Clik here to view.
Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)
EDB-ID: 42984Author: wetw0rkPublished: 2017-10-13CVE: N/A Type: RemotePlatform: WindowsVulnerable App: # This module requires Metasploit: http://metasploit.com/download # Current source:...
View ArticleClik here to view.
Linux/x86 execve(/bin/sh) Polymorphic Shellcode
30 bytes small Linux/x86 polymorphic execve(/bin/sh) shellcode.MD5 | e6f636dfcfcc6d4796c8328badab84e1Download/* Title: Linux/x86 - Polymorphic execve /bin/sh x86 shellcode - 30 bytes Author: Manuel...
View ArticleClik here to view.
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
The BouquetEditor plugin for Dreambox 2.0.0 suffers from a cross site scripting vulnerability.MD5 | 2bd16786592db718ddb18ef56395f97cDownload# Exploit Title: Vulnerability XSS - Dreambox# Shodan Dork:...
View ArticleClik here to view.
Typo3 Restler 1.7.0 Local File Disclosure
Typo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.MD5 | db484565b63241f99e97deaf4de0e92bDownload# Exploit Title: Typo3 Restler Extension - Local File Disclosure#...
View ArticleClik here to view.
SyncBreeze 10.1.16 SEH GET Overflow
There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious...
View ArticleClik here to view.
phpMyFAQ 2.9.8 Cross Site Scripting
phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.MD5 |...
View ArticleClik here to view.
E-Sic Software livre CMS 1.0 Cross Site Scripting / SQL Injection
E-Sic Software livre CMS version 1.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.MD5 | 62179b28a8a59dc82597a0b98daf30c8Download# Exploit Title:...
View ArticleClik here to view.
Dreambox Plugin BouquetEditor - Cross-Site Scripting
EDB-ID: 42986Author: Thiago SenaPublished: 2017-10-12CVE: CVE-2017-15287 Type: WebappsPlatform: HardwareVulnerable App: N/A # Shodan Dork: Dreambox 200 # Date: 12/10/2017 # Exploit Author: Thiago "THX"...
View ArticleClik here to view.
phpMyFAQ 2.9.8 - Cross-Site Scripting
EDB-ID: 42987Author: Ishaq MohammedPublished: 2017-10-13CVE: CVE-2017-14619 Type: WebappsPlatform: PHPVulnerable App: # Vendor Homepage: http://www.phpmyfaq.de/ # Software Link:...
View ArticleClik here to view.
MultiFLEX M10a Controller Multiple Security Vulnerabilities
MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. An information-disclosure vulnerability 3. A cross-site...
View ArticleClik here to view.
Oracle October 2017 Critical Patch Update Multiple Vulnerabilities
Oracle has released advance notification regarding the October 2017 Critical Patch Update (CPU) to be released on October 17, 2017. The update addresses 250 vulnerabilities affecting the following...
View ArticleClik here to view.
DuckieTV CMS 1.1.5 Local File Inclusion
DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.MD5 | 0f7c3ac190d24812bb19d4a0af0f7e8aDownload ___________________________________________________|| Exploit Title: DuckieTV...
View ArticleClik here to view.
Quick CMS 6.4 SQL Injection / Authentication Bypass
Quick CMS version 6.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.MD5 | fcbaf3be8a8a4e01d28e4b92bd8b5631Download...
View ArticleClik here to view.
Opentext Documentum Content Server Privilege Escalation
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) allows for privilege escalation via traversal attacks leveraged through uploaded tar files.MD5 |...
View ArticleClik here to view.
Opentext Documentum Content Server File Download
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the...
View ArticleClik here to view.
Opentext Documentum Content Server Privilege Escalation
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive...
View ArticleClik here to view.
Opentext Documentum Content Server File Hijack / Privilege Escalation
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary...
View ArticleClik here to view.
AlienVault USM 5.4.2 Cross Site Request Forgery
AlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.MD5 | 6e771ba0baa2d865a2bac29ab5c0ceb6DownloadRCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY...
View ArticleClik here to view.
Shadowsocks Log Manipulation / Command Execution
Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection...
View ArticleClik here to view.
Shadowsocks-libev 3.1.0 Command Execution
Shadowsocks-libev version 3.1.0 suffers from a remote command execution vulnerability.MD5 | 216d00d0c25d00e82c302e01f38cfc12DownloadX41 D-Sec GmbH Security Advisory: X41-2017-010Command Execution in...
View Article