote Denial of Service source: https://www.securityfocus.com/bid/66343/info Kaspersky Internet Security is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to exhaust available CPU and memory resources and make the affected...
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery Exploit Title: Dlink DIR-600L Hardware Version AX Firmware Version 1.00 CSRF Vulnerability Google Dork: N/A Date: 20/03/2014 Exploit Author: Dhruv Shah Vendor Homepage:...
Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key
Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.o...
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
McAfee Asset Manager 6.6 - Multiple Vulnerabilities Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated...
SePortal 2.5 - SQL Injection (2)
SePortal 2.5 - SQL Injection 2 Exploit: SePortal 2.5 Sql Injection Vulnerabilty Author: jsass Date : 19\03\2014 Contact Twitter: @Kwsecurity Script: http://www.seportal.org/ version: 2.5 Tested on: Linux Ubuntu 12.4 & Windows 7 Dork : "Powered by SePortal 2.5" // Searching And Analysis By Kuwaity...
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances ------------------------- Affected vendors:...
BigACE 2.7.5 - LANGUAGE Directory Traversal
BigACE 2.7.5 - LANGUAGE Directory Traversal source: https://www.securityfocus.com/bid/66350/info BIGACE Web CMS is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these...
Quantum DXi V1000 2.2.1 - Static SSH Key
Quantum DXi V1000 2.2.1 - Static SSH Key ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Quantum DXi V1000 2.2.1 and below ------------------------- Affected vendors: ------------------------- Quantum http://quantum.com/...
GNUBoard 4.3x - ajax.autosave.php Multiple SQL Injections
GNUBoard 4.3x - ajax.autosave.php Multiple SQL Injections source: https://www.securityfocus.com/bid/66228/info GNUboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the...
Quantum vmPRO 3.1.2 - Local Privilege Escalation
Quantum vmPRO 3.1.2 - Local Privilege Escalation ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Quantum vmPRO 3.1.2 and below ------------------------- Affected vendors: ------------------------- Quantum http://quantum.com/...
MP3Info 0.8.5a - Local Buffer Overflow (SEH)
MP3Info 0.8.5a - Local Buffer Overflow SEH Exploit Title: mp3info SEH exploit Date: 18 March 2014 Exploit Author: Ayman Sagy Vendor Homepage: http://ibiblio.org/mp3info/ Software Link: https://www.exploit-db.com/apps/cb7b619a10a40aaac2113b87bb2b2ea2-mp3info-0.8.5a.tgz Version: MP3Info 0.8.5 Teste...
Gold MP4 Player 3.3 - Universal (SEH) (Metasploit)
Gold MP4 Player 3.3 - Universal SEH Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
iOS 7 - Kernel Mode Memory Corruption
iOS 7 - Kernel Mode Memory Corruption ...................................... Vulnerability Summary ...................................... Title iOS 7 arbitrary code execution in kernel mode Release Date 14 March 2014 Reference NGS00596 Discoverer Andy Davis Vendor Apple Vendor Reference 600217059...
OpenSupports 2.0 - Blind SQL Injection
OpenSupports 2.0 - Blind SQL Injection Open Support Blind SQL Injection v2.0 Vulnerability =================================================== Author indoushka ================= vendor :http://www.opensupports.com/files/Opensupportsv2EN.rar ================= Dork : Power by OpenSupports © 2009 -...
osCMax 2.5 - Cross-Site Request Forgery
osCMax 2.5 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions...