Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2014/11/13 12:0 a.m.57 views

Enalean Tuleap 7.2 - XXE File Disclosure

No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...

4CVSS6.5AI score0.03324EPSS
Exploits6
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.13 views

Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp def initializeinfo =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.21 views

Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation

No description provided by source. Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 8.7.6.792 Summary: O2 Connection Manager will help you to manage your...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.23 views

Visual Mining NetCharts Server Remote Code Execution

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score0.8168EPSS
Exploits7
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.22 views

Another Wordpress Classifieds Plugin - SQL Injection

No description provided by source. Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injection Details: The parameter...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.63 views

Linux PolicyKit Race Condition Privilege Escalation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...

6.9CVSS6.7AI score0.05246EPSS
Exploits17
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.59 views

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080...

7.5CVSS6.5AI score0.28759EPSS
Exploits23
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.45 views

CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities

No description provided by source. CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities Vendor: Compal Broadband Networks CBN, Inc. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.37 views

Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/local/windowskernel' require 'rex' class Metasploit3 Msf::Exploit::Local Rank =...

7.1AI score0.23046EPSS
Exploits21
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.40 views

MS Office 2007 and 2010 - OLE Arbitrary Command Execution

No description provided by source. Full exploit: http://www.exploit-db.com/sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web -...

9.3CVSS7.6AI score0.77553EPSS
Exploits11
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.47 views

Magento Server MAGMI Plugin - Remote File Inclusion (RFI)

No description provided by source. Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: [email protected] twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.32 views

Dell SonicWall GMS 7.2.x - Code Injection

No description provided by source. Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.44 views

PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability

No description provided by source. Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.16 views

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.33 views

Drupal < 7.32 Pre Auth SQL Injection

No description provided by source. ?php // // / / / // / / // \ / / /// / / / / / / / / / // / / / , / // / // / / / / // / / / // ////||//// ///// /// // Poc for Drupal Pre Auth SQL Injection - c 2014 SektionEins // // created by Stefan Horst [email protected] // and Stefan Esser...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.33 views

VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read

No description provided by source. Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product:...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.34 views

Belkin n750 jump login Parameter Buffer Overflow

No description provided by source. """ Source: https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/ A vulnerability in the guest network web interface of the Belkin N750 DB Wi-Fi Dual-Band N+ Gigabit Router with firmware F9K1103WW1.10.16m, allows ...

10CVSS6.5AI score0.67487EPSS
Exploits8
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.61 views

Drupal Core <= 7.32 - SQL Injection (#2)

No description provided by source. !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and t...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.14 views

ZTE ZXDSL 831CII - Insecure Direct Object Reference

No description provided by source. Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.69 views

Windows OLE Package Manager SandWorm Exploit

No description provided by source. !/usr/bin/env python import os import zipfile import sys ''' Full Exploit: http://www.exploit-db.com/sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on: Linux/MacOSX Date:...

9.3CVSS9.2AI score0.81628EPSS
Exploits22
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.30 views

HttpCombiner ASP.NET - Remote File Disclosure Vulnerability

No description provided by source. Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.23 views

Folder Plus 2.5.1 iOS - Persistent XSS Vulnerability

No description provided by source. Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.19 views

Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation

No description provided by source. / pwn.c, by @rpaleari and @joystick This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL. Tested on Mac OS X Mavericks 10.9.4/10.9.5. Compile with: gcc -Wall -o pwn,.c -framework IOKit / include stdio.h include string.h include...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.50 views

ManageEngine OpManager, Social IT Plus and IT360 - Multiple Vulnerabilities

No description provided by source. Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 27/09/2014 1 and 2,...

7.5CVSS6.5AI score0.79759EPSS
Exploits11
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.40 views

IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation

No description provided by source. !/bin/sh Title: IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit CVE: CVE-2013-5467 Vendor Homepage: http://www-03.ibm.com/software/products/pl/tivomoni Author: Robert Jaroszuk Tested on: RedHat 5, Centos 5 Vulnerable version: IBM Tivoli...

7.2CVSS6.5AI score0.00845EPSS
Exploits6
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.24 views

Wordpress CP Multi View Event Calendar 1.01 - SQL Injection

No description provided by source. Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip Date : 2014-10-23 Tested on : Windows 7 / Mozilla Firefox Windows 7 /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.23 views

ThinkSNS微吧储存型XSS(无视WAF,无过滤插入任意代码)

简要描述: ThinkSNS微吧储存型XSS无视WAF,无任何过滤,可插入任意代码 官网demo测试。 详细说明: 进入http://demo.thinksns.com/t3/weiba 发布新贴, 在正文里面输入HTML转码后的脚本,例如: alert1; HTML编码后为: 即为我们要加到正文的内容。 确定之后即可看到脚本被执行了。 看看代码: apps/weiba/Lib/Action/IndexAction.class.php 413 public function postDetail 414 $postid = intval$GET'postid'; 415...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

OpenBSD &lt;= 5.5 - Local Kernel Panic

No description provided by source. / tenochtitlan.c OpenBSD = 5.5 Local Kernel Panic by Alejandro Hernandez @nitr0usmx Advisory and technical details: http://www.ioactive.com/pdfs/IOActiveAdvisoryOpenBSD55LocalKernelPanic.pdf Fix: http://www.openbsd.org/errata55.html013kernexec This PoC works onl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.16 views

vBulletin Tapatalk - Blind SQL Injection

No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.30 views

Creative Contact Form - Arbitrary File Upload

No description provided by source. ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...

6.5AI score
Exploits4
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.44 views

Dell EqualLogic Storage - Directory Traversal

No description provided by source. Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage Date: 09/2013 Exploit Author: Mauricio Pampim Corr�a Vendor Homepage: www.dell.com Version: 6.0 Tested on: Equipment Model Dell EqualLogic PS4000 CVE : CVE-2013-3304 The malicious...

5CVSS7.6AI score0.03791EPSS
Exploits5
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.23 views

WebDisk+ 2.1 iOS - Code Execution Vulnerability

No description provided by source. Document Title: =============== WebDisk+ v2.1 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1349 Release Date: ============= 2014-10-23 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.64 views

Drupal Core &lt;= 7.32 - SQL Injection (PHP)

No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.15 views

WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS Vulnerability

No description provided by source. Exploit Title: SupportEzzy Ticket System - WordPress Plugin Stored XSS Vulnerability Date: 12-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.2.5 Vendor Homepage: http://codecanyon.net/item/supportezzy-ticket-system-wordpress-plugin/8908617 Software Test...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.40 views

Enalean Tuleap 7.4.99.5 - Remote Command Execution

No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Remote Command Execution in Enalean Tuleap CVE: CVE-2014-7178 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: Tuleap does not validate the syntax...

9.3CVSS6.5AI score0.05062EPSS
Exploits6
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.26 views

Typo3 JobControl 2.14.0 - Cross Site Scripting / SQL Injection

No description provided by source. Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl dmmjobcontrol Multiple Vulnerabilities Product: dmmjobcontrol Typo3 Extension Affected versions: 2.14.0 Impact: high Remote: yes Product...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

Who's Who Script - CSRF Exploit (Add Admin Account)

No description provided by source. Title : Who's Who Script CSRF Exploit Add Admin Account Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 30.10.2014 Demo : http://demo.phpscriptlerim.com/free/whoswho/ Download1 :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.18 views

Drupal Core <= 7.32 - SQL Injection (#1)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

IP.Board 3.4.x /interface/ipsconnect/ipsconnect.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.36 views

ZTE ZXDSL-931VII - Unauthenticated Configuration Dump

No description provided by source. Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.14 views

BiWEB最新商城版搜索型注入多枚

简要描述: BiWEB最新商城版搜索型注入多枚 详细说明: 在wooyun上看到了有人提了BiWEB的一个XSS漏洞: WooYun: BIWEB商城版XSS盲打cookie ,也有人提了SQL注入,我也来找找它的漏洞吧。去官网下BiWEB商城版最新的5.8.4来看看。发现BiWEB有多处搜索,都存在注入漏洞。 看看搜索处是怎么处理的。BiWEB首先对GET和POST进行了过滤,/config/filtrate.inc.php 这里就先不说这种过滤的脑残之处了。 继续往下看,BiWEB有所有搜索处都存在同样的注入问题。举一例来说。/search.php 无关代码...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.21 views

Mulesoft ESB Runtime 3.5.1 - Privilege Escalation Vulnerability

No description provided by source. Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code Execution Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoin...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - (.wax) Buffer Overflow/DoS EIP Overwrite

No description provided by source. EDB Note: DoS - b0f isn't working. Title : Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 .wax Buffer Overflow Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 28.10.2014 Python : V 2.7 Thks :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.78 views

Windows OLE - Remote Code Execution &quot;Sandworm&quot; Exploit (MS14-060)

No description provided by source. !/usr/bin/python Windows OLE RCE Exploit MS14-060 CVE-2014-4114 – Sandworm Author: Mike Czumak Tv3rn1x - @SecuritySift Written: 10/21/2014 Tested Platforms: Windows 7 SP1 w/ exploit script run on Kali Linux You are free to reuse this code in part or in whole wit...

9.3CVSS9.2AI score0.81628EPSS
Exploits22
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.35 views

Filemaker Pro 13.03 &amp; Advanced 12.04 - Login Bypass and Privilege Escalation

No description provided by source. Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date: 19/10/2014 Vendor Homepag...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.15 views

i.Hex 0.98 - Local Crash PoC

No description provided by source. !/usr/bin/python Exploit Title:i.Hex Local Crash Poc Homepage:http://www.memecode.com/ihex.php Software Link:www.memecode.com/data/ihex-win32-v0.98.exe Version:i.Hex-v0.98 Win32 Release Description:i.Hex is a small and free graphical Hex Editor for Windows...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.15 views

i.Mage 1.11 - Local Crash PoC

No description provided by source. !/usr/bin/python Exploit Title:i.Mage Local Crash Poc Homepage:http://www.memecode.com/image.php Software Link:http://sourceforge.net/projects/image-editor/files/i.mage-win32-v111.exe/download Version:i.i.Mage v1.11 Win32 Release Description:i.Mage is a small an...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.154 views

DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload

No description provided by source. Exploit Title: DotNetNuke DNNspot Store UploadifyHandler.ashx = 3.0.0 Arbitary File Upload Date: 23/01/2014 Author: Glafkos Charalambous Version: 3.0.0 Vendor: DNNspot Vendor URL: https://www.dnnspot.com Google Dork: inurl:/DesktopModules/DNNspot-Store/ root@kal...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.61 views

MS14-060 Microsoft Windows OLE Package Manager Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include...

9.3CVSS9.2AI score0.81628EPSS
Exploits22
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

Tenda A32 Router - CSRF Vulnerability

No description provided by source. Exploit Title: Tenda A32 Router CSRF Vulnerabilityreboot the Router CVE ID :CVE-2014-7281 Date: 2014-10-10 Exploit Author: zixian Vendor Homepage: http://tenda.com.cn/ Software Link: http://tenda.com.cn/Catalog/Product/325 Version: V5.07.53CN When the...

6.8CVSS6.5AI score0.02635EPSS
Exploits6
Total number of security vulnerabilities56796