IBM Business Process Manager - User Account Reconfiguration

IBM Business Process Manager - User Account Reconfiguration Exploit Title: IBM BMPS BPM User account reconfiguration/Privilege Escalation/Information Disclosure Date: 31.01.14 Exploit Author: 0in Software link: http://www-03.ibm.com/software/products/en/business-process-manager-family/ Version:...

D-Link DIR-100 - Multiple Vulnerabilities

D-Link DIR-100 - Multiple Vulnerabilities Title: Router D-Link DIR-100 Multiple Vulnerabilities Date: 2013-09-19 Author: Felix Richter Contact: [email protected] Vulnerable Software: ftp://ftp.dlink.de/dir/dir-100/driversoftware/DIR-100fwrevd403b07ALLde20120410.zip Patched Software:...

WordPress Theme Kiddo - Arbitrary File Upload

WordPress Theme Kiddo - Arbitrary File Upload source: https://www.securityfocus.com/bid/65460/info The Kiddo theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to sufficiently sanitize file extensions. An...

Inteno DG301 - Command Injection

Inteno DG301 - Command Injection 1. Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command...

Eventy Online Scheduler 1.8 - Multiple Vulnerabilities

Eventy Online Scheduler 1.8 - Multiple Vulnerabilities Eventy Online Scheduler V1.8 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home :...

Job Site 1.0 - Multiple Vulnerabilities

Job Site 1.0 - Multiple Vulnerabilities Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

ownCloud 6.0.0a - Multiple Vulnerabilities

ownCloud 6.0.0a - Multiple Vulnerabilities Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author: James Sible...

NETGEAR D6300B - diag.cgi?IPAddr4 Remote Command Execution

NETGEAR D6300B - diag.cgi?IPAddr4 Remote Command Execution source: https://www.securityfocus.com/bid/65444/info The Netgear D6300B router is prone to the following security vulnerabilities: 1. Multiple unauthorized-access vulnerabilities 2. A command-injection vulnerability 3. An information...

ImpressCMS 1.3.5 - Multiple Vulnerabilities

ImpressCMS 1.3.5 - Multiple Vulnerabilities I have discovered two vulnerabilities in ImpressCMS. These have been fixed in the new 1.3.6 version, which you can get at https://sourceforge.net/projects/impresscms/files/ImpressCMS%20Official%20Releases/ImpressCMS%201.3%20Branch/ImpressCMS%201.3.6/. O...

Pandora Fms 5.0RC1 - Remote Command Injection

Pandora Fms 5.0RC1 - Remote Command Injection ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Pandora FMS 5.0RC1 and below ------------------------- Affected vendors: ------------------------- Pandora FMS http://pandorafms.com/...

XnView 1.92.1 - Command-Line Arguments Buffer Overflow

XnView 1.92.1 - Command-Line Arguments Buffer Overflow // source: https://www.securityfocus.com/bid/28259/info XnView is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers may...

WordPress Theme Dandelion - Arbitrary File Upload

WordPress Theme Dandelion - Arbitrary File Upload Exploit Title: Wordpress Dandelion Themes Arbitry File Upload Google Dork: inurl:/wp-content/themes/dandelion/ Date: 31/01/2014 Exploit Author: TheBlackMonster Marouane Vendor Homepage:...

Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion Cross-Site Scripting

Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion Cross-Site Scripting source: https://www.securityfocus.com/bid/65420/info Singapore Image Gallery is prone to a remote file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize...

Joomla! Component com_community 2.6 - Code Execution

Joomla! Component comcommunity 2.6 - Code Execution !/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note th...

TopicsViewer 3.0 Beta 1 - Multiple Vulnerabilities

TopicsViewer 3.0 Beta 1 - Multiple Vulnerabilities TopicsViewer v3.0 Beta 1 - Multiple Sql Injection Vulnerabilty =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home :...

Adrenalin Player 2.2.5.3 - .m3u Local Buffer Overflow (SEH) (ASLR + DEP Bypass)

Adrenalin Player 2.2.5.3 - .m3u Local Buffer Overflow SEH ASLR + DEP Bypass !/usr/bin env ruby Exploit Title: Adrenalin Player 2.2.5.3 .m3u SEH-Buffer Overflow ASLR+DEP Bypass Date: 3/2/2014 Exploit Author: Muhamad Fadzil Ramli Vendor HomePage:...

CiMe Citas Médicas - Multiple Vulnerabilities

CiMe Citas Médicas - Multiple Vulnerabilities Exploit Title: Control de Citas 1.4 CIME - Multiple Vulnerabilities Date: 01/02/2014 Exploit Author: vinicius777 Contact: vinicius777 AT gmail / @vinicius777 Vendor Homepage: http://www.cgaredes.tk/ Software Link:...

Seowon Intech WiMAX SWC-9100 Router - cgi-binreboot.cgi Remote Reboot (Denial of Service)

Seowon Intech WiMAX SWC-9100 Router - cgi-binreboot.cgi Remote Reboot Denial of Service source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an...

Seowon Intech WiMAX SWC-9100 Router - cgi-bindiagnostic.cgi?ping_ipaddr Remote Code Execution

Seowon Intech WiMAX SWC-9100 Router - cgi-bindiagnostic.cgi?pingipaddr Remote Code Execution source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an...

Linux Kernel 3.4 3.13.2 (Ubuntu 13.10) - CONFIG_X86_X32 Arbitrary Write (2)

Linux Kernel 3.4 3.13.2 Ubuntu 13.10 - CONFIGX86X32 Arbitrary Write 2 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pa...

Linux Kernel 3.4 3.13.2 (Ubuntu 13.0413.10 x64) - CONFIG_X86_X32y Local Privilege Escalation (3)

Linux Kernel 3.4 3.13.2 Ubuntu 13.0413.10 x64 - CONFIGX86X32y Local Privilege Escalation 3 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13...

MediaWiki 1.22.1 PdfHandler - Remote Code Execution

MediaWiki 1.22.1 PdfHandler - Remote Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to...

Linux Kernel 3.4 3.13.2 - recvmmsg x32 compat (PoC)

Linux Kernel 3.4 3.13.2 - recvmmsg x32 compat PoC / PoC trigger for the linux 3.4+ recvmmsg x32 compat bug, based on the manpage https://code.google.com/p/chromium/issues/detail?id=338594 $ while true; do echo $RANDOM /dev/udp/127.0.0.1/1234; sleep 0.25; done / define GNUSOURCE include include...

A10 Networks Loadbalancer - Directory Traversal

A10 Networks Loadbalancer - Directory Traversal ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- A10 Networks Loadbalancer SoftAX /xml/downloads/?filename=/a10data/tmp/. By sending a GET request to...

PCMan FTP Server 2.07 - CWD Remote Buffer Overflow

PCMan FTP Server 2.07 - CWD Remote Buffer Overflow Exploit Title: PCMAN FTP 2.07 CWD Command Buffer Overflow Date: Jan 25,2014 Exploit Author: Mahmod Mahajna Mahy Version: 2.07 Tested on: Windows 7 sp1 x64 english Email: [email protected] import socket as s from sys import argv iflenargv != 4:...

haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH)

haneWIN DNS Server 1.5.3 - Remote Buffer Overflow SEH !/usr/bin/python Exploit Title: haneWIN DNS Server SEH Author: Dario Estrada dash https://intrusionlabs.org Date: 2014-01-29 Version: haneWIN DNS Server 1.5.3 Vendor Homepage: http://www.hanewin.net/ Vulnerable app...

SimplyShare 1.4 iOS - Multiple Vulnerabilities

SimplyShare 1.4 iOS - Multiple Vulnerabilities Document Title: =============== SimplyShare v1.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1181 Release Date: ============= 2014-01-28 Vulnerability Laboratory ID...

PCMan FTP Server 2.07 - ABOR Remote Buffer Overflow

PCMan FTP Server 2.07 - ABOR Remote Buffer Overflow Exploit Title: PCMAN FTP 2.07 ABOR Command Buffer Overflow Date: Jan 25,2014 Exploit Author: Mahmod Mahajna Mahy Version: 2.07 Tested on: Windows 7 sp1 x64 english Email: [email protected] import socket as s from sys import argv iflenargv != 4...

pfSense 2.1 build 20130911-1816 - Directory Traversal

pfSense 2.1 build 20130911-1816 - Directory Traversal | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Exploit Title: pfSense 2.1 Privilege Escalation from less privileged users LFI/RCE Date: 25/01/2014 0-day Exploit Author: @u0x Pichaya...

LinPHA 1.3.4 - Multiple Vulnerabilities

LinPHA 1.3.4 - Multiple Vulnerabilities Exploit Title: linPHA 1.3.4 - Pemanent XSS and CSRF Date: 28/01/2014 Exploit Author: [email protected] Vendor Homepage: http://sourceforge.net/projects/linpha/ Software Link: http://sourceforge.net/projects/linpha/files/latest/download Version: 1.3.4 Teste...

Oracle Forms and Reports 11.1 - Arbitrary Code Execution

Oracle Forms and Reports 11.1 - Arbitrary Code Execution...

ManageEngine Support Center Plus 7916 - Directory Traversal

ManageEngine Support Center Plus 7916 - Directory Traversal ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ManageEngine Support Center Plus 7916 and lower ------------------------- Affected vendors: -------------------------...

Eventum 2.3.4 - hostname Remote Code Execution

Eventum 2.3.4 - hostname Remote Code Execution Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor...

Eventum - Insecure File Permissions

Eventum - Insecure File Permissions source: https://www.securityfocus.com/bid/65186/info Eventum is prone to an insecure file-permission vulnerability. An attacker can exploit this issue to reinstall vulnerable application. This may aid in further attacks. Eventum 2.3.4 is vulnerable; other...

Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)

Oracle Outside In MDB - File Parsing Stack Buffer Overflow PoC !/usr/bin/python Exploit Title: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC Date: 16th January 2014 PoC Author: Citadelo Vendor Homepage: http://www.oracle.com Software Link:...

Ability Mail Server 2013 -Persistent Cross-Site Scripting Cross-Site Request Forgery (Password Reset)

Ability Mail Server 2013 -Persistent Cross-Site Scripting Cross-Site Request Forgery Password Reset On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and...

Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass

Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video:...

MP3Info 0.8.5a - Buffer Overflow

MP3Info 0.8.5a - Buffer Overflow Waste of CPU clock N2 Exploit for: mp3info! Latest version Author: jsacco - [email protected] Vendor: http://ibiblio.org/mp3info/ No-one-cares-about programs! junk = "\x90\x90\x90\x90"8 shellcode =...

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 ev...

MW6 Technologies Datamatrix - ActiveX Data Buffer Overflow

MW6 Technologies Datamatrix - ActiveX Data Buffer Overflow !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow PROBABLY leading to arbitrary code execution. COM Object - DE7DA0B5-7D7B-4CEA-8739-65CF600D511E...

Daum Game 1.1.0.5 - ActiveX IconCreate Method Remote Stack Buffer Overflow

Daum Game 1.1.0.5 - ActiveX IconCreate Method Remote Stack Buffer Overflow var overwrite =...

ZenPhoto - SQL Injection

ZenPhoto - SQL Injection source: https://www.securityfocus.com/bid/65126/info ZenPhoto is prone to an SQL-injection vulnerability and multiple path-disclosure vulnerabilities. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent...

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor...

pChart 2.1.3 - Multiple Vulnerabilities

pChart 2.1.3 - Multiple Vulnerabilities Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3" Version: 2.1....

WordPress Plugin WP E-Commerce - Multiple Vulnerabilities

WordPress Plugin WP E-Commerce - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/65130/info The WP e-Commerce plugin for WordPress is prone to multiple security vulnerabilities, including: 1. Multiple remote code-execution vulnerabilities. 2. A local file-include vulnerability ...

MW6 Technologies Aztec - ActiveX Data Buffer Overflow (PoC)

MW6 Technologies Aztec - ActiveX Data Buffer Overflow PoC object id=TestObj clas...

NCH Software Express Burn Plus 4.68 - .EBP Project File Buffer Overflow

NCH Software Express Burn Plus 4.68 - .EBP Project File Buffer Overflow !/usr/local/bin/perl NCH Software Express Burn Plus 4.68 EBP Project File Handling Buffer Overflow PoC Vendor: NCH Software Product web page: http://www.nchsoftware.com Affected version: 4.68 Summary: Express Burn is a progra...

Ammyy Admin 3.2 - Authentication Bypass

Ammyy Admin 3.2 - Authentication Bypass Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded...

Maian Uploader 4.0 - Multiple Vulnerabilities

Maian Uploader 4.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/65137/info Maian Uploader is prone to multiple security vulnerabilities, including: 1. An SQL-injection vulnerability 2. Multiple cross-site scripting vulnerabilities Attackers can exploit these issues to acce...

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an...