41207 matches found
PHP Melody 2.7.3 - Multiple Vulnerabilities
PHP Melody 2.7.3 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages...
Apache Tomcat 9.0.1 (Beta) 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution (2)
Apache Tomcat 9.0.1 Beta 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution 2 !/usr/bin/python import requests import re import signal from optparse import OptionParser class bcolors: HEADER = '\03395m' OKBLUE = '\03394m' OKGREEN = '\03392m' WARNING = '\03393m' FAIL = '\03391m' ENDC =...
ClipShare 7.0 - SQL Injection
ClipShare 7.0 - SQL Injection Exploit Title: ClipShare v7.0 - SQL Injection Date: 2017-10-09 Exploit Author: 8bitsec Vendor Homepage: http://www.clip-share.com/ Software Link: http://www.clip-share.com/ Version: 7.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected] Contact:...
ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow (DEP Bypass)
ASX to MP3 converter 3.1.3.7 - .asx Local Stack Overflow DEP Bypass import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EA...
PyroBatchFTP 3.17 - Buffer Overflow (SEH)
PyroBatchFTP 3.17 - Buffer Overflow SEH !/usr/bin/python print "PyroBatchFTP Local Buffer Overflow SEH Server" Author: Kevin McGuigan @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: https://www.emtech.com Date: 07/10/2017 Version: 3.17 Tested on: Windows 7 32-bit CVE:...
Microsoft Windows 10 RS2 (x64) - win32kfull!bFill Pool Overflow
Microsoft Windows 10 RS2 x64 - win32kfull!bFill Pool Overflow Sources: https://siberas.de/blog/2017/10/05/exploitationcasestudywildpooloverflowCVE-2016-3309reloaded.html https://github.com/siberas/CVE-2016-3309Reloaded Exploits for the recently-patched win32kfull!bFill vulnerability. Executing th...
Easy MPEGAVIDIVXWMVRM to DVD - Enter User Name Local Buffer Overflow (SEH)
Easy MPEGAVIDIVXWMVRM to DVD - Enter User Name Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow SEH Date: 05-10-2017 Exploit Author: Venkat Rajgor Vendor Homepage: http://www.divxtodvd.net/ Software Link:...
WebKit JSC - BytecodeGenerator::emitGetByVal Incorrect Optimization (2)
WebKit JSC - BytecodeGenerator::emitGetByVal Incorrect Optimization 2 function f let o = ; for let i in xx: 0 for i of 0 printoi; f;...
ClipBucket 2.8.3 - Remote Code Execution
ClipBucket 2.8.3 - Remote Code Execution Exploit Title: ClipBucket PHP Script Remote Code Execution RCE Date: 2017-10-04 Exploit Author: Esecurity.ir Vendor Homepage: https://clipbucket.com/ Version: 2.8.3 Exploit Code By : Meisam Monsef - Email : [email protected] - TelgramID : @meisamrce Usag...
Webkit (Chome 61) - MHTML Universal Cross-site Scripting
Webkit Chome 61 - MHTML Universal Cross-site Scripting MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location:...
Webkit (Safari) - Universal Cross-site Scripting
Webkit Safari - Universal Cross-site Scripting function Pewvar doc=open'parent-tab://apple.com';doc.document.body.innerHTML='';Click me! Exploit by Frans Rosén html data:text/html,function yx=open'parent-tab://google.com','top',x.document.body.innerHTML='';setTimeouty,100 -- function...
Fiberhome AN5506-04-F - Command Injection
Fiberhome AN5506-04-F - Command Injection Exploit Title: Fiberhome an5506-04-f – -PING- COMMAND INJECTION Date: 03.10.2017 Exploit Author: Tauco Vendor Homepage: http://hk.fiberhomegroup.com Version: RP2609 Tested on: Windows 10 Description:...
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
EPESI 1.8.2 rev20170830 - Cross-Site Scripting Exploit Title: Multiple Stored XSS in EPESI Date: 10/03/2017 Exploit Author: Zeeshan Shaikh Vendor Homepage: http://epe.si/ Software Link: http://epe.si/download/ Version: 1.8.2 rev20170830 CVE : CVE-2017-14712 to CVE-2017-14717 Category: webapps XSS...
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: C4t0ps1s Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowCode execution Date...
Dnsmasq 2.78 - Lack of free() Denial of Service
Dnsmasq 2.78 - Lack of free Denial of Service ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14495.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the...
Linux Kernel 4.14.rc3 - Local Denial of Service
Linux Kernel 4.14.rc3 - Local Denial of Service / Exploit Title: Linux Kernelnrfrags was overwritten by ev-iferror = err 0xff in the condition where nlh-nlmsglen==0x10 and skb-len nlh-nlmsglen. POC: / include include include include include define NETLINKUSER 31 define MAXPAYLOAD 1024 / maximum...
Dnsmasq 2.78 - 2-byte Heap Overflow
Dnsmasq 2.78 - 2-byte Heap Overflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14491.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open three terminals docker build...
Dnsmasq 2.78 - Stack Overflow
Dnsmasq 2.78 - Stack Overflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14493.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText...
NPM-V (Network Power Manager) 2.4.1 - Password Reset
NPM-V Network Power Manager 2.4.1 - Password Reset NPM-VNetwork Power Manager = 2.4.1 Reset Password Vulnerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NPM-V Affected Version : 2.4.1 and below Vendor : http://www.china-clever.com Product Link :...
phpCollab 2.5.1 - SQL Injection
phpCollab 2.5.1 - SQL Injection CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments,...
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA...
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - Arbitrary File Upload CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filt...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText...
UCOPIA Wireless Appliance 5.1 (Captive Portal) - Root Remote Code Execution
UCOPIA Wireless Appliance 5.1 Captive Portal - Root Remote Code Execution Exploit Title: Unauthenticated remote root code execution on captive portal Ucopia '/var/www/html/upload/bd.php;echo%20t As php is in sudoers without password...
Dnsmasq 2.78 - Heap Overflow
Dnsmasq 2.78 - Heap Overflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14492.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t dnsma...
Dnsmasq 2.78 - Information Leak
Dnsmasq 2.78 - Information Leak ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available...
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then...
Dnsmasq 2.78 - Integer Underflow
Dnsmasq 2.78 - Integer Underflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option i...
Microsoft Word 2007 (x86) - Information Disclosure
Microsoft Word 2007 x86 - Information Disclosure Title: MS Office Word Information Disclosure Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows...
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow Exploit Title: SyncBreeze POST username overflow Date: 30-Sep-2017 Exploit Author: Owais Mehtab Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested...
Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/...
ConverTo Video Downloader Converter 1.4.1 - Arbitrary File Download
ConverTo Video Downloader Converter 1.4.1 - Arbitrary File Download Exploit Title: ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download Dork: N/A Date: 29.09.2017 Vendor Homepage: https://codecanyon.net/user/lemonadeflirt Software Link:...
Trend Micro OfficeScan 11.0XG (12.0) - Memory Corruption
Trend Micro OfficeScan 11.0XG 12.0 - Memory Corruption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt + ISR: ApparitionSec Vendor:...
Dup Scout Enterprise 10.0.18 - Import Command Local Buffer Overflow
Dup Scout Enterprise 10.0.18 - Import Command Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Dup Scout Enterprise v10.0.18 "Import Comman...
WordPress Plugin WPHRM - SQL Injection
WordPress Plugin WPHRM - SQL Injection Exploit Title: WordPress Plugin WPHRM - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wphrm-human-resource-management-system-for-wordpress/20555857 Demo:...
FileRun 2017.09.18 - SQL Injection
FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...
Microsoft Office Groove - Workspace Shortcut Arbitrary Code Execution
Microsoft Office Groove - Workspace Shortcut Arbitrary Code Execution Title: MS Office Groove 'Workspace Shortcut' Arbitrary Code Execution Vulnerability Date: September 28th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/...
Trend Micro OfficeScan 11.0XG (12.0) - Host Header Injection
Trend Micro OfficeScan 11.0XG 12.0 - Host Header Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ==================...
PHP Multi Vendor Script 1.02 - sid SQL Injection
PHP Multi Vendor Script 1.02 - sid SQL Injection Exploit Title: PHP Multi Vendor Script v1.02 - 'sid' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.dexteritysolution.com/ Software Link:...
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow PoC !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowPoC Date...
Trend Micro OfficeScan 11.0XG (12.0) - Man In The Middle Remote Code Execution
Trend Micro OfficeScan 11.0XG 12.0 - Man In The Middle Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec...
Trend Micro OfficeScan 11.0XG (12.0) - Private Key Disclosure
Trend Micro OfficeScan 11.0XG 12.0 - Private Key Disclosure + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt + ISR: ApparitionSec Vendor...
Easy Blog PHP Script 1.3a - id SQL Injection
Easy Blog PHP Script 1.3a - id SQL Injection Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2....
Roteador Wireless Intelbras WRN150 - Autentication Bypass
Roteador Wireless Intelbras WRN150 - Autentication Bypass Exploit Title: Autentication Bypass/Config file download - INTELBRAS WRN 150 Date: 28/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150 Mbps - WRN 150 Tested on: kali linux,...
Trend Micro OfficeScan 11.0XG (12.0) - Server Side Request Forgery
Trend Micro OfficeScan 11.0XG 12.0 - Server Side Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ==================...
Trend Micro OfficeScan 11.0XG (12.0) - Image File Execution Bypass
Trend Micro OfficeScan 11.0XG 12.0 - Image File Execution Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt + ISR: ApparitionSec Vendor: ==================...
DiskBoss Enterprise 8.4.16 - Import Command Local Buffer Overflow
DiskBoss Enterprise 8.4.16 - Import Command Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 "Import Command"...
Trend Micro OfficeScan 11.0XG (12.0) - Information Disclosure
Trend Micro OfficeScan 11.0XG 12.0 - Information Disclosure + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt + ISR: ApparitionSec Vendor:...
Real Estate MLM plan script 1.0 - srch SQL Injection
Real Estate MLM plan script 1.0 - srch SQL Injection Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0...