56796 matches found
Comodo Internet Security - HIPS/Sandbox Escape PoC
No description provided by source. Exploit: http://www.joxeankoret.com/download/comodosandboxescape/sandboxtest1.tar.gz Mirror: www.exploit-db.com/sploits/sandboxtest1.tar.gz Video: http://www.joxeankoret.com/download/comodosandboxescape/video/sandboxescape1.htm...
PHP-Fusion 7.02.07 - SQL Injection
No description provided by source. Exploit Title: PHP-Fusion 7.02.07 SQL Injection Date: 06/11/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.php-fusion.co.uk Software Link: http://ufpr.dl.sourceforge.net/project/php-fusion/PHP-Fusion%20Archives/7.x/ PHP-Fusion-7.02.07.zip Version:...
Konke Smart Plug K - Authentication Bypass Vulnerability
No description provided by source. ----------------------------------------------------------------------- Konke Smart Plug Authentication Bypass Vulnerability ----------------------------------------------------------------------- Author : gamehacker&zixian Mail :...
Ammyy Admin 3.5 - RCE
No description provided by source. Mirror: http://www.exploit-db.com/sploits/aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is well known for being the software that many fake tech support phone scammers...
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection
No description provided by source. Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164 Author: Dave FW/FG The vulnerabilit...
HP Operations Agent Remote XSS iFrame Injection
No description provided by source. !/usr/bin/python Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection Date: 10/16/2014 Exploit Author: Matt Schmidt Syph0n Vendor Homepage: www.hp.com Version: HP Operations Manager/Operations Agent / OpenView Communications...
Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2014-10-01 Bosch Security Systems DVR 630/650/670 Series Multiple Vulnerabilities Device: "Th...
Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability
No description provided by source...
Aireplay-ng 1.2 beta3 - "tcp_test" Length Parameter Stack Overflow
No description provided by source. / Exploit Title: Aireplay "tcptest" Length Parameter Inconsistency Date: 10/3/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://www.aircrack-ng.org/ Version: Aireplay-ng 1.2 beta3 Tested on: Kali Linux 1.0.9 x64 CVE : CVE-2014-8322 Description: Affected...
ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability
No description provided by source. Exploit Title: ZTE Modem Stored XSS Vulnerability Date: 30-10-2014 Exploit Author: Ravi Rajput aka Gr3y n00b IHT team Version: ZXDSL 531BIIV7.3.0fD09IN Software Link:http://wwwen.zte.com.cn Tested on : Windows 7 code : GET...
Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/local/windowskernel' require 'rex' class Metasploit3 Msf::Exploit::Local Rank =...
某学科竞赛系统存在SQL注入漏洞
简要描述: RT 详细说明: 南京先极科技有限公司的学科竞赛系统存在SQL注入漏洞 前人也有提交这个公司的,我就写5个案例 注入连接:MoreNews.aspx?NewsType=DongTai 案例: mask 区域 1.http://.. /xkjs/MoreNews.aspx?NewsType=TongZhi mask 区域 1.http://.. /js/MoreNews.aspx?NewsType=TongZhi mask 区域 1.http://.. /xkjs/MoreNews.aspx?NewsType=TongZhi mask 区域 1.http://...
Change CMS 3.6.8 - Multiple CSRF Vulnerabilities
No description provided by source. Exploit Title: RBS Change Complet Open Source multiple CSRF vulnerabilities POST and GET Date: 10/10/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...
Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF
No description provided by source. !-- Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Exploit author: Emmanuel Law Public Disclosure Date : 20/10/14 Vendor homepage: http://www.axway.com Affected Software version: Axway Secure Transport 5.2.1 SP2 and possibly earlier...
CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability
No description provided by source. CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating...
wordpress infusionsoft 1.5.10 /wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php 文件上传漏洞
No description provided by source...
ncredible PBX 2.0.6.5.0 - Remote Command Execution
No description provided by source. !/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a...
Mouse Media Script 1.6 0 - Stored XSS Vulnerability
No description provided by source. Exploit Title: Mouse Media Script Stored XSS Vulnerability Google Dork: "is your best source of fun." inurl:/view/popular Date: 04-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.6 Software Link: http://codecanyon.net/item/mouse-media-script/7773254 Softwar...
phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities
No description provided by source. Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117 Software Test Link:...
SEO Control Panel 3.6.0 - Authenticated SQL Injection
No description provided by source. Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Se...
Enalean Tuleap 7.4.99.5 - Blind SQL Injection
No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: SQL injection has been fou...
Feng Office 1.7.4 - Cross Site Scripting Vulnerabilities
No description provided by source...
OpenBSD <= 5.5 - Local Kernel Panic
No description provided by source. / tenochtitlan.c OpenBSD = 5.5 Local Kernel Panic by Alejandro Hernandez @nitr0usmx Advisory and technical details: http://www.ioactive.com/pdfs/IOActiveAdvisoryOpenBSD55LocalKernelPanic.pdf Fix: http://www.openbsd.org/errata55.html013kernexec This PoC works onl...
Citrix NetScaler SOAP Handler Remote Code Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites...
iFunBox Free 1.1 iOS - File Inclusion Vulnerability
No description provided by source. Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID:...
DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload
No description provided by source. Exploit Title: DotNetNuke DNNspot Store UploadifyHandler.ashx = 3.0.0 Arbitary File Upload Date: 23/01/2014 Author: Glafkos Charalambous Version: 3.0.0 Vendor: DNNspot Vendor URL: https://www.dnnspot.com Google Dork: inurl:/DesktopModules/DNNspot-Store/ root@kal...
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability
No description provided by source. Document Title: =============== PayPal Inc BB 85 MB iOS 4.6 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=895 PayPal Security UID: Vxda0S Video:...
ZTE ZXDSL-931VII - Unauthenticated Configuration Dump
No description provided by source. Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...
Linux PolicyKit Race Condition Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...
Drupal Core <= 7.32 - SQL Injection (#2)
No description provided by source. !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and t...
XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities
No description provided by source. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
Dell SonicWall GMS 7.2.x - Code Injection
No description provided by source. Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...
Progress OpenEdge 11.2 - Directory Traversal
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-87398' vul ID version = '1' author = 'fenghh' vulDate = '2014-10-31' createDate =...
HttpCombiner ASP.NET - Remote File Disclosure Vulnerability
No description provided by source. Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...
vBulletin Tapatalk - Blind SQL Injection
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 :...
Folder Plus 2.5.1 iOS - Persistent XSS Vulnerability
No description provided by source. Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID:...
File Manager 4.2.10 iOS - Code Execution Vulnerability
No description provided by source. Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...
Belkin n750 jump login Parameter Buffer Overflow
No description provided by source. """ Source: https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/ A vulnerability in the guest network web interface of the Belkin N750 DB Wi-Fi Dual-Band N+ Gigabit Router with firmware F9K1103WW1.10.16m, allows ...
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
No description provided by source. Document Title: =============== Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1303 Release Date: ============= 2014-10-13 Vulnerability Laboratory ID VL-ID:...
Drupal Core <= 7.32 - SQL Injection (PHP)
No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...
Qibo Menhu V5 /hy/member/homepage_ctrl.php SQL注入漏洞
No description provided by source...
Discuz 6.0 /my.php SQL注入漏洞
No description provided by source...
Discuz 7.x /include/discuzcode.func.php 代码执行漏洞
No description provided by source...
phpwind登录处可撞库可锁定他人帐号
简要描述: Phpwind在登录处可以撞库官网演示 以及锁定他人帐号,可持续批量锁定是不是很爽,未测试。。。。。 开启验证码也可绕过。 详细说明: 黑盒测试的直接说怎么用吧。 1. 我们先把所有帐号的用户提取出来。 代码如下 def getuid: con=urllib2.urlopen"http://www.phpwind.net/index.php?m=space&uid="+struid.read r=re.compile'\S+的个人空间' return r.findallcon 2. 再来做个社工库的接口,根据用户名提取密码。 def getpassname:...
PHPMPS v2.3 /search.php SQL注入漏洞
No description provided by source...
DouPHP v1.1 /kindeditor/php/file_manager_json.php 备份文件发现漏洞
No description provided by source...
知道key的情况下对ucserver进行注射
简要描述: 因为帮finger解决问题,无意中看到的漏洞。 怎么拿到key要问finger。 详细说明: 在/ucserver/control/feed.php内有一段代码: function onadd $this-load'misc'; $appid = intval$this-input'appid'; $icon = $this-input'icon'; $uid = intval$this-input'uid'; $username = $this-input'username'; $bodydata =...
ecshop后台暴力破解验证码绕过
简要描述: ecshop后台暴力破解 详细说明: 登陆请求为 username=admin&password=admin888&captcha=1111&act=signin 请求的时候去掉cookie中的ECSCPID=参数 服务端就会不验证验证码直接验证账号的密码是否正确。 使用burp进行暴力破解测试。 漏洞证明:...