41207 matches found
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...
Oracle Demantra 12.2.1 - Database Credentials Disclosure
Oracle Demantra 12.2.1 - Database Credentials Disclosure Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issues...
Webuzo 2.1.3 - Multiple Vulnerabilities
Webuzo 2.1.3 - Multiple Vulnerabilities Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2...
WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities
WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities Advisory ID: HTB23199 Product: VideoWhisper Live Streaming Integration Vendor: VideoWhisper Vulnerable Versions: 4.27.3 and probably prior Tested Version: 4.27.3 Advisory Publication: February 6, 2014 without technical details Vendor...
webERP 4.11.3 - SalesInquiry.php?SortBy SQL Injection
webERP 4.11.3 - SalesInquiry.php?SortBy SQL Injection ============================================================== Title ...| SQL Injection in webERP Version .| 4.11.3 Date ....| 28.02.2014 Found ...| HauntIT Blog Home ....| http://www.weberp.org...
SpagoBI 4.0 - Privilege Escalation
SpagoBI 4.0 - Privilege Escalation 01. Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference:...
PHP Ticket System Beta 1 - get_all_created_by_user.php?id SQL Injection
PHP Ticket System Beta 1 - getallcreatedbyuser.php?id SQL Injection ============================================================== Title ...| PHP Ticket System SQL Injection Version .| BETA1.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....|...
PHP-CMDB 0.7.3 - Multiple Vulnerabilities
PHP-CMDB 0.7.3 - Multiple Vulnerabilities ============================================================== Title ...| Multiple vulnerabilities in PHP-CMDB Version .| php-cmdb0.7.3 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| ==============================================================...
Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities
Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass SSRF and local file disclosure product: Plex Media Server vulnerable version:...
Gold MP4 Player 3.3 - Local Buffer Overflow (SEH)
Gold MP4 Player 3.3 - Local Buffer Overflow SEH !/usr/bin/python coding: utf-8 Exploit Title: GoldMP4Player Buffer Overflow SEH Software Link: http://download.cnet.com/GoldMP4Player/3000-21394-10967424.html Version: 3.3 Date: 27.02.2014 Tested on: Windows Win 7 En Howto / Notes: open the URL in...
VCDGear 3.50 - .cue Local Stack Buffer Overflow
VCDGear 3.50 - .cue Local Stack Buffer Overflow !/usr/bin/ruby ''' Author: Provensec www.provensec.com Tested on XP SP3 / Windows 7 Description: VCDGEAR 3.50 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied...
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation vulnerability product: MICROSENS Profi Line Modular Industrial Switch Web Manager MS652119P...
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities Document Title: =============== Bluetooth Photo Share Pro v2.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1218 Release Date: ============= 2014-02-27...
GDL 4.2 - Multiple Vulnerabilities
GDL 4.2 - Multiple Vulnerabilities - Title : GDL 4.2 Multiple Vulnerabilities - Down. Script : http://kmrg.itb.ac.id/ - http://kmrg.itb.ac.id/gdl42.zip - Author : ByEge - Home : http://byege.blogspot.com.tr/ - Tested : Apache/2.2.22 Win32 PHP/5.4.3 - Date : 26/02/2014 - Google Dork : "Powered by...
Piwigo 2.6.1 - Cross-Site Request Forgery
Piwigo 2.6.1 - Cross-Site Request Forgery Exploit Title: piwigo 2.6.1 - CSRF Date: 26/02/2014 Exploit Author: [email protected] Vendor Homepage: http://it.piwigo.org/ Software Link: http://it.piwigo.org/basics/downloads Version: 2.6.1 Tested on: Virtualbox debian A CSRF problem is present in the...
POSH 3.1.x - addtoapplication.php SQL Injection
POSH 3.1.x - addtoapplication.php SQL Injection source: https://www.securityfocus.com/bid/65817/info POSH is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application, access o...
Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH)
Gold MP4 Player 3.3 - Buffer Overflow PoC SEH --------------------------------------------------------------------------------- Exploit Title: GoldMP4Player 3.3 - Buffer Overflow PoC SEH Date: Feb 25 2014 Exploit Author: Gabor Seljan Software Link:...
GoAhead Web Server 3.1.x - Denial of Service
GoAhead Web Server 3.1.x - Denial of Service !/usr/bin/python ''' GoAhead Web Server version prior to 3.1.3 is vulnerable to DoS. A fix exists for version 3.2. The Web Server crashes completely once this requests is received. The vulnerability doesn't seem to be exploitable on Linux versions...
Music AlarmClock 2.1.0 - .m3u Crash (PoC)
Music AlarmClock 2.1.0 - .m3u Crash PoC ------------------------------------------------------------------------------------ Exploit Title: Music AlarmClock 2.1.0 .m3u Crash PoC Date: Feb 25 2014 Exploit Author: Gabor Seljan Software Link:...
WiFiles HD 1.3 iOS - Local File Inclusion
WiFiles HD 1.3 iOS - Local File Inclusion Document Title: =============== WiFiles HD v1.3 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1214 Release Date: ============= 2014-02-22 Vulnerability Laboratory ID VL-ID:...
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities Document Title: =============== Private Camera Pro v5.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1216 Release Date: ============= 2014-02-24 Vulnerability...
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow Application:Notepad++ Version:6.5.2 UNICODE Get the application from: http://notepad-plus-plus.org/download/v6.5.2.html Plugin:CCompletion Version: Version 1.19 Unicode Get the plugin from:...
Sendy 1.1.8.4 - SQL Injection
Sendy 1.1.8.4 - SQL Injection Exploit Title: Sendy SqlInject Date: 2014-02-24 Exploit Author: Hurley Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.8.4 Demo page: http://server/app?i=1+union+all+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13,14,15,16,17,18,19,20,21,2...
VideoLAN VLC Media Player 2.1.3 - .avs Crash (PoC)
VideoLAN VLC Media Player 2.1.3 - .avs Crash PoC Exploit Title: VLC 2.1.3 WriteAV Vulnerability, Decoders Date: 2014/02/20 Exploit Author: kw4 Software Link: http://www.videolan.org/vlc/index.html Version: 2.1.3 Impact Med/High Tested on: Windows 7 64 bits Memory corruption when VLC tries to load...
Technicolor TC7200 - Credentials Disclosure
Technicolor TC7200 - Credentials Disclosure Exploit Title: Technicolor TC7200: Authentication Bypass Google Dork: N/A Date: 24-02-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.technicolor.com/ Software Link:...
Ganib Project Management 2.3 - SQL Injection
Ganib Project Management 2.3 - SQL Injection...
Python - socket.recvfrom_into() Remote Buffer Overflow
Python - socket.recvfrominto Remote Buffer Overflow !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-19...
Symantec Endpoint Protection Manager 11.012.012.1 - Remote Command Execution
Symantec Endpoint Protection Manager 11.012.012.1 - Remote Command Execution import argparse import httplib """ Exploit Title: Symantec Endpoint Protection Manager Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-5014, CVE-2013-5015 Date: February 22, 2014 Vendor...
SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write
SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write ''' Title: SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability Date: 2-21-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...
ATutor - Multiple Cross-Site Scripting HTML Injection Vulnerabilities
ATutor - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/65744/info ATutor is prone to multiple cross-site scripting vulnerabilities and a HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to...
WordPress Plugin AdRotate 3.9.4 - clicktracker.ph?track SQL Injection
WordPress Plugin AdRotate 3.9.4 - clicktracker.ph?track SQL Injection Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Versions: 3.9.4 and probably prior Tested Version: 3.9.4 Advisory Publication: January 30, 2014 without technical details Vendor Notification: January 30...
eshtery CMS - FileManager.aspx Local File Disclosure
eshtery CMS - FileManager.aspx Local File Disclosure source: https://www.securityfocus.com/bid/65740/info eshtery CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain...
Ultra Mini HTTPd 1.21 - POST Remote Stack Buffer Overflow (2)
Ultra Mini HTTPd 1.21 - POST Remote Stack Buffer Overflow 2 !/usr/bin/python Title: Mini HTTPD stack buffer overflow POST exploit Author: TheColonial Date: 20 Feb 2013 Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Vendor Homepage: http://www.picolix.jp/ Version: 1.21 Tested...
ILIAS 4.4.1 - Multiple Vulnerabilities
ILIAS 4.4.1 - Multiple Vulnerabilities ============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias.de...
Jorjweb - id SQL Injection
Jorjweb - id SQL Injection source: https://www.securityfocus.com/bid/66377/info Jorjweb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the applicatio...
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC:...
PCMan FTP Server 2.07 - Remote Buffer Overflow
PCMan FTP Server 2.07 - Remote Buffer Overflow Exploit Title: PCMAN FTP 2.07 Long Command Buffer Overflow unauthenticated Date: Feb 19, 2014 Exploit Author: Sumit Version: 2.07 Tested on: Windows XP Professional SP3 Description: Buffer overflow is triggered upon sending long string to PCMAN FTP...
Catia V5-6R2013 - CATV5_Backbone_Bus Stack Buffer Overflow (PoC)
Catia V5-6R2013 - CATV5BackboneBus Stack Buffer Overflow PoC ''' Title: Dassault Syst�mes Catia V5-6R2013 "CATV5BackboneBus" Stack Buffer Overflow Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...
Stark CRM 1.0 - Multiple Vulnerabilities
Stark CRM 1.0 - Multiple Vulnerabilities Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and...
VideoCharge Studio 2.12.3.685 - GetHttpResponse() Man In The Middle Remote Code Execution
VideoCharge Studio 2.12.3.685 - GetHttpResponse Man In The Middle Remote Code Execution !/usr/bin/python Exploit Title: VideoCharge Studio v2.12.3.685 GetHttpResponse MITM Remote Code Execution Exploit SafeSEH/ASLR/DEP Bypass Version: v2.12.3.685 Date: 2014-02-19 Author: Julien Ahrens @MrTuxracer...
Dassault Systemes Catia - Remote Stack Buffer Overflow
Dassault Systemes Catia - Remote Stack Buffer Overflow source: https://www.securityfocus.com/bid/65675/info Catia is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to...
Catia V5-6R2013 - CATV5_AllApplications Stack Buffer Overflow (PoC)
Catia V5-6R2013 - CATV5AllApplications Stack Buffer Overflow PoC ''' Exploit Title: Dassault Systemes Catia V5-6R2013 "CATV5AllApplications" Stack Buffer Overflow Date: 2-18-2014 Exploit Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...
VideoCharge Studio - CHTTPResponse::GetHttpResponse() Remote Stack Buffer Overflow
VideoCharge Studio - CHTTPResponse::GetHttpResponse Remote Stack Buffer Overflow source: https://www.securityfocus.com/bid/65685/info VideoCharge Studio is prone to a remote stack-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before...
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...
WRT120N 1.0.0.7 - Remote Stack Overflow
WRT120N 1.0.0.7 - Remote Stack Overflow !/usr/bin/env python WRT120N v1.0.0.7 stack overflow, ROP to 4-byte overwrite which clears the admin password. Craig Heffner http://www.devttys0.com 2014-02-14 import sys import urllib2 try: target = sys.argv1 except IndexError: print "Usage: %s " % sys.arg...
WordPress Plugin NextGEN Gallery - jqueryFileTree.php Directory Traversal
WordPress Plugin NextGEN Gallery - jqueryFileTree.php Directory Traversal source: https://www.securityfocus.com/bid/65637/info The NextGEN Gallery plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this...
SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service
SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service ''' Exploit Title: SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 Remote Code Execution Vulnerability Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...
Lotus Sametime 8.5.1 - Password Disclosure
Lotus Sametime 8.5.1 - Password Disclosure Exploit Title: Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 Google Dork: n/a Date: 18/02/2014 Exploit Author: Adriano Marcio Monteiro Vendor Homepage: http://www.ibm.com/us/en/ Software Link:...
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities Details ================ Software: BP Group Documents Version: 1.2.1 Homepage: http://wordpress.org/plugins/bp-group-documents/ CVSS: 8 High; AV:N/AC:L/Au:S/C:P/I:P/A:C Description ================ Stored XSS vulnerability in BP...
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery Exploit Title: Dlink DIR-615 Hardware Version E4 Firmware Verion 5.10 CSRF Vulnerability Google Dork: N/A Date: 19/02/2014 Exploit Author: Dhruv Shah Vendor Homepage:...