41207 matches found
Check_MK 1.2.8p25 - Information Disclosure
CheckMK 1.2.8p25 - Information Disclosure 1. ADVISORY INFORMATION ======================= Product: Checkmk Vendor URL: https://mathias-kettner.de/checkmk.html Type: Race Condition CWE-362 Date found: 2017-09-21 Date published: 2017-10-18 CVSSv3 Score: 7.5...
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017.09.18 impact:...
Xen - Pagetable De-typing Unbounded Recursion
Xen - Pagetable De-typing Unbounded Recursion Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address. When cleaning up a pagetable afte...
WordPress Plugin Car Park Booking - SQL Injection
WordPress Plugin Car Park Booking - SQL Injection Exploit Title: Wordpress Plugin Car Park Booking - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/car-park-booking-wordpress-plugin/20284035 Software Link:...
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary...
Microsoft Edge Chakra JIT - RegexHelper::StringReplace Must Call the Callback Function with Updating ImplicitCallFlags
Microsoft Edge Chakra JIT - RegexHelper::StringReplace Must Call the Callback Function with Updating ImplicitCallFlags / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1334 The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls...
Linux Kernel - AF_PACKET Use-After-Free (1)
Linux Kernel - AFPACKET Use-After-Free 1 / Source: https://blogs.securiteam.com/index.php/archives/3484 Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKET socket...
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...
OpenText Documentum Content Server - Privilege Escalation
OpenText Documentum Content Server - Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server allows to upload content...
Shadowsocks - Log File Command Execution
Shadowsocks - Log File Command Execution X41 D-Sec GmbH Security Advisory: X41-2017-008 Multiple Vulnerabilities in Shadowsocks ======================================= Overview -------- Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6 Confirmed Patched Versions: N/A Vendor: Shadowsocks...
Apple iOS 10.2 (14C92) - Remote Code Execution
Apple iOS 10.2 14C92 - Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1317c3 The exploit achieves R/W access to the host's physical memory. This exploit has been tested on the iPhone 7, iOS 10.2 14C92. To run the exploit against different devices or...
shadowsocks-libev 3.1.0 - Command Execution
shadowsocks-libev 3.1.0 - Command Execution X41 D-Sec GmbH Security Advisory: X41-2017-010 Command Execution in Shadowsocks-libev ====================================== Overview -------- Severity Rating: High Confirmed Affected Versions: 3.1.0 Confirmed Patched Versions: N/A Vendor: Shadowsocks...
Career Portal 1.0 - SQL Injection
Career Portal 1.0 - SQL Injection Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link:...
OpenText Documentum Content Server - Arbitrary File Download
OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1333 Bailout: "ChakraCore’s background JIT compiler generates highly optimized JIT’ed code based upon the data and infers likely usage patterns based on the...
Microsoft Internet Explorer 11 (Windows 7 x86) - mshtml.dll Remote Code Execution (MS17-007)
Microsoft Internet Explorer 11 Windows 7 x86 - mshtml.dll Remote Code Execution MS17-007 .class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table border-spacing: 0px; var ntdllBase = ""; function infoleak var textarea = document.getElementById"textarea"; var frame =...
Microsoft Edge Chakra - StackScriptFunction::BoxState::Box Accesses to Uninitialized Pointers (Denial of Service)
Microsoft Edge Chakra - StackScriptFunction::BoxState::Box Accesses to Uninitialized Pointers Denial of Service / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var...
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
Squid Analysis Report Generator 2.3.10 - Remote Code Execution Exploit Title: RCE/Arbitrary file write in Squid Analysis Report Generator SARG Google Dork: inurl:sarg-php Date: 01 September 2017 Exploit Author: Pavel Suprunyuk Vendor Homepage: https://sourceforge.net/projects/sarg/ Software Link:...
Microsoft Windows - nt!NtQueryObject (ObjectNameInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryObject ObjectNameInformation Kernel Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode client...
TP-Link WR940N - (Authenticated) Remote Code
TP-Link WR940N - Authenticated Remote Code import urllib2 import base64 import hashlib from optparse import import sys import urllibbanner = "\n" "WR940N Authenticated Remote Code Exploit\n" "This exploit will open a bind shell on the remote target\n" "The port is 31337, you can change that in th...
Apache Solr 7.0.1 - XML External Entity Expansion Remote Code Execution
Apache Solr 7.0.1 - XML External Entity Expansion Remote Code Execution First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr...
Linux Kernel - AF_PACKET Use-After-Free (2)
Linux Kernel - AFPACKET Use-After-Free 2 Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKET sockets “allow users to send or receive packets on the device driver...
Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass
Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy che...
Ikraus Anti Virus 2.16.7 - Remote Code Execution
Ikraus Anti Virus 2.16.7 - Remote Code Execution Vulnerability summary The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7. KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects yo...
3CX Phone System 15.5.3554.1 - Directory Traversal
3CX Phone System 15.5.3554.1 - Directory Traversal Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector:...
Linux Kernel 3.16.39 (Debian 8 x64) - inotfiy Local Privilege Escalation
Linux Kernel 3.16.39 Debian 8 x64 - inotfiy Local Privilege Escalation / CVE-2017-7533 inotfiy linux kernel vulnerability. $ gcc -o exploit exploit.c -lpthread $./exploit Listening for events. Listening for events. alloclen : 50 longname="testdir/bbbb32103210321032100��1����" handleevents...
Webmin 1.850 - Multiple Vulnerabilities
Webmin 1.850 - Multiple Vulnerabilities + SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3430 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBMIN-v1.850-REMOTE-COMMAND-EXECUTION.txt + ISR:...
Chrome 35.0.1916.153 - Sandbox Escape Command Execution
Chrome 35.0.1916.153 - Sandbox Escape Command Execution Sandbox escape Chrome exploit. Allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to remote server. More info: https://bugs.chromium.org/p/chromium/issues/detail?id=386988 Download:...
Logitech Media Server - Cross-Site Scripting
Logitech Media Server - Cross-Site Scripting Exploit Title: DOM Based Cross Site Scripting XSS - Logitech Media Server Shodan Dork: Logitech Media Server Date: 14/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.logitech.com Tested on: windows 10 CVE : CVE-2017-15687...
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
AlienVault Unified Security Management USM 5.4.2 - Cross-Site Request Forgery 1. ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5...
Sync Breeze Enterprise 10.1.16 - Remote Buffer Overflow (SEH) (Metasploit)
Sync Breeze Enterprise 10.1.16 - Remote Buffer Overflow SEH Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SyncBreeze v10.1.16 SEH GET Overflow', 'Description' = %...
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
TYPO3 Extension Restler 1.7.0 - Local File Disclosure Exploit Title: Typo3 Restler Extension - Local File Disclosure Date: 2017-10-13 Exploit Author: CrashBandicot @dosperl Vendor Homepage: https://www.aoe.com/ Software Link: https://extensions.typo3.org/extension/restler/ Tested on : MsWin...
FiberHome - Directory Traversal
FiberHome - Directory Traversal Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extende...
phpMyFAQ 2.9.8 - Cross-Site Scripting (2)
phpMyFAQ 2.9.8 - Cross-Site Scripting 2 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...
E-Sic Software livre CMS - f SQL Injection
E-Sic Software livre CMS - f SQL Injection Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
E-Sic Software livre CMS - q SQL Injection
E-Sic Software livre CMS - q SQL Injection Exploit Title: E-Sic Software livre CMS - Blind SQL Injection Date: 12/10/2017 Exploit Author: Guilherme Assmann Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
TP-Link TL-MR3220 - Cross-Site Scripting
TP-Link TL-MR3220 - Cross-Site Scripting Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220 Date: 12/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: http://www.tp-link.com.br Version: TL-MR3220 Tested on: Windows 10 CVE : CVE-2017-15291 Vulnerabilty: Cross-site scripting XSS in TP-LI...
E-Sic Software livre CMS - cpfcnpj SQL Injection
E-Sic Software livre CMS - cpfcnpj SQL Injection Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Downloa...
Dreambox Plugin BouquetEditor - Cross-Site Scripting
Dreambox Plugin BouquetEditor - Cross-Site Scripting Exploit Title: Vulnerability XSS - Dreambox Shodan Dork: Dreambox 200 Date: 12/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.dreamboxupdate.com Version: 2.0.0 Tested on: kali linux, windows 7, 8.1, 10 CVE : CVE-2017-152...
E-Sic Software livre CMS - Cross Site Scripting
E-Sic Software livre CMS - Cross Site Scripting Exploit Title: E-Sic Software livre CMS - Cross Site Scripting Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox...
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
OctoberCMS 1.0.425 Build 425 - Cross-Site Scripting Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://www.exploit-db.com/author/?a=9086 Contact:...
E-Sic Software livre CMS - Autentication Bypass
E-Sic Software livre CMS - Autentication Bypass Exploit Title: E-Sic Software livre CMS - Autentication Bypass Date: 12/10/2017 Exploit Author: Elber Tavares Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal Exploit Title: Trend Micro Data Loss Prevention Virtual Appliance 5.2 Web Path Traversal Date: 10/11/2017 Exploit Author: Leonardo Duarte Contact: http://twitter.com/etakdc Vendor Homepage:...
Trend Micro OfficeScan 11.0XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro OfficeScan 11.0XG 12.0 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro OfficeScan Remote Code Execution", 'Description' = %q This modul...
Trend Micro InterScan Messaging Security (Virtual Appliance) - Proxy.php Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security Virtual Appliance - Proxy.php Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security...
ASX to MP3 3.1.3.7 - .m3u Local Buffer Overflow
ASX to MP3 3.1.3.7 - .m3u Local Buffer Overflow Exploit Title: Buffer Overflow via crafted malicious .m3u file Exploit Author: Parichay Rai Tested on: XP Service Pack 3 CVE : CVE-2017-15221 Description ------------ A buffer overflow Attack possible due to improper input mechanism Proof of Concept...
Complain Management System - Hard-Coded Credentials Blind SQL injection
Complain Management System - Hard-Coded Credentials Blind SQL injection Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied...
binutils 2.29.51.20170921 - read_1_byte Heap Buffer Overflow
binutils 2.29.51.20170921 - read1byte Heap Buffer Overflow Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read1byte-dwarf2-c/ Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: nm -A -a -l -S -s...
QNAP HelpDesk 1.1.12 - SQL Injection
QNAP HelpDesk 1.1.12 - SQL Injection Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To d...
VX Search Enterprise 10.1.12 - Remote Buffer Overflow
VX Search Enterprise 10.1.12 - Remote Buffer Overflow !/usr/bin/env python Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow Exploit Author : Revnic Vasile Email : revnicatgmaildotcom Date : 09-10-2017 Vendor Homepage : http://www.flexense.com/ Software Link :...