[--]( ISR Apparition Security | 0x4C4C4548 )[--]
*** This site is by hyp3rlinx. Here you will find various computer security related information
of my discoverys. By continuing to access this site you are agreeing to the full disclaimer below. ***

Microsoft Windows mshta.exe (HTA File) XML External Entity Injection 
HFS HTTP File Server "hfs.exe" Remote Buffer Overflow DoS CVE-2020-13432
Avaya IP Office v9.1.8.0 - 11 Insecure Transit Password Disclosure CVE-2020-7030
WinGate v9.4.1.5998 Insecure Permissions EoP CVE-2020-13866
Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption (v2 Exploit) CVE-2020-6857
M$ Windows net use Logon Command Insufficient Authentication Logic Scanner Tool 
Microsoft Windows net use Command Insufficient Authentication Logic 
Recon-Informer v1 Intel for offensive systems anti-reconnaissance tool 
NTCrackPipe v2.0 Windows Local Account Cracker 
Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption  CVE-2020-6857
HP System Event Utility Privilege Escalation Vulnerability  CVE-2019-18915
Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697
Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357
Microsoft Windows VCF Card Mailto Link Denial Of Service 
Microsoft Windows .Group File URL Field Code Execution 
Microsoft Windows Media Center XXE MotW Bypass (Anniversary Edition) 
Microsoft Visual Studio 2008 Express IDE XML External Entity Injection 0Day 
Microsoft Excel 2016 v1901 Import Error XML External Entity Injection 0Day 
Max Secure Anti Virus Plus v19.0.4.020 Insecure Permissions CVE-2019-19382
NAPC Xinet Elegant 6 Asset Library Web Interface v6.1.655 Pre-Auth SQL Injection 0Day CVE-2019-19245
ScanGuard Antivirus (latest version) Insecure Permissions CVE-2019-18895
Trend Micro Anti-Threat Toolkit (ATTK) <= v1.62.0.1218 Remote Code Execution 0day CVE-2019-9491
NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool 
Microsoft Windows NTFS Privileged File Access Enumeration 0day 
GGPowerShell Windows PowerShell Unsanitized RCE File Creation Tool 
Microsoft Windows PowerShell Unsanitized Filename Command Execution 0day 
Trend Micro Deep Discovery Inspector IDS Percent Encoding IDS Bypass 
MAPLE Computer WBT SNMP Administrator v2.0.195.15 Unauthenticated Remote Buffer Overflow Code Execution 0day CVE-2019-13577
Microsoft Compiled HTML Help Uncompiled .chm File XML External Entity 0day 
Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 DLL Hijack Arbitrary Code Execution 0day 
Microsoft Internet Explorer Security Feature Bypass Vulnerability CVE-2019-0995
Hosting Controller HC10 HC.Server Service 10.14 Remote Invalid Pointer Write CVE-2019-12323
Microsoft Word (2016) Deceptive File Reference ZDI-CAN-7949
Windows PowerShell Integrated Scripting Environment (ISE) Filename Parsing Flaw Remote Code Execution 0day ZDI-CAN-8005
Microsoft Internet Explorer v11 XML External Entity Injection 0day 
Microsoft Windows .Reg File Dialog Box Message Spoofing 0day 
Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-7591
Microsoft Windows ".contact" File Insufficient UI Warning Arbitrary Code Execution 0day ZDI-CAN-7591
Microsoft Windows VCF File Insufficient UI Warning Remote Code Execution 0day ZDI-CAN-6920
NEC Univerge Sv9100 WebPro - 6.00 Predictable Session ID / Clear Text Password Storage CVE-2018-11741 / CVE-2018-11742
Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service CVE-2018-15437
D-LINK Central WifiManager CWM-100 FTP Server PORT Bounce Scan CVE-2018-15516
D-LINK Central WifiManager CWM-100 Server Side Request Forgery CVE-2018-15517
D-LINK Central WifiManager CWM-100 Trojan File SYSTEM Privilege Escalation CVE-2018-15515
ServersCheck Monitoring Software through 14.3.3 Arbitrary File Write CVE-2018-18552
ServersCheck Monitoring Software through 14.3.3 SQL Injection CVE-2018-18550
ServersCheck Monitoring Software through 14.3.3 Cross Site Scripting CVE-2018-18551
NoMachine <= v5.3.26 Trojan File Remote Code Execution CVE-2018-17980
Microsoft SQL Server REGSRVR XML External Entity Injection CVE-2018-8533
Microsoft SQL Server .XEL File XML External Entity Injection CVE-2018-8527
Microsoft SQL Server .XMLA File XML External Entity Injection CVE-2018-8532
Microsoft .NET Framework CVE-2015-6099 Analysis Whitepaper MS15-118
Microsoft Baseline Security Analyzer v2.3 XML External Entity Injection ZDI-CAN-6307
FsPro Labs Event Log Explorer v4.6.1.2115 XML External Entity Injection CVE-2018-16252
Argus Surveillance DVR - Unauthenticated Directory Traversal File Disclosure CVE-2018-15745
Argus Surveillance DVR - SYSTEM Privilege Escalation 
Microsoft DirectX SDK (June 2010) Xact3.exe Trojan File Remote Code Execution 
Microsoft Windows "dnslint.exe" DNS Tool Forced drive-by Download 
Microsoft Windows Enterprise Mode Site List Manager XML External Entity Injection 
Microsoft Windows ".library-ms" Filetype Information Disclosure 
Microsoft Windows Enhanced Mitigation Toolkit Experience (EMET) XML External Entity Injection 
Windows System Information Console .MSC XML External Entity Injection CVE-2017-8710
PolarisOffice 2017 v8 Trojan File Remote Code Execution CVE-2018-12589
TrendMicro OfficeScan XG v11.0 Unauthorized Change Protection Bypass CVE-2018-10507
Microsoft Windows "FxCop" v10-12 XML External Entity Injection 
Easy Hosting Control Panel v0.37.12.b XSS Add FTP Backdoor Account CVE-2018-6361
Easy Hosting Control Panel v0.37.12.b Unverified Password Change CVE-2018-6617
Easy Hosting Control Panel v0.37.12.b Cleartext Password Storage CVE-2018-6618
Easy Hosting Control Panel v0.37.12.b Cross Site Scripting - Cookie Theft CVE-2018-6362
Easy Hosting Control Panel v0.37.12.b Multiple Cross Site Request Forgery(s) CVE-2018-6458
Easy Hosting Control Panel v0.37.12.b Insecure Crypto CVE-2018-6619
DeviceLock Plug and Play Auditor v5.72 Unicode Buffer Overflow (SEH) CVE-2018-10655
Microsoft (Win 10) InternetExplorer v11.371.16299 Denial Of Service 
Sophos Endpoint Protection v10.7 Enhanced Tamper Protection Bypass CVE-2018-4863
Sophos Endpoint Protection Control Panel v10.7 Insecure Crypto CVE-2018-9233
Microsoft Exchange Server Open Redirect CVE-2016-3378 / MS16-108
DEWESoft X3 SP1 (64-bit) installer Remote Internal Command Access CVE-2018-7756
Weblog Expert Web Server Enterprise v9.4 Authentication Bypass CVE-2018-7581
Weblog Expert Web Server Enterprise v9.4 Denial Of Service CVE-2018-7582
Softros Network Time System (Server) v2.3.4 11 Byte Denial Of Service CVE-2018-7658
DualDesk v20 Proxy.exe Server Denial Of Service CVE-2018-7583
SEGGER embOS/IP FTP Server v3.22 FTP Commands Denial Of Service CVE-2018-7449
NTCrackPipe 1.0 Local Windows Account Cracker 
NAT32 Build (22284) Remote Code Execution CVE-2018-6940
NAT32 Build (22284) Remote Code Execution - CSRF CVE-2018-6941
CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow CVE-2018-6892
CVS Suite 2009R2 Insecure Library Loading CVE-2018-6461
Adminer <= v4.3.1 Server Side Request Forgery 
BarcodeWiz ActiveX Control < 6.7 Buffer Overflow CVE-2018-5221
Oracle JDeveloper Directory Traversal CVE-2017-10273
Froxlor v0.9.37 HTML Injection 
Abyss Web Server < v2.11.6 Memory Heap Corruption 
Artica Web Proxy v3.06 Remote Code Execution CVE-2017-17055
Mist Server v2.12 Unauthenticated Persistent XSS CVE-2017-16884
Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 / SSG16-041
Avaya Office (IPO) SoftConsole Remote SEH Buffer Overflow 0day CVE-2017-11309 / ASA-2017-307
Avaya Office IPO Remote ActiveX Remote ActiveX Buffer Overflow 0day CVE-2017-12969 / ASA-2017-313
Microsoft Windows Game Definition File Editor v6.3.9600 XML External Entity 
Webmin v1.850 Remote Code Execution / SSRF CVE-2017-15644 / CVE-2017-15645 / CVE-2017-15646
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass 
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / INI Corruption CVE-2017-14086
Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084
Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection CVE-2017-14087
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery 
Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities 
Mongoose Web Server v6.5 CSRF Command Execution CVE-2017-11567
Apache2Triad Web Server Multiple Vulnerabilities CVE-2017-12965 | CVE-2017-12970 | CVE-2017-12971
Yaws Web Server v1.91 Unauthenticated Remote File Disclosure CVE-2017-10974
Firefox v54.0.1 Denial Of Service 
MySQL G0ld Brute Forcing Utility 
BIND Local Privilege Escalation CVE-2017-3141
subsonic v6.1.1 XML External Entity CVE-2017-9355
subsonic v6.1.1 Server Side Request Forgery CVE-2017-9413
subsonic v6.1.1 Password Reset CVE-2017-9415
subsonic v6.1.1 Persistent XSS CVE-2017-9024
ampache v3.8.2 Cross Site Scripting 
Secure Auditor - v3.0 Directory Traversal CVE-2017-9024
Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution CVE-2017-9046
Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection CVE-2017-9046
Mailcow v0.14 CSRF Password Reset / Add Admin / Delete Domains CVE-2017-8928
Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset CVE-2017-7615
concrete5 v8.1.0 Host Header Injection CVE-2017-7455
Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation CVE-2017-7455
Moxa MXview v2.8 Remote Private Key Disclosure CVE-2017-7455
Moxa MXview v2.8 Denial Of Service CVE-2017-7456
Moxa MX AOPC-Server v1.5 XML External Entity Injection CVE-2017-7457
Spiceworks v7.5 Remote File Overwrite / Upload CVE-2017-7237
Splunk Enterprise Information Theft CVE-2017-5607
DzSoft PHP Editor v4.2.7 File Enumeration
ExtraPuTTY v029_RC2 TFTP Denial Of Service CVE-2017-7183
Microsoft Windows DVD Maker XML External Entity File Disclosure CVE-2017-0045 / MS17-020
MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure CVE-2017-6805
FTP Voyager Scheduler v16.2.0 CSRF Remote Command Execution CVE-2017-6803
EasyCom PHP API Stack Buffer Overflow CVE-2017-5358
EasyCom SQL iPlug Denial Of Service CVE-2017-5359
Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass CVE-2017-5496
PHPShell v2.4 Session Fixation
PHPShell v2.4 Cross Site Scripting
Mailenable Multiple Privilege Escalation
Ghostscript 9.20 Filename Command Execution
PEAR Base System v1.10.1 Arbitrary File Download CVE-2017-5630
PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload
NTOPNG Web Interface v2.4 CSRF Token Bypass CVE-2017-5473
Java SE Mission Control Insecure Transport MITM CVE-2016-8328
dirList v0.3.0 Arbitrary File Upload
BoZoN 2.4 Remote Command Execution
XAMPP Control Panel Memory Corruption Denial Of Service
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability CVE-2016-7866 / APSB16-38
Symantec VIP Access Desktop Arbitrary DLL Execution CVE-2016-6593
Microsoft PowerShell XML External Entity
Apache CouchDB Local Privilege Escalation CVE-2016-8742
Microsoft Windows Media Center "ehshell.exe" XML External Entity
Microsoft Excel Starter 2010 XML External Entity
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
Microsoft Authorization Manager "azman" XML External Entity
Microsoft Event Viewer v1.0 XML External Entity CVE-2019-0948
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow
EasyPHP Devserver CSRF / Remote Command Execution
Putty Cleartext Password Storage
ScriptCase PHP RAD Tool Command Execution / SQL Injection / XSS / CSRF / User Enum
Intel Security Application Local Management Service Privilege Escalation
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
Axessh 4.2.2 Remote Denial Of Service
Rapid PHP Editor IDE Remote Command Execution
Hewlett Packard TouchSmart Calendar Privilege Escalation
Puppet Enterprise Web Interface Authentication Redirect CVE-2016-5715
Puppet Enterprise Web Interface User Enumeration
Oracle Netbeans IDE v8.1 Import Directory Traversal CVE-2016-5537
Nagios XI V5.2.9 Multiple Vulnerabilities
ZendStudio IDE v13.5.1 Privilege Escalation
Snort v2.9.7.0-WIN32 DLL Loading Vulnerability CVE-2016-1417
TeempIp XSS Cookie Theft
Necroscan <= v0.9.1 Local Buffer Overflow
Lepton CMS PHP Code Injection
Lepton CMS Directory Traversal
WSO2 Identity Server v5.1.0 XML External Entity CVE-2016-4312 | CVE-2016-4311
WSO2 Carbon Server v4.4.5 Local File Inclusion Credentials Exposure CVE-2016-4314
WSO2 Carbon Server v4.4.5 Persistent XSS Cookie Theft CVE-2016-4316
WSO2 Carbon Server v4.4.5 Cross Site Request Forgery DOS CVE-2016-4315
Nagios Network Analyzer Cross Site Scripting (XSS)
Nagios Network Analyzer Cross Site Request Forgerys
Microsoft Process Kill Utility "kill.exe" Local Buffer Overflow
WebCalendar v1.2.7 PHP Code Injection
WebCalendar v1.2.7 Cross Site Request Forgery Token Bypass
Symantec SEPM Multiple Vulnerabilities CVE-2016-3652 | CVE-2016-3653 | CVE-2016-5304
MyLittleForum v2.3.5 PHP Command Injection
Symphony CMS Session Fixation CVE-2016-4309
sNews CMS Remote Command Execution CSRF / XSS
Oracle Orakill.exe Local Buffer Overflow
SimpleSAMLphp Link Injection
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS
VMWare vSphere Web Client Flash Based Cross Site Scripting CVE-2016-2078
dns_dhcp Web Interface SQL Injection
eXtplorer v2.1.9 Archive Path Traversal CVE-2016-4313
PHPBack v1.3.0 SQL Injection
WPN-XM v0.8.6 Cross Site Scripting
WPN-XM v0.8.6 CSRF - Unauthorized MySQL / PHP.INI Tampering
op5 v7.1.9 Remote Command Execution
AbsoluteTelnet DLL Loading Vulnerability
Xoops Directory Traversal Bypass
Xoops CSRF - Remote Arbitrary User Deletions
Xoops Weak Crypto
Microsoft PowerPointViewer DLL Load Vuln Code Execution
Coppermine 1.5.40 Weak Crypto
phpMyBackupPro v.2.5 Remote Code Execution / CSRF
phpMyBackupPro v.2.5 Unrestricted File Upload
phpMyBackupPro v.2.5 Cross Site Scripting
CyberCop Scanner Smbgrind v5.5 Local Buffer Overflow
dotDefender Firewall Cross Site Request Forgery Settings Tampering
dotDefender Firewall Vulnerable Flash XSS
Mezzanine CMS 4.1.0 Unrestricted File Upload
Mezzanine CMS 4.1.0 Cross Site Scripting
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto
Java Platform SE 6 U24 HtmlConverter.exe Local Buffer Overflow
FTPShell Client v5.24 Local Buffer Overflow
AccessDiver V4.301 Local Buffer Overflow
phpback v1.1 Cross Site Scripting
ZEN-PHOTO-1.4.10 Local File Inclusion
ZEN-PHOTO-1.4.10 Cross Site Scripting
IBM i Access Buffer Overflow Code Execution CVE-2015-2023
IBM i Access Buffer Overflow Denial Of Service CVE-2015-7422
CF Image Host PHP Command Injection
b374k Web Shell CSRF Command Injection
Microsoft .NET Framework Elevation of Privilege CVE-2015-6099 / MS15-118
TCPing 2.1.0 Local Buffer Overflow
PHP Server Monitor 3.1.1 Privilege Escalation
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Blat.exe v2.7.6 SMTP/NNTP Mailer Local Buffer Overflow
Adobe Workgroup Helper Stack Buffer Overflow
Zope Management Interface Cross Site Request Forgery CVE-2015-7293
LanWhoIs.exe Local Stack Buffer Overflow
LanSpy Local Buffer Overflow
MakeSFX.exe v1.44 Local Buffer Overflow
Git-1.9.5 ssh-agent.exe Local Buffer Overflow
FortiManager Multiple Cross Site Scripting CVE-2015-8037 | CVE-2015-8038
Microsoft Exchange OWA Information Disclosure CVE-2015-2505 / MS15-103
Openfire 3.10.2 Unrestricted File Upload
Openfire 3.10.2 Remote File Inclusion
Openfire 3.10.2 Privilege Escalation CVE-2015-7707
Openfire 3.10.2 Cross Site Scripting CVE-2015-6972
Openfire 3.10.2 Cross Site Request Forgery CVE-2015-6973
Checkpoint IKEView NGX R60 Local Stack Buffer Overflow
Checkpoint IKEView Fox beta 1 Local Stack Buffer Overflow
JSPMySQL Administrador CVE-2015-6944 | CVE-2015-6945
Trend Micro DDI Cross Site Scripting CVE-2015-2872
Trend Micro DDI Authentication Bypass CVE-2015-2873
PHP File Navigator Persistent & Reflected XSS
PHP File Navigator Privilege Escalation
PHP File Navigator CSRF
phpIPAM XSS CVE-2015-6529
FortiSandbox WebUI Cross Site Scripting CVE-2015-7360
PHP FileManager Remote Command Execution CVE-2015-5958
Hawkeye-G Request Forgery System Tampering CVE-2015-2878
Open Web Analytics Insecure Crypto, Password Disclosure & XSS
Symantec EP Local Denial Of Service
PHPLiteAdmin CSRF & XSS CVE-2015-6518
Novius-OS Persistent XSS, Local File Inclusion & Open Redirect CVE-2015-5354 | CVE-2015-5353
GeniXCMS XSS CVE-2015-5066
MySQL Lite Administrator Cross Site Scripting CVE-2015-5064
ZCMS 1.1 SQL Injection & Persistent XSS CVE-2015-7346 | CVE-2015-7347
SilverStripe CMS Open Redirect & XSS CVE-2015-5063 | CVE-2015-5062
Symphony CMS Cross Site Scripting CVE-2015-4661
VFront CSRF & Persistent XSS
Enhanced SQL Portal Cross Site Scripting CVE-2015-4660
Sypex Dumper Cross Site Scripting
JSPMyAdmin SQL Injection, CSRF & XSS
DbNinja Flash Based XSS
Webgrind XSS
Sidu XSS
SQLBuddy Local File Inclusion
Wing FTP Add User Request Forgery
Wing FTP Admin XSS

[+] Vulnerability Reporting Acknowledgements [+]
Microsoft June 2019
Microsoft 2019
Microsoft 2017
Malwarebytes 2017
Adobe 2017
Fortinet Fortinet
Trend Micro
Microsoft Online Services (June, July, November 2015, August 2016)
Contact: apparitionsec[at]gmail.com
PGP Key Download
PGP Key Raw
[+] Disclaimer [+]
This site is for educational and research purpose only. The author of this site doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever. Moreover, the author of the site prohibits any malicious misuse of security informations contained and found here or elsewhere. This website and all of its content is copyright of hyp3rlinx - (c) hyp3rlinx TM 2015. All rights reserved