what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 45 of 45

Files Date: 2016-01-28 to 2016-01-29

Ipswitch MOVEit DMZ 8.1 Authorization Bypass

Posted Jan 28, 2016

Authored by Profundis Labs, Philipp Rocholl | Site profundis-labs.com

Ipswitch MOVEit DMZ versions 8.1 and below suffer from an authorization bypass vulnerability.

tags | exploit, bypass

advisories | CVE-2015-7675

SHA-256 | 0c6c3fa941b2112ee4be3c318d22e87d05cf584bc71e375f4bde79ce23e727e9

Download | Favorite | View

McAfee File Lock Driver Host Crash

Posted Jan 28, 2016

Authored by Kyriakos Economou

McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object of FILE_DEVICE_DISK DeviceType, causing a kernel stack based buffer overflow. McPvDrv.sys version 4.6.111.0 is vulnerable.

tags | advisory, denial of service, overflow, kernel

advisories | CVE-2015-8773

SHA-256 | 630b8a3d4523538ded4d87575e898edf1599ae13e6a4b1b0f4e7d8231325f5d6

Download | Favorite | View

McAfee File Lock Driver Kernel Memory Leak

Posted Jan 28, 2016

Authored by Kyriakos Economou

McAfee File Lock Driver McPvDrv.sys version 4.6.111.0 suffers from a memory leak vulnerability.

tags | advisory, memory leak

advisories | CVE-2015-8772

SHA-256 | 04c8d5c31b7ee243b018718bfc3219e46bdaa41850c8c43eb7249df641e6d335

Download | Favorite | View

Horizon HD / WiFi Weak WiFi Passphrase Generation

Posted Jan 28, 2016

Authored by Ivan Almuina

Horizon HD / WiFi suffers from a weak wifi passphrase generation vulnerability.

tags | exploit

SHA-256 | 078e609265d0354d2c20ab26b50fe6f37418e788f664f00ad8e155e3244bb7b5

Download | Favorite | View

WordPress Appointment Booking Calendar 1.1.24 SQL Injection

Posted Jan 28, 2016

Authored by Joaquin Ramirez Martinez

WordPress Appointment Booking Calendar plugin version 1.1.24 suffers from a remote SQL injection through addslashes.

tags | exploit, remote, sql injection

SHA-256 | f50b726fd5aa53e19ad3f34f743c544fe51d0489b26fd23bee63b91da753dccc

Download | Favorite | View

VLC Media Player 2.2.1 Heap Memory Corruption

Posted Jan 28, 2016

Authored by Francis Provencher

VLC Media Player version 2.2.1 suffers from a heap memory corruption vulnerability when handling malformed mp4 files.

tags | exploit

systems | linux

SHA-256 | 43dc83338e58a0b5197ace97ec0c305748e3b03d919076f55f3174e828eb1787

Download | Favorite | View

Trend Micro Direct Pass Filter Bypass / CSRF

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Karim Rahal | Site vulnerability-lab.com

Trend Micro Direct Pass suffers from filter bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 427ee5ce8144ceff06d82ae31e267ce7cab12ba8ddde6940b78a4dc9125c6c9e

Download | Favorite | View

WordPress Appointment Booking Calendar 1.1.24 Escalation / XSS

Posted Jan 28, 2016

Authored by Joaquin Ramirez Martinez

WordPress Appointment Booking Calendar plugin versions 1.1.24 and below suffer from privilege escalation and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | b8ef07d7c19363e2128f8f09d9ae5133d90fd0610c5195d1948cf38e3f39ac69

Download | Favorite | View

AdMentor 1.00 Database Disclosure

Posted Jan 28, 2016

Authored by indoushka

AdMentor version 1.00 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure

SHA-256 | 74a1022c4799306110ebe0c25ee74f4418b4f33236ec1e52e48bfe76c7477810

Download | Favorite | View

Telegram (API) Cross Site Request Forgery

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Telegram (API) suffers from a cross site request forgery vulnerability.

tags | exploit, csrf

SHA-256 | 802eff87ae7f9f7ba843fe8d7b47bc428cbe6416129a5cbd05dd0d2b913bea71

Download | Favorite | View

Classic Infomedia Authentication Bypass

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Iran Cyber Security Group | Site vulnerability-lab.com

Classic Infomedia suffers from an authentication bypass vulnerability.

tags | exploit, bypass

SHA-256 | 370e697a0c6a2590ea76c4a441e09eb69b5a48aca2d091edf5def22fc99073e6

Download | Favorite | View

Ramui Forum Script 9.0 SQL Injection

Posted Jan 28, 2016

Authored by bd0rk

Ramui Forum Script version 9.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 11f887a9a159c300c9a568ce9b1b7f03edeccab1c6a9649f05342a71bc820950

Download | Favorite | View

Ramui Web Hosting Directory Script 4.0 RFI

Posted Jan 28, 2016

Authored by bd0rk

Ramui Web Hosting Directory Script version 4.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, web, code execution, file inclusion

SHA-256 | aa35762def5bbc70f7ad04ad58599ba7b185f3c2d6b58076ad7ff4c231283aa2

Download | Favorite | View

OpenSSL Security Advisory 20160128

Posted Jan 28, 2016

Site openssl.org

OpenSSL Security Advisory 20160128 - Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. Other issues were also addressed.

tags | advisory

advisories | CVE-2015-3197, CVE-2015-4000, CVE-2016-0701

SHA-256 | d50931cebdf0a0acaa97a892bb010a2edb2d2c635c92fe22e53e92c6c950ea3f

Download | Favorite | View

New Era Company CMS SQL Injection

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Iran Cyber Security Group | Site vulnerability-lab.com

New Era Company suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 787972259fb8a7a051bda95d91c0394f314d87e838066136dfd8758deca1df79

Download | Favorite | View

Liga Manager Online 4.0.2 Cross Site Scripting

Posted Jan 28, 2016

Authored by T3NZOG4N, Mojtaba MobhaM

Liga Manager Online (LMO) version 4.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 358152c719929c66f18bb18ab62a8b3eeebb75937d2b29b29d9a8f5fa35b037a

Download | Favorite | View

eBay Magento Persistent Mail Encoding

Posted Jan 28, 2016

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

eBay Magento suffered from a persistent mail encoding vulnerability.

tags | exploit

SHA-256 | 1f7e3c4c0d1e24a790c770bc054c59941b6b14c695d15033a678f7bdd0ccdf23

Download | Favorite | View

WebMartIndia CMS 2016 Q1 SQL Injection

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Iran Cyber Security Group | Site vulnerability-lab.com

WebMartIndia CMS 2016 Q1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 7a954303edd1fbd1a4180f4e25eb2154be9a376ee8ad48c8e47b7f11b460c974

Download | Favorite | View

los818 CMS 2016 Q1 SQL Injection

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Iran Cyber Security Group | Site vulnerability-lab.com

los818 CMS 2016 Q1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | c0f0393966766019c1f39469ca02d317193c671bff9567c593fa7c0d4a1be6ec

Download | Favorite | View

Apple Watch Denial Of Service

Posted Jan 28, 2016

Authored by Vulnerability Laboratory, Mohammad Reza Espargham | Site vulnerability-lab.com

Apple Watch suffers from a denial of service vulnerability.

tags | exploit, denial of service

systems | apple

SHA-256 | 9cc3a0d304547ffdd304428d2d3dd7affd8aa295a27b4202facca71965d66bac

Download | Favorite | View