Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2014/11/13 12:0 a.m.20 views

Comodo Internet Security - HIPS/Sandbox Escape PoC

No description provided by source. Exploit: http://www.joxeankoret.com/download/comodosandboxescape/sandboxtest1.tar.gz Mirror: www.exploit-db.com/sploits/sandboxtest1.tar.gz Video: http://www.joxeankoret.com/download/comodosandboxescape/video/sandboxescape1.htm...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.31 views

PHP-Fusion 7.02.07 - SQL Injection

No description provided by source. Exploit Title: PHP-Fusion 7.02.07 SQL Injection Date: 06/11/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.php-fusion.co.uk Software Link: http://ufpr.dl.sourceforge.net/project/php-fusion/PHP-Fusion%20Archives/7.x/ PHP-Fusion-7.02.07.zip Version:...

7.5CVSS6.5AI score0.03255EPSS
Exploits6
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.48 views

Konke Smart Plug K - Authentication Bypass Vulnerability

No description provided by source. ----------------------------------------------------------------------- Konke Smart Plug Authentication Bypass Vulnerability ----------------------------------------------------------------------- Author : gamehacker&zixian Mail :...

10CVSS9.2AI score0.11743EPSS
Exploits6
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.42 views

Ammyy Admin 3.5 - RCE

No description provided by source. Mirror: http://www.exploit-db.com/sploits/aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is well known for being the software that many fake tech support phone scammers...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.25 views

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score0.80095EPSS
Exploits15
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.37 views

vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection

No description provided by source. Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164 Author: Dave FW/FG The vulnerabilit...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.47 views

HP Operations Agent Remote XSS iFrame Injection

No description provided by source. !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent / OpenView Communications...

4.3CVSS6.5AI score0.034EPSS
Exploits5
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.40 views

Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2014-10-01 Bosch Security Systems DVR 630/650/670 Series Multiple Vulnerabilities Device: "Th...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.31 views

Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.26 views

Aireplay-ng 1.2 beta3 - "tcp_test" Length Parameter Stack Overflow

No description provided by source. / Exploit Title: Aireplay "tcptest" Length Parameter Inconsistency Date: 10/3/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://www.aircrack-ng.org/ Version: Aireplay-ng 1.2 beta3 Tested on: Kali Linux 1.0.9 x64 CVE : CVE-2014-8322 Description: Affected...

5.3CVSS9.2AI score0.23925EPSS
Exploits3
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.16 views

ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability

No description provided by source. Exploit Title: ZTE Modem Stored XSS Vulnerability Date: 30-10-2014 Exploit Author: Ravi Rajput aka Gr3y n00b IHT team Version: ZXDSL 531BIIV7.3.0fD09IN Software Link:http://wwwen.zte.com.cn Tested on : Windows 7 code : GET...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.39 views

Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/local/windowskernel' require 'rex' class Metasploit3 Msf::Exploit::Local Rank =...

7.1AI score0.23046EPSS
Exploits21
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.21 views

某学科竞赛系统存在SQL注入漏洞

简要描述: RT 详细说明: 南京先极科技有限公司的学科竞赛系统存在SQL注入漏洞 前人也有提交这个公司的,我就写5个案例 注入连接:MoreNews.aspx?NewsType=DongTai 案例: mask 区域 1.http://.. /xkjs/MoreNews.aspx?NewsType=TongZhi mask 区域 1.http://.. /js/MoreNews.aspx?NewsType=TongZhi mask 区域 1.http://.. /xkjs/MoreNews.aspx?NewsType=TongZhi mask 区域 1.http://...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.23 views

Change CMS 3.6.8 - Multiple CSRF Vulnerabilities

No description provided by source. Exploit Title: RBS Change Complet Open Source multiple CSRF vulnerabilities POST and GET Date: 10/10/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF

No description provided by source. !-- Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Exploit author: Emmanuel Law Public Disclosure Date : 20/10/14 Vendor homepage: http://www.axway.com Affected Software version: Axway Secure Transport 5.2.1 SP2 and possibly earlier...

6.8CVSS6.6AI score0.01429EPSS
Exploits5
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability

No description provided by source. CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.15 views

wordpress infusionsoft 1.5.10 /wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.27 views

ncredible PBX 2.0.6.5.0 - Remote Command Execution

No description provided by source. !/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.16 views

Mouse Media Script 1.6 0 - Stored XSS Vulnerability

No description provided by source. Exploit Title: Mouse Media Script Stored XSS Vulnerability Google Dork: "is your best source of fun." inurl:/view/popular Date: 04-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.6 Software Link: http://codecanyon.net/item/mouse-media-script/7773254 Softwar...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.13 views

phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities

No description provided by source. Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117 Software Test Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.19 views

SEO Control Panel 3.6.0 - Authenticated SQL Injection

No description provided by source. Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Se...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.40 views

Enalean Tuleap 7.4.99.5 - Blind SQL Injection

No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: SQL injection has been fou...

6.5CVSS6.5AI score0.022EPSS
Exploits6
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.15 views

Feng Office 1.7.4 - Cross Site Scripting Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.28 views

OpenBSD <= 5.5 - Local Kernel Panic

No description provided by source. / tenochtitlan.c OpenBSD = 5.5 Local Kernel Panic by Alejandro Hernandez @nitr0usmx Advisory and technical details: http://www.ioactive.com/pdfs/IOActiveAdvisoryOpenBSD55LocalKernelPanic.pdf Fix: http://www.openbsd.org/errata55.html013kernexec This PoC works onl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.32 views

Citrix NetScaler SOAP Handler Remote Code Execution

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.38 views

Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities

No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.17 views

iFunBox Free 1.1 iOS - File Inclusion Vulnerability

No description provided by source. Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.155 views

DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload

No description provided by source. Exploit Title: DotNetNuke DNNspot Store UploadifyHandler.ashx = 3.0.0 Arbitary File Upload Date: 23/01/2014 Author: Glafkos Charalambous Version: 3.0.0 Vendor: DNNspot Vendor URL: https://www.dnnspot.com Google Dork: inurl:/DesktopModules/DNNspot-Store/ root@kal...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.45 views

PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability

No description provided by source. Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.37 views

ZTE ZXDSL-931VII - Unauthenticated Configuration Dump

No description provided by source. Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.64 views

Linux PolicyKit Race Condition Privilege Escalation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...

6.9CVSS6.7AI score0.05246EPSS
Exploits17
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.62 views

Drupal Core <= 7.32 - SQL Injection (#2)

No description provided by source. !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and t...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.47 views

XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities

No description provided by source. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.33 views

Dell SonicWall GMS 7.2.x - Code Injection

No description provided by source. Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.17 views

Progress OpenEdge 11.2 - Directory Traversal

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-87398' vul ID version = '1' author = 'fenghh' vulDate = '2014-10-31' createDate =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.31 views

HttpCombiner ASP.NET - Remote File Disclosure Vulnerability

No description provided by source. Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.17 views

vBulletin Tapatalk - Blind SQL Injection

No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.25 views

Folder Plus 2.5.1 iOS - Persistent XSS Vulnerability

No description provided by source. Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.22 views

File Manager 4.2.10 iOS - Code Execution Vulnerability

No description provided by source. Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.35 views

Belkin n750 jump login Parameter Buffer Overflow

No description provided by source. """ Source: https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/ A vulnerability in the guest network web interface of the Belkin N750 DB Wi-Fi Dual-Band N+ Gigabit Router with firmware F9K1103WW1.10.16m, allows ...

10CVSS6.5AI score0.67487EPSS
Exploits8
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.29 views

Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

No description provided by source. Document Title: =============== Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1303 Release Date: ============= 2014-10-13 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.65 views

Drupal Core &lt;= 7.32 - SQL Injection (PHP)

No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.20 views

Qibo Menhu V5 /hy/member/homepage_ctrl.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.201 views

Discuz 6.0 /my.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.17 views

Discuz 7.x /include/discuzcode.func.php 代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.38 views

phpwind登录处可撞库可锁定他人帐号

简要描述: Phpwind在登录处可以撞库官网演示 以及锁定他人帐号,可持续批量锁定是不是很爽,未测试。。。。。 开启验证码也可绕过。 详细说明: 黑盒测试的直接说怎么用吧。 1. 我们先把所有帐号的用户提取出来。 代码如下 def getuid: con=urllib2.urlopen"http://www.phpwind.net/index.php?m=space&uid="+struid.read r=re.compile'\S+的个人空间' return r.findallcon 2. 再来做个社工库的接口,根据用户名提取密码。 def getpassname:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.19 views

PHPMPS v2.3 /search.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.77 views

DouPHP v1.1 /kindeditor/php/file_manager_json.php 备份文件发现漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.33 views

知道key的情况下对ucserver进行注射

简要描述: 因为帮finger解决问题,无意中看到的漏洞。 怎么拿到key要问finger。 详细说明: 在/ucserver/control/feed.php内有一段代码: function onadd $this-load'misc'; $appid = intval$this-input'appid'; $icon = $this-input'icon'; $uid = intval$this-input'uid'; $username = $this-input'username'; $bodydata =...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.59 views

ecshop后台暴力破解验证码绕过

简要描述: ecshop后台暴力破解 详细说明: 登陆请求为 username=admin&password=admin888&captcha=1111&act=signin 请求的时候去掉cookie中的ECSCPID=参数 服务端就会不验证验证码直接验证账号的密码是否正确。 使用burp进行暴力破解测试。 漏洞证明:...

7.1AI score
Exploits0
Total number of security vulnerabilities56796