41207 matches found
Android Bluetooth - Blueborne Information Leak (1)
Android Bluetooth - Blueborne Information Leak 1 from pwn import import bluetooth if not 'TARGET' in args: log.info'Usage: python CVE-2017-0781.py TARGET=XX:XX:XX:XX:XX:XX' exit target = args'TARGET' count = 30 Amount of packets to send port = 0xf BTPSMBNEP context.arch = 'arm' BNEPFRAMECONTROL =...
WebFile Explorer 1.0 - Arbitrary File Download
WebFile Explorer 1.0 - Arbitrary File Download Exploit Title: WebFile Explorer 1.0 - Arbitrary File Download Dork: N/A Date: 09.08.2017 Vendor Homepage : http://speicher.host/ Software Link: https://codecanyon.net/item/webfile-explorer/20366192/ Demo:...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration
DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration !/usr/bin/env python DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting Cross-Site Request Forgery
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting Cross-Site Request Forgery...
Symantec Messaging Gateway 10.6.3-267 - Cross-Site Request Forgery
Symantec Messaging Gateway 10.6.3-267 - Cross-Site Request Forgery Exploit Title: CSRF Date: August 9, 2017 Software Link: https://www.symantec.com/products/messaging-gateway Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE:...
Synology Photo Station 6.7.3-3432 6.3-2967 - Remote Code Execution
Synology Photo Station 6.7.3-3432 6.3-2967 - Remote Code Execution ''' Source: https://blogs.securiteam.com/index.php/archives/3356 Vulnerability details The remote code execution is a combination of 4 different vulnerabilities: Upload arbitrary files to the specified directories Log in with a fa...
Unitrends UEB 9.1 - Unitrends bpserverd Remote Command Execution
Unitrends UEB 9.1 - Unitrends bpserverd Remote Command Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Jared Arave, Cale Smith, Benny Husted Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted ||...
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
Microsoft Windows 8.1 x64 - RGNOBJ Integer Overflow MS16-098 2 Sources: - https://github.com/sensepost/gdi-palettes-exp - https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/ Windows 7 SP1 x86 exploit presented at DEF CON 25 involving the abuse of a newly discovere...
Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution
Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted ||...
Unitrends UEB 9.1 - Privilege Escalation
Unitrends UEB 9.1 - Privilege Escalation Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage:...
WildMIDI 0.4.2 - Multiple Vulnerabilities
WildMIDI 0.4.2 - Multiple Vulnerabilities wildmidi multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= WildMIDI is a simple software midi player which has a core softsynth library that can be use with other applications.The WildMIDI library uses...
VMware WorkStation 12.5.5 - Virtual Machine Escape
VMware WorkStation 12.5.5 - Virtual Machine Escape VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate...
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
WordPress Plugin Easy Modal 2.0.17 - SQL Injection DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL:...
Microsoft Windows - .LNK Shortcut File Code Execution
Microsoft Windows - .LNK Shortcut File Code Execution !/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER:...
Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection
Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection Exploit Title: Joomla! Component StreetGuessr Game v1.1.8 - SQL Injection Dork: N/A Date: 03.08.2017 Vendor : https://www.nordmograph.com/ Software: https://extensions.joomla.org/extensions/extension/sports-a-games/streetguessr-game/ Demo:...
Horde Groupware 5.2.21 - Unauthorized File Download
Horde Groupware 5.2.21 - Unauthorized File Download Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users ca...
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
Technicolor TC7337 - SSID Persistent Cross-Site Scripting // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//...
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege...
DNSTracer 1.9 - Local Buffer Overflow
DNSTracer 1.9 - Local Buffer Overflow Exploit Title: DNSTracer 1.9 - Buffer Overflow Google Dork: if applicable Date: 03-08-2017 Exploit Author: j0lama Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz Version: 1.9 Teste...
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1296 VirtualBox: Windows Process DLL UNC Path Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevatio...
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacture...
Dashlane - DLL Hijacking
Dashlane - DLL Hijacking Vulnerability Summary The following advisory describes a DLL Hijacking vulnerability found in Dashlane. Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely syn...
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection Exploit Title: Joomla! Component LMS King Professional v3.2.4.0 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://king-products.net/ Software:...
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection Exploit Title: Joomla! Component SIMGenealogy v2.1.5 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : https://www.simbunch.com/ Software: https://extensions.joomla.org/extensions/extension/clients-a-communities/communities/simgenealogy/ Demo...
Entrepreneur B2B Script - pid SQL Injection
Entrepreneur B2B Script - pid SQL Injection Exploit Title: Entrepreneur B2B Script - 'pid' Parameter SQL Injection Date: 2017-08-02 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://readymadeb2bscript.com/ Version: All Version Exploit :...
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection Exploit Title: Joomla! Component Ultimate Property Listing v1.0.2 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://faboba.com/ Software:...
Muviko 1.0 - q SQL Injection
Muviko 1.0 - q SQL Injection Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a...
EDUMOD Pro 1.3 - SQL Injection
EDUMOD Pro 1.3 - SQL Injection Exploit Title: School Management System | EDUMOD Pro v1.3 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/school-management-system-edumod-pro/19764430?srank=288 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...
Premium Servers List Tracker 1.0 - SQL Injection
Premium Servers List Tracker 1.0 - SQL Injection Exploit Title: Premium Servers List Tracker v1.0 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/premium-servers-list-tracker/19796599?srank=270 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://www.henryschorradt.de/ Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/ Demo:...
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection Exploit Title: Joomla! Component Event Registration Pro Calendar v4.1.3 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://joomlashowroom.com/ Software:...
libmad 0.15.1b - mp3 Memory Corruption
libmad 0.15.1b - mp3 Memory Corruption libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description:...
Advantech SUSIAccess 3.0 - RecoveryMgmt File Upload
Advantech SUSIAccess 3.0 - RecoveryMgmt File Upload ! /usr/bin/env ruby =begin Exploit Title: Advantech SUSIAccess RecoveryMgmt File Upload Date: 07/31/17 Exploit Author: james fitts Vendor Homepage: http://www.advantech.com/ Version: Advantech SUSIAccess = 3.0 Tested on: Windows 7 SP1 Relavant...
Advantech SUSIAccess 3.0 - Directory Traversal Information Disclosure (Metasploit)
Advantech SUSIAccess 3.0 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech...
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection Vulnerability type: SQL injection, leading to administrative access through authentication bypass. ----------------------------------- Product: SOL.Connect ISET-mpp meter ----------------------------------- Affected version: SOL.Connect ISET-mpp...
Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service
Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service Exploit Title: Solarwinds Kiwi Syslog 9.6.1.6 - Remote Denial of Service Type Mismatch Date: 26/05/2017 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vend...
JoySale 2.2.1 - Arbitrary File Upload
JoySale 2.2.1 - Arbitrary File Upload JoySale Arbitrary File Upload Exploit Title: JoySale Arbitrary File Upload Exploit Author: Mutlu Benmutlu Date: 1/08/2017 Vendor Homepage: http://www.hitasoft.com/product/joysale-advanced-classifieds-script/ Version: Joysale v2.2.1 latest Google Dork:...
Apple macOSiOS - xpc_data Objects Sandbox Escape Privilege Escalation
Apple macOSiOS - xpcdata Objects Sandbox Escape Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1247 When XPC serializes large xpcdata objects it creates mach memory entry ports to represent the memory region then transfers that region to the receiving proce...
VehicleWorkshop - Authentication Bypass
VehicleWorkshop - Authentication Bypass Type: Admin or Customer login bypass via SQL injection Author: Touhid M.Shaikh Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Mail: touhidshaikh22atgmaildotcom More info: https://blog.touhidshaikh.com/ ===================== PoC ==============...
VehicleWorkshop - Arbitrary File Upload
VehicleWorkshop - Arbitrary File Upload Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 ===================...
DivFix++ 0.34 - Denial of Service
DivFix++ 0.34 - Denial of Service DivFix++ denial of service vulnerability ================ Author : qflb.wu =============== Introduction: ============= DivFix++ is FREE AVI Video Fix & Preview program. Affected version: ===== v0.34 Vulnerability Description: ========================== the...
libao 1.2.0 - Denial of Service
libao 1.2.0 - Denial of Service libao memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= Libao is a cross-platform audio library that allows programs to output audio using a simple API on a wide variety of platforms. Affected version: ===...
Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
Sound eXchange SoX 14.4.2 - Multiple Vulnerabilities Sound eXchange SoX multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= SoX is a cross-platform Windows, Linux, MacOS X, etc. command line utility that can convert various formats of computer...
libvorbis 1.3.5 - Multiple Vulnerabilities
libvorbis 1.3.5 - Multiple Vulnerabilities libvorbis multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= The libvorbis package contains a general purpose audio and music encoding format. This is useful for creating encoding and playing decoding...
Vorbis Tools oggenc 1.4.0 - .wav Denial of Service
Vorbis Tools oggenc 1.4.0 - .wav Denial of Service vorbis-tools oggenc vulnerability ================ Author : qflb.wu =============== Introduction: ============= The Vorbis Tools package contains command-line tools useful for encoding, playing or editing files using the Ogg CODEC. Affected...
Jenkins 1.650 - Java Deserialization
Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...
DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow
DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow !/usr/bin/env python Exploit Title: DiskBoss Enterprise v8.2.14 Remote buffer overflow Date: 2017-07-30 Exploit Author: Ahmad Mahfouz Author Homepage: www.unixawy.com Vendor Homepage: http://www.diskboss.com/ Software Link:...
McAfee Security Scan Plus - Remote Command Execution
McAfee Security Scan Plus - Remote Command Execution Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing...