41207 matches found
NoMachine 6.0.80 (x64) - nxfuse Privilege Escalation
NoMachine 6.0.80 x64 - nxfuse Privilege Escalation from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3...
Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection
Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection Exploit Title: Joomla! Component PrayerCenter 3.0.2 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: http://www.mlwebtechnologies.com/ Software Link:...
Armadito Antivirus 0.12.7.2 - Detection Bypass
Armadito Antivirus 0.12.7.2 - Detection Bypass / Title: Armadito Antivirus - Malware Detection Bypass Date: 21/02/2018 Author: Souhail Hammou Author's website: http://rce4fun.blogspot.com Vendor Homepage: http://www.teclib-edition.com/en/ Version: 0.12.7.2 CVE: CVE-2018-7289 Details: -------- An...
Parallels Remote Application Server 15.5 - Path Traversal
Parallels Remote Application Server 15.5 - Path Traversal Exploit Title: Parallels Remote Application Server RAS 15.5 Path Traversal Date: 22-02-2018 Exploit Author: Nicolas Markitanis - RUNESEC Reviewers: Simon Loizides and Marios Nicolaides - RUNESEC Vendor Homepage: https://www.parallels.com/...
Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection
Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Exploit Title: Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomdonation.com/ Software Link:...
Joomla! Component CheckList 1.1.1 - SQL Injection
Joomla! Component CheckList 1.1.1 - SQL Injection Exploit Title: Joomla! Component CheckList 1.1.1 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Version: 1.1....
Joomla! Component Proclaim 9.1.1 - Backup File Download
Joomla! Component Proclaim 9.1.1 - Backup File Download Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.christianwebministries.org/ Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/...
Joomla! Component CW Tags 2.0.6 - SQL Injection
Joomla! Component CW Tags 2.0.6 - SQL Injection Exploit Title: Joomla! Component CW Tags 2.0.6 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: http://www.cwjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/search-a-indexing/tags-a-clouds/cw-tags/ Version:...
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Exploit Title: Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.christianwebministries.org/ Software Link:...
Joomla! Component Ek Rishta 2.9 - SQL Injection
Joomla! Component Ek Rishta 2.9 - SQL Injection Exploit Title: Joomla! Component Ek Rishta 2.9 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/...
Joomla! Component Alexandria Book Library 3.1.2 - letter SQL Injection
Joomla! Component Alexandria Book Library 3.1.2 - letter SQL Injection Exploit Title: Joomla! Component Alexandria Book Library 3.1.2 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://alexandriabooklibrary.org/ Software Link:...
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
Trend Micro Email Encryption Gateway 5.5 Build 1111.00 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple...
Disk Savvy Enterprise 10.4.18 - Buffer Overflow (SEH)
Disk Savvy Enterprise 10.4.18 - Buffer Overflow SEH Exploit Title: Disk Savvy Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 01/02/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.disksavvy.com/ Software Link:...
Disk Pulse Enterprise 10.4.18 - Import Command Buffer Overflow (SEH)
Disk Pulse Enterprise 10.4.18 - Import Command Buffer Overflow SEH !/usr/bin/env python Exploit Title: Disk Pulse Enterprise v10.4.18 - 'Import Command' Buffer Overflow SEH Date: 2018-01-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage:...
EChat Server 3.1 - CHAT.ghp Buffer Overflow
EChat Server 3.1 - CHAT.ghp Buffer Overflow Exploit Author: Juan Sacco Vulnerability found using Exploit Pack v10 - http://exploitpack.com Impact: An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in...
Wavpack 5.1.0 - Denial of Service
Wavpack 5.1.0 - Denial of Service Exploit title: Wavpack 5.1.0 - Denial of Service Date: 20.02.2018 Exploit Author: r4xis https://github.com/r4xis Vendor Homepage: http://www.wavpack.com/ Software Links: http://www.wavpack.com/downloads.html https://github.com/dbry/WavPack Version: Wavpack 5.1.0...
μTorrent (uTorrent) ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure
μTorrent uTorrent ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. T...
Microsoft Windows - Constrained Impersonation Capability Privilege Escalation
Microsoft Windows - Constrained Impersonation Capability Privilege Escalation Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in...
Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior
Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevati...
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation Windows: StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation EoP Platform: Windows 10 1709 not tested earlier versions Class: Elevation of Privilege Summary: The SvcMoveFileInheritSecurity R...
Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege
Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege...
Microsoft Windows Kernel - nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure
Microsoft Windows Kernel - nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure / We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues 1177 a...
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free var vars = new Array2; function main vars0 = Array1000000.joinString.fromCharCode0x41; vars1 = String.prototype.substring.callvars0, 1, vars0.length; String.prototype.replace.callvars1, RegExp, f; function farg1, arg2,...
Aastra 6755i SIP SP4 - Denial of Service
Aastra 6755i SIP SP4 - Denial of Service Exploit Title: Aastra 6755i SIP SP4 | Unauthorized Remote Reboot Date: 17/02/2018 Exploit Author: Wadeek Hardware Version: 6755i Firmware Version: 3.3.1.4053 SP4 Vendor Homepage: http://www.aastra.sg/ Firmware Link:...
October CMS 1.0.431 - Cross-Site Scripting
October CMS 1.0.431 - Cross-Site Scripting Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till dat...
Joomla! Component JB Bus 2.3 - order_number SQL Injection
Joomla! Component JB Bus 2.3 - ordernumber SQL Injection Exploit Title: Joomla! Component JB Bus 2.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://joombooking.com/ Software Link:...
EPIC MyChart - X-Path Injection
EPIC MyChart - X-Path Injection Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software...
Joomla Component ccNewsletter 2.x.x id - SQL Injection
Joomla Component ccNewsletter 2.x.x id - SQL Injection Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.chillcreations.com/ Software Link: https://extensions.joomla.org/extension/ccnewsletter/ Version: 2.x Stable...
Microsoft Edge - UnmapViewOfFile ACG Bypass
Microsoft Edge - UnmapViewOfFile ACG Bypass Background: To implement ACG https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/VM4y5oTSGCRde3sk.97, Edge uses a separate process for JIT compiling. This JIT Process is also responsible for mapping native code into...
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link:...
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis -...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage:...
Twig 2.4.4 - Server Side Template Injection
Twig 2.4.4 - Server Side Template Injection Vulnerability details: Exploit Title: Twig Output: 16 2. POC: http://localhost/search?searchkey=44 OUTPUT: 4 http://localhost/search?searchkey=ls OUTPUT: list of files/directories etc…...
PSNews Website 1.0.0 - Keywords SQL Injection
PSNews Website 1.0.0 - Keywords SQL Injection Exploit Title: PSNews Website Same Backend with Mobile Apps 1.0.0 - 'Keywords' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...
TV - Video Subscription - Authentication Bypass SQL Injection
TV - Video Subscription - Authentication Bypass SQL Injection Exploit Title: TV - Video Subscription - Authentication Bypass Dork: N/A Date: 2018-02-14 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...
UserSpice 4.3 - Blind SQL Injection
UserSpice 4.3 - Blind SQL Injection !/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User...
Joomla! Component Solidres 2.5.1 - SQL Injection
Joomla! Component Solidres 2.5.1 - SQL Injection Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/...
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection Exploit Title: Joomla! Component NeoRecruit 4.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://neojoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/neorecruit/...
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection Exploit Title: Joomla! Component Google Map Landkarten = 4.2.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomla-24.de/ Software Link:...
Joomla! Component File Download Tracker 3.0 - SQL Injection
Joomla! Component File Download Tracker 3.0 - SQL Injection Exploit Title: Joomla! Component File Download Tracker 3.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techsolsystem.com/ Software Link:...
Joomla! Component Aist 2.0 - id SQL Injection
Joomla! Component Aist 2.0 - id SQL Injection Exploit Title: Joomla! Component Aist = 2.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://aist.bmstu.ru/ Software Link: http://aist.bmstu.ru/ Version: = 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5993...
Joomla! Component Advertisement Board 3.1.0 - catname SQL Injection
Joomla! Component Advertisement Board 3.1.0 - catname SQL Injection Exploit Title: Joomla! Component Advertisement Board 3.1.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link:...
Joomla! Component jGive 2.0.9 - SQL Injection
Joomla! Component jGive 2.0.9 - SQL Injection Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/ Version: 2.0.9 Category:...
Joomla! Component Fastball 2.5 - season SQL Injection
Joomla! Component Fastball 2.5 - season SQL Injection Exploit Title: Joomla! Component Fastball 2.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.fastballproductions.com/ Software Link: http://www.fastballproductions.com/ Version: 2.5 Category: Webapps Tested on:...
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - alias SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - alias SQL Injection Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://quanticalabs.com/joomla/ Software Link:...
Joomla! Component InviteX 3.0.5 - invite_type SQL Injection
Joomla! Component InviteX 3.0.5 - invitetype SQL Injection Exploit Title: Joomla! Component InviteX 3.0.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techjoomla.com/ Software Link:...
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Joomla! Component JS Jobs 1.1.9 - SQL Injection Exploit Title: Joomla! Component JS Jobs 1.1.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/js-jobs/ Softwar...
Joomla! Component JomEstate PRO 3.7 - id SQL Injection
Joomla! Component JomEstate PRO 3.7 - id SQL Injection Exploit Title: Joomla! Component JomEstate PRO = 3.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://comdev.eu/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/...
Joomla! Component Realpin 1.5.04 - SQL Injection
Joomla! Component Realpin 1.5.04 - SQL Injection Exploit Title: Joomla! Component Realpin = 1.5.04 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://realpin.frumania.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-display/realpin/...
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection Exploit Title: Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.apptha.com/ Software Link: https://www.apptha.com/joomla/social-pinboard-script Version: 2.0 Category:...