56796 matches found
OpenBSD <= 5.5 - Local Kernel Panic
No description provided by source. / tenochtitlan.c OpenBSD = 5.5 Local Kernel Panic by Alejandro Hernandez @nitr0usmx Advisory and technical details: http://www.ioactive.com/pdfs/IOActiveAdvisoryOpenBSD55LocalKernelPanic.pdf Fix: http://www.openbsd.org/errata55.html013kernexec This PoC works onl...
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - (.wax) Buffer Overflow/DoS EIP Overwrite
No description provided by source. EDB Note: DoS - b0f isn't working. Title : Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 .wax Buffer Overflow Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 28.10.2014 Python : V 2.7 Thks :...
i.Hex 0.98 - Local Crash PoC
No description provided by source. !/usr/bin/python Exploit Title:i.Hex Local Crash Poc Homepage:http://www.memecode.com/ihex.php Software Link:www.memecode.com/data/ihex-win32-v0.98.exe Version:i.Hex-v0.98 Win32 Release Description:i.Hex is a small and free graphical Hex Editor for Windows...
VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read
No description provided by source. Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product:...
MINIX 3.3.0 Local Denial of Service PoC
No description provided by source. Exploit Title: MINIX 3.3.0 Local Denial of Service Exploit Author: nitr0us Vendor Homepage: www.minix3.org Software Link: http://www.minix3.org/download/index.html Version: 3.3.0 Tested on: MINIX 3.3.0 x86 Attached three PoCs malformed ELFs and a screenshot of t...
Wordpress CP Multi View Event Calendar 1.01 /php-datafeed.php SQL注入漏洞
No description provided by source...
SAP Netweaver Enqueue Server - Denial of Service
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID:...
CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability
No description provided by source. CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating...
wordpress infusionsoft 1.5.10 /wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php 文件上传漏洞
No description provided by source...
Bacula-Web 5.2.10 /joblogs.php SQL注入漏洞
No description provided by source...
Progress OpenEdge 11.2 - Directory Traversal
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-87398' vul ID version = '1' author = 'fenghh' vulDate = '2014-10-31' createDate =...
Internet Explorer 8 MS14-035 Use-After-Free Exploit
影响平台: Windows Server 2003 Service Pack 2 Windows Vista Service Pack 2 Windows Server 2008 Service Pack 2 Windows 7 Service Pack 1 Windows Server 2008 R2 Service Pack 1 漏洞简介: 这个漏洞是由TrendLabs私下发给微软,并且成为微软14年6月份补丁,编号MS14-035。尽管这个漏洞已经修复,这是个值得学习的UAF案例。 触发这个漏洞的POC如下: !-- Exploit Title: MS14-035...
Magento Server MAGMI Plugin - Remote File Inclusion (RFI)
No description provided by source. Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: [email protected] twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software...
Enalean Tuleap 7.4.99.5 - Remote Command Execution
No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Remote Command Execution in Enalean Tuleap CVE: CVE-2014-7178 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: Tuleap does not validate the syntax...
Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060)
No description provided by source. !/usr/bin/python Windows OLE RCE Exploit MS14-060 CVE-2014-4114 Sandworm Author: Mike Czumak Tv3rn1x - @SecuritySift Written: 10/21/2014 Tested Platforms: Windows 7 SP1 w/ exploit script run on Kali Linux You are free to reuse this code in part or in whole wit...
Aireplay-ng 1.2 beta3 - "tcp_test" Length Parameter Stack Overflow
No description provided by source. / Exploit Title: Aireplay "tcptest" Length Parameter Inconsistency Date: 10/3/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://www.aircrack-ng.org/ Version: Aireplay-ng 1.2 beta3 Tested on: Kali Linux 1.0.9 x64 CVE : CVE-2014-8322 Description: Affected...
iBackup 10.0.0.32 - Local Privilege Escalation
No description provided by source. Exploit Title: iBackup = 10.0.0.32 Local Privilege Escalation Date: 23/01/2014 Author: Glafkos Charalambous glafkos.charalambousatunithreat.com Version: 10.0.0.32 Vendor: IBackup Vendor URL: https://www.ibackup.com/ CVE-2014-5507 Vulnerability Details There are...
ThinkSNS微吧储存型XSS(无视WAF,无过滤插入任意代码)
简要描述: ThinkSNS微吧储存型XSS无视WAF,无任何过滤,可插入任意代码 官网demo测试。 详细说明: 进入http://demo.thinksns.com/t3/weiba 发布新贴, 在正文里面输入HTML转码后的脚本,例如: alert1; HTML编码后为: 即为我们要加到正文的内容。 确定之后即可看到脚本被执行了。 看看代码: apps/weiba/Lib/Action/IndexAction.class.php 413 public function postDetail 414 $postid = intval$GET'postid'; 415...
YourMembers Plugin - Blind SQL Injection
No description provided by source. Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: https://github.com/YourMembers/yourmembers/tree/master/ymtrunk Affected version: Version 3, 29 June 2007...
SEO Control Panel 3.6.0 - Authenticated SQL Injection
No description provided by source. Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Se...
Linux PolicyKit Race Condition Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability
No description provided by source. Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...
Enalean Tuleap 7.4.99.5 - Blind SQL Injection
No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: SQL injection has been fou...
ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability
No description provided by source. Exploit Title: ZTE Modem Stored XSS Vulnerability Date: 30-10-2014 Exploit Author: Ravi Rajput aka Gr3y n00b IHT team Version: ZXDSL 531BIIV7.3.0fD09IN Software Link:http://wwwen.zte.com.cn Tested on : Windows 7 code : GET...
Typo3 JobControl 2.14.0 - Cross Site Scripting / SQL Injection
No description provided by source. Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl dmmjobcontrol Multiple Vulnerabilities Product: dmmjobcontrol Typo3 Extension Affected versions: 2.14.0 Impact: high Remote: yes Product...
ManageEngine OpManager, Social IT Plus and IT360 - Multiple Vulnerabilities
No description provided by source. Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 27/09/2014 1 and 2,...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites...
HP Operations Agent Remote XSS iFrame Injection
No description provided by source. !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent / OpenView Communications...
ZTE ZXDSL 831CII - Insecure Direct Object Reference
No description provided by source. Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference...
Centreon SQL and Command Injection
Merethis Centreon 2.5.1版本和Centreon Enterprise Server 2.2版本中存在SQL注入漏洞,该漏洞源于以下脚本没有充分过滤参数: views/graphs/common/makeXMLListMetrics.php脚本没有充分过滤‘indexid’参数; views/graphs/GetXmlTree.php脚本没有充分过滤‘sid’参数;...
Tenda A32 Router - CSRF Vulnerability
No description provided by source. Exploit Title: Tenda A32 Router CSRF Vulnerabilityreboot the Router CVE ID :CVE-2014-7281 Date: 2014-10-10 Exploit Author: zixian Vendor Homepage: http://tenda.com.cn/ Software Link: http://tenda.com.cn/Catalog/Product/325 Version: V5.07.53CN When the...
CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities
No description provided by source. CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities Vendor: Compal Broadband Networks CBN, Inc. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boo...
Who's Who Script - CSRF Exploit (Add Admin Account)
No description provided by source. Title : Who's Who Script CSRF Exploit Add Admin Account Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 30.10.2014 Demo : http://demo.phpscriptlerim.com/free/whoswho/ Download1 :...
Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp def initializeinfo =...
Visual Mining NetCharts Server Remote Code Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
BiWEB最新商城版搜索型注入多枚
简要描述: BiWEB最新商城版搜索型注入多枚 详细说明: 在wooyun上看到了有人提了BiWEB的一个XSS漏洞: WooYun: BIWEB商城版XSS盲打cookie ,也有人提了SQL注入,我也来找找它的漏洞吧。去官网下BiWEB商城版最新的5.8.4来看看。发现BiWEB有多处搜索,都存在注入漏洞。 看看搜索处是怎么处理的。BiWEB首先对GET和POST进行了过滤,/config/filtrate.inc.php 这里就先不说这种过滤的脑残之处了。 继续往下看,BiWEB有所有搜索处都存在同样的注入问题。举一例来说。/search.php 无关代码...
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
CUPS Filter Bash Environment Variable Code Injection
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initializeinf...
IP.Board 3.4.x /interface/ipsconnect/ipsconnect.php SQL注入漏洞
No description provided by source...
Drupal < 7.32 Pre Auth SQL Injection
No description provided by source. ?php // // / / / // / / // \ / / /// / / / / / / / / / // / / / , / // / // / / / / // / / / // ////||//// ///// /// // Poc for Drupal Pre Auth SQL Injection - c 2014 SektionEins // // created by Stefan Horst [email protected] // and Stefan Esser...
i.Mage 1.11 - Local Crash PoC
No description provided by source. !/usr/bin/python Exploit Title:i.Mage Local Crash Poc Homepage:http://www.memecode.com/image.php Software Link:http://sourceforge.net/projects/image-editor/files/i.mage-win32-v111.exe/download Version:i.i.Mage v1.11 Win32 Release Description:i.Mage is a small an...
Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.1 Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098 Software Test Link:...
DouPHP v1.1 /kindeditor/php/file_manager_json.php 备份文件发现漏洞
No description provided by source...
知道key的情况下对ucserver进行注射
简要描述: 因为帮finger解决问题,无意中看到的漏洞。 怎么拿到key要问finger。 详细说明: 在/ucserver/control/feed.php内有一段代码: function onadd $this-load'misc'; $appid = intval$this-input'appid'; $icon = $this-input'icon'; $uid = intval$this-input'uid'; $username = $this-input'username'; $bodydata =...
漫游用友集团各大系统
简要描述: 漫游用友集团各大系统 详细说明: 在一个月黑风高的夜晚,用友某员工的集团办公平台账号,悄悄地泄露了。 // Send message Transport transport=session.getTransport; transport.connect"192.168.210.160" , 25, "ch2","1r"; transport.sendMessagemessage,new Addressnew InternetAddress"[email protected]" ; transport.close;...
Discuz 6.0 /my.php SQL注入漏洞
No description provided by source...
Discuz 7.x /include/discuzcode.func.php 代码执行漏洞
No description provided by source...
PHPMPS v2.3 /search.php SQL注入漏洞
No description provided by source...
Qibo Menhu V5 /hy/member/homepage_ctrl.php SQL注入漏洞
No description provided by source...
ecshop后台暴力破解验证码绕过
简要描述: ecshop后台暴力破解 详细说明: 登陆请求为 username=admin&password=admin888&captcha=1111&act=signin 请求的时候去掉cookie中的ECSCPID=参数 服务端就会不验证验证码直接验证账号的密码是否正确。 使用burp进行暴力破解测试。 漏洞证明:...