Sqlbuddy Path Traversal Vulnerability

Exploit Author: John Page (hyp3rlinx) Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: == sqlbuddy suffers from directory traversal whereby a user

Webgrind XSS vulnerability

Credits: John Page ( hyp3rlinx ) Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-WEBGRIND0520.txt Vendor: https://github.com/jokkedk/webgrind Product: Webgrind is a Xdebug Profiling Web Frontend in PHP. Advisory Information

phpFileManager 0.9.8 Remote Command Execution

[+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0728.txt Vendor: phpfm.sourceforge.net Product: phpFileManager version

Multiple XSS vulnerabilities in FortiSandbox WebUI

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt Vendor: www.fortinet.com PSIRT ID: 1418018 Product: == FortiSandbox

SimpleSAMLphp Link Injection

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SIMPLESAML-PHP-LINK-INJECTION.txt [+] ISR: apparitionsec Vendor: = simplesamlphp.org Product: == simplesamlphp < 1.1

Oracle Orakill.exe Buffer Overflow

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-ORAKILL.EXE-BUFFER-OVERFLOW.txt [+] ISR: apparitionsec Vendor: == www.oracle.com Product: === orakill.exe v11.2.0 The orakill utility

AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECUTION.txt [+] ISR: apparitionsec Vendor: == sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product

Advanced Electron Forum v1.0.9 Persistent XSS

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt Vendor: = www.anelectron.com/downloads/ Product: Advanced Electron Forum v1.0.9 (AEF) Exploit

Advanced Electron Forum v1.0.9 CSRF

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt Vendor: = www.anelectron.com/downloads/ Product: Advanced Electron Forum v1.0.9 (AEF) Exploit

Advanced Electron Forum v1.0.9 RFI / CSRF

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt Vendor: = www.anelectron.com/downloads/ Product: Advanced Electron Forum v1.0.9 (AEF) Exploit

dotDefender Firewall CSRF

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt Vendor: == www.applicure.com Product: = dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender

Mezzanine CMS 4.1.0 XSS

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt Vendor: === mezzanine.jupo.org Product: Mezzanine 4.1.0 Mezzanine is an open source CMS built using the python based

Re: Symantec EP DOS

*** Be aware "Gerado Sanchez" is re-posting and stealing vulnerability reports work/credits as his own, he is also using similar nicknames, emails etc. ORIGINAL Symantec EP DOS POST from "hyp3rlinx" is found here dated Jul 08 2015. http://www.securityfocus.com/archive/1/535958

Oracle HtmlConverter.exe Buffer Overflow

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-HTMLCONVERTER-BUFFER-OVERFLOW.txt Vendor: === www.oracle.com Product: Java Platform SE 6 U24 HtmlConverter.exe

XMB - eXtreme Message Board v1.9.11.13 Weak Crypto

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XMB-WEAK-CRYPTO.txt Vendor: == xmbforum2.com Product: == XMB - eXtreme Message Board v1.9.11.13 XMB forum software is open

phpMyBackupPro v.2.5 XSS

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-XSS.txt Vendor: = www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product

phpMyBackupPro v.2.5 Arbitrary File Upload

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILE_UPLOAD_VULN.txt Vendor: = www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product

phpMyBackupPro v.2.5 Remote Command Execution / CSRF

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: = www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product

CyberCop Scanner Smbgrind v5.5 Buffer Overflow

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SMBGRIND-BUFFER-OVERFLOW.txt Vendor: === Network Associates Inc. Product: === smbgrind: NetBIOS parallel

Microsoft PowerPointViewer Code Execution

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-PPT-VIEWER-CODE-EXEC.txt Vendor: === www.microsoft.com Product: Microsoft PowerPoint Viewer version: 12.0.6600.1000

Xoops 2.5.7.2 Directory Traversal Bypass

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt Vendor: = xoops.org Product: Xoops 2.5.7.2 Vulnerability Type

CAM UnZip v5.1 Archive Directory Traversal

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CAMUNZIP-ARCHIVE-PATH-TRAVERSAL.txt Vendor: = www.camunzip.com Product: == CAM UnZip v5.1 Vulnerability Type: == Archive

CSRF - MySQL / PHP.INI Hijacking

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt Vendor: === wpn-xm.org Product: == WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free

WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt Vendor: === wpn-xm.org Product: == WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free

WPN-XM Serverstack v0.8.6 XSS

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-XSS.txt Vendor: === wpn-xm.org Product: WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free and open-source web server solution stack

WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt Vendor: === wpn-xm.org Product: == WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free

Xoops 2.5.7.2 CSRF - Arbitrary User Deletions

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-CSRF.txt Vendor: = xoops.org Product: Xoops 2.5.7.2 Vulnerability Type: === CSRF

TrendMicro DDI Cross Site Request Forgerys

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt Vendor: www.trendmicro.com Product: = Trend Micro Deep Discovery

eXtplorer v2.1.9 Archive Path Traversal

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVERSAL.txt [+] ISR: apparitionsec Vendor: == extplorer.net Product: == eXtplorer v2.1.9 eXtplorer

dns_dhcp Web Interface SQL Injection

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DNS_DHCP-WEB-INTERFACE-SQL-INJECTION.txt [+] ISR: apparitionsec Vendor: tmcdos / sourceforge Product: == dns_dhcp Web Interface

Nagios NA v2.2.1 XSS

[+] Credits: John Page -HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-XSS.txt [+] ISR: ApparitionSec Vendor: === www.nagios.com Product: == Nagios Network Analyzer

WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt [+] ISR: ApparitionSec Vendor: = www.wso2.com Product: Wso2

WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt [+] ISR: ApparitionSec Vendor: = www.wso2.com Product: == Ws02Carbon v4.4.5

WSO2-CARBON v4.4.5 CSRF / DOS

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.txt [+] ISR: ApparitionSec Vendor: www.wso2.com Product: == Ws02Carbon v4.4.5 WSO2 Carbon

MyLittleForum v2.3.5 PHP Command Injection

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt [+] ISR: APPARITIONSEC Vendor: = mylittleforum.net Download: github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Symantec SEPM v12.1 Multiple Vulnerabilities

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt [+] ISR: ApparitionSec Vendor: www.symantec.com Product: === SEPM Symantec Endpoint Protection

Microsoft Process Kill Utility "kill.exe" Buffer Overflow

[+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFLOW.txt [+] ISR: ApparitionSec Vendor: = www.microsoft.com Product: = Microsoft

Microsoft WinDbg logviewer.exe Buffer Overflow DOS

[+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDBG-LOGVIEWER-BUFFER-OVERFLOW.txt [+] ISR: ApparitionSec Vendor: = www.microsoft.com Product: WinDbg logviewer.exe LogViewer

Nagios Network Analyzer v2.2.1 Multiple CSRF

[+] Credits: John Page -hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSRF.txt [+] ISR: ApparitionSec Vendor: === www.nagios.com Product: == Nagios Network

AirSnort v0.2.7 Stack Corruption DOS

[+] Credits: Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AIRSNORT-STACK-CORRUPTION-DOS.txt [+] ISR: ApparitionSec Vendor: == sourceforge.net/projects/airsnort/ Product: === AirSnort

Any Video Converter DLL Hijack

[+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ANY-VIDEO-CONVERTER-DLL-HIJACK.txt [+] ISR: ApparitionSec Vendor: === www.any-video-converter.com Product

WebCalendar v1.2.7 CSRF Protection Bypass

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product

WebCalendar v1.2.7 CSRF Protection Bypass

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product

WebCalendar v1.2.7 CSRF Protection Bypass

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product

sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt [+] ISR: APPARITIONSEC Vendor: snewscms.com Product: sNews CMS v1.7.1 Vulnerability Type

Symphony CMS v2.6.7 Session Fixation

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt [+] ISR: APPARITIONSEC Vendor: www.getsymphony.com Product: == Symphony CMS v2.6.7

WebCalendar v1.2.7 PHP Code Injection

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-INJECTION.txt [+] ISR: ApparitionSec Vendor: == www.k5n.us/webcalendar.php Product

Lepton CMS Archive Directory Traversal

[+] Credits: John Page (HYP3RLINX) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: == www.lepton-cms.org Product: = Lepton

Ghostscript 9.20 Filename Command Execution

[+]# [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt [+] ISR

NTOPNG Web Interface v2.4 CSRF Token Bypass

[+]# [+] Credits / Discovery: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt [+] ISR: ApparitionSEC

PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload

[+] [+] Credits: John Page AKA Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTP_UPLOAD-ARBITRARY-FILE-UPLOAD.txt [+] ISR: ApparitionSEC

Lepton CMS PHP Code Injection

[+] Credits: John Page (HYP3RLINX) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt [+] ISR: ApparitionSec Vendor: == www.lepton-cms.org Product: = Lepton CMS 2.2.0

Necroscan <= v0.9.1 Buffer Overflow

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NECROSCAN-BUFFER-OVERFLOW.txt [+] ISR: ApparitionSec Vendor: === nscan.hypermart.net Product

Puppet Enterprise Web Interface Authentication Redirect

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt [+] ISR: ApparitionSec Vendor: == www.puppet.com Product: Puppet

Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt [+] ISR: ApparitionSec Vendor: = www.adobe.com Product(s

XAMPP Control Panel Memory Corruption Denial Of Service

[+] Credits: John Page (hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XAMPP-CONTROL-PANEL-MEMORY-CORRUPTION-DOS.txt [+] ISR: ApparitionSec Vendor: = www.apachefriends.org Product

Path Traversal Remote File Disclosure

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt [+] ISR: ApparitionSec Vendor: = mobaxterm.mobatek.net Product

CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: = www.microsoft.com Product

CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: == www.extraputty.com Product

CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure

+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL -REMOTE-FILE-ACCESS.txt [+] ISR: ApparitionSec Vendor: = mobaxterm.mobatek.net Product

Splunk Enterprise Information Theft CVE-2017-5607

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt [+] ISR: ApparitionSec Vendor: === www.splunk.com Product: == Splunk

CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection

[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt [+] ISR: ApparitionSec Vendor: www.moxa.com Product: === MX

Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload

[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt [+] ISR: APPARITIONSEC Vendor: == www.spiceworks.com Product

CVE-2017-7456 Moxa MXview v2.8 Denial Of Service

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: www.moxa.com Product: === MXView v2.8 Download

concrete5 v8.1.0 Host Header Injection

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt [+] ISR: ApparitionSec Vendor: == www.concrete5.org Product

CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure

[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt [+] ISR: APPARITIONSEC Vendor: www.moxa.com Product: === MXview V2.8

Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass

[+] Credits: John Page AKA Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt [+] ISR: ApparitionSec Vendor: === www.sawmill.net Product

EasyCom SQL iPlug Denial Of Service

[+] Credits: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: easycom-aura.com Product: === SQL iPlug EasycomPHP_4.0029

CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt [+] ISR: ApparitionSec Vendor: www.mantisbt.org Product

CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: == yaws.hyber.org Product

CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt [+] ISR: ApparitionSec Vendor: www.mantisbt.org Product: = Mantis Bug

CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt [+] ISR: APPARITIONSEC Vendor: = www.pmail.com Product

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: www.secure-bytes.com Product

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: www.secure-bytes.com Product