[--]( ISR ApparitionSec | 0x4C4C4548 )[--]
*** This site is by hyp3rlinx. Here you will find various security related informations
of my discoverys. By continuing to access this site you are agreeing to the full disclaimer below. ***

Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset CVE-2017-7615
concrete5 v8.1.0 Host Header Injection CVE-2017-7455
Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation CVE-2017-7455
Moxa MXview v2.8 Remote Private Key Disclosure CVE-2017-7455
Moxa MXview v2.8 Denial Of Service CVE-2017-7456
Moxa MX AOPC-Server v1.5 XML External Entity Injection CVE-2017-7457
Spiceworks v7.5 Remote File Overwrite / Upload CVE-2017-7237
Splunk Enterprise Information Theft CVE-2017-5607
DzSoft PHP Editor v4.2.7 File Enumeration
ExtraPuTTY v029_RC2 TFTP Denial Of Service CVE-2017-7183
Microsoft Windows DVD Maker XML External Entity File Disclosure CVE-2017-0045 / MS17-020
MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure CVE-2017-6805
FTP Voyager Scheduler v16.2.0 CSRF Remote Command Execution CVE-2017-6803
EasyCom PHP API Stack Buffer Overflow CVE-2017-5358
EasyCom SQL iPlug Denial Of Service CVE-2017-5359
Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass CVE-2017-5496
PHPShell v2.4 Session Fixation
PHPShell v2.4 Cross Site Scripting
Mailenable Multiple Privilege Escalation
Ghostscript 9.20 Filename Command Execution
PEAR Base System v1.10.1 Arbitrary File Download CVE-2017-5630
PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload
NTOPNG Web Interface v2.4 CSRF Token Bypass CVE-2017-5473
Java SE Mission Control Insecure Transport MITM CVE-2016-8328
dirList v0.3.0 Arbitrary File Upload
BoZoN 2.4 Remote Command Execution
XAMPP Control Panel Memory Corruption Denial Of Service
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability CVE-2016-7866 / APSB16-38
Symantec VIP Access Desktop Arbitrary DLL Execution CVE-2016-6593
Microsoft PowerShell XML External Entity
Apache CouchDB Local Privilege Escalation CVE-2016-8742
Microsoft Windows Media Center "ehshell.exe" XML External Entity
Microsoft Excel Starter 2010 XML External Entity
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
Microsoft Authorization Manager "azman" XML External Entity
Microsoft Event Viewer v1.0 XML External Entity
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow
EasyPHP Devserver CSRF / Remote Command Execution
Putty Cleartext Password Storage
ScriptCase PHP RAD Tool Command Execution / SQL Injection / XSS / CSRF / User Enum
Intel Identity Protection Technology Service Privilege Escalation
Intel Security Application Local Management Service Privilege Escalation
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
Axessh 4.2.2 Remote Denial Of Service
Rapid PHP Editor IDE Remote Command Execution
Hewlett Packard TouchSmart Calendar Privilege Escalation
wincvs- Privilege Escalation
CVSNT v2.0.51d Privilege Escalation
Puppet Enterprise Web Interface Authentication Redirect CVE-2016-5715
Puppet Enterprise Web Interface User Enumeration
Oracle Netbeans IDE v8.1 Import Directory Traversal CVE-2016-5537
Nagios XI V5.2.9 Multiple Vulnerabilities
ZendStudio IDE v13.5.1 Privilege Escalation
Snort v2.9.7.0-WIN32 DLL Loading Vulnerability CVE-2016-1417
TeempIp XSS Cookie Theft
Necroscan <= v0.9.1 Local Buffer Overflow
Lepton CMS PHP Code Injection
Lepton CMS Directory Traversal
WSO2 Identity Server v5.1.0 XML External Entity CVE-2016-4312 / CVE-2016-4311
WSO2 Carbon Server v4.4.5 Local File Inclusion Credentials Exposure CVE-2016-4314
WSO2 Carbon Server v4.4.5 Persistent XSS Cookie Theft CVE-2016-4316
WSO2 Carbon Server v4.4.5 Cross Site Request Forgery DOS CVE-2016-4315
AirSnort v0.2.7 Stack Corruption DOS
Any Video Converter DLL Loading Vulnerabiity
Nagios Network Analyzer Cross Site Scripting (XSS)
Nagios Network Analyzer Cross Site Request Forgerys
Microsoft WinDbg logviewer.exe Local Buffer Overflow
Microsoft Process Kill Utility "kill.exe" Local Buffer Overflow
WebCalendar v1.2.7 PHP Code Injection
WebCalendar v1.2.7 Cross Site Request Forgery Token Bypass
Symantec SEPM Multiple Vulnerabilities CVE-2016-3652 / CVE-2016-3653 / CVE-2016-5304
MyLittleForum v2.3.5 PHP Command Injection
Symphony CMS Session Fixation CVE-2016-4309
sNews CMS Remote Command Execution CSRF / XSS
Oracle Orakill.exe Local Buffer Overflow
SimpleSAMLphp Link Injection
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS
VMWare vSphere Web Client Flash Based Cross Site Scripting CVE-2016-2078
dns_dhcp Web Interface SQL Injection
eXtplorer v2.1.9 Archive Path Traversal CVE-2016-4313
PHPBack v1.3.0 SQL Injection
CAM UnZip v5 Archive Path Traversal
WPN-XM v0.8.6 Cross Site Scripting
WPN-XM v0.8.6 CSRF - Unauthorized MySQL / PHP.INI Tampering
op5 v7.1.9 Remote Command Execution
Trend Micro DDI Cross Site Request Forgerys
AbsoluteTelnet DLL Loading Vulnerability
Xoops Directory Traversal Bypass
Xoops CSRF - Remote Arbitrary User Deletions
Xoops Weak Crypto
Microsoft PowerPointViewer DLL Load Vuln Code Execution
Coppermine 1.5.40 Weak Crypto
phpMyBackupPro v.2.5 Remote Code Execution / CSRF
phpMyBackupPro v.2.5 Unrestricted File Upload
phpMyBackupPro v.2.5 Cross Site Scripting
CyberCop Scanner Smbgrind v5.5 Local Buffer Overflow
dotDefender Firewall Cross Site Request Forgery Settings Tampering
dotDefender Firewall Vulnerable Flash XSS
Mezzanine CMS 4.1.0 Unrestricted File Upload
Mezzanine CMS 4.1.0 Cross Site Scripting
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto
Java Platform SE 6 U24 HtmlConverter.exe Local Buffer Overflow
Advanced Electron Forum Remote File Inclusion
Advanced Electron Forum Cross Site Scripting
Advanced Electron Forum Cross Site Request Forgery
FTPShell Client v5.24 Local Buffer Overflow
AccessDiver V4.301 Local Buffer Overflow
PHPDevShell V3.2.0 Cross Site Scripting
phpback v1.1 Cross Site Scripting
ZEN-PHOTO-1.4.10 Local File Inclusion
ZEN-PHOTO-1.4.10 Cross Site Scripting
IBM i Access Buffer Overflow Code Execution CVE-2015-2023
IBM i Access Buffer Overflow Denial Of Service CVE-2015-7422
CF Image Host PHP Command Injection
CF Image Host Cross Site Scripting
CF Image Host Cross Site Request Forgery
b374k Web Shell CSRF Command Injection
Microsoft .NET Framework Elevation of Privilege CVE-2015-6099 / MS15-118
NXFilter v3.0.3 Cross Site Scripting
NXFilter v3.0.3 Cross Site Request Forgery
TCPing 2.1.0 Local Buffer Overflow
PHP Server Monitor 3.1.1 Privilege Escalation
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Blat.exe v2.7.6 SMTP/NNTP Mailer Local Buffer Overflow
Adobe Workgroup Helper Stack Buffer Overflow
Zope Management Interface Cross Site Request Forgery CVE-2015-7293
LanWhoIs.exe Local Stack Buffer Overflow
LanSpy Local Buffer Overflow
FTGate Version 7 Cross Site Request Forgery
FTGate 2009 Build 6.4.00 Cross Site Scripting
FTGate 2009 Build 6.4.00 Remote Denial Of Service
FTGate 2009 Build 6.4.00 Cross Site Request Forgery
MakeSFX.exe v1.44 Local Buffer Overflow
Git-1.9.5 ssh-agent.exe Local Buffer Overflow
FortiManager Multiple Cross Site Scripting CVE-2015-8037, CVE-2015-8038
Microsoft Exchange OWA Information Cookie Disclosure CVE-2015-2505 / MS15-103
Openfire 3.10.2 Unrestricted File Upload
Openfire 3.10.2 Remote File Inclusion
Openfire 3.10.2 Privilege Escalation CVE-2015-7707
Openfire 3.10.2 Cross Site Scripting CVE-2015-6972
Openfire 3.10.2 Cross Site Request Forgery CVE-2015-6973
IKEView NGX R60 Local Stack Buffer Overflow
IKEView Fox beta 1 Local Stack Buffer Overflow
JSPMySQL Administrador CSRF & XSS CVE-2015-6944, CVE-2015-6945
Trend Micro DD Cross Site Scripting CVE-2015-2872
Trend Micro DD Authentication Bypass CVE-2015-2873
PHP File Navigator Persistent & Reflected XSS
PHP File Navigator Privilege Escalation
PHP File Navigator CSRF
phpIPAM XSS CVE-2015-6529
FortiSandbox WebUI Cross Site Scripting CVE-2015-7360
PHP FileManager CSRF Backdoor Shell
PHP FileManager CSRF Remote Command Execution CVE-2015-5958
Hawkeye-G Persistent XSS & Information Leakage
Hawkeye-G Cross Site Request Forgery System Tampering CVE-2015-2878
Open Web Analytics Insecure Crypto, Password Disclosure & XSS
phpSQLiteCMS CSRF, Unrestricted File Upload, Privilege Escalation & XSS
Symantec EP Local Denial Of Service
PHPLiteAdmin CSRF & XSS CVE-2015-6518
Novius-OS Persistent XSS, Local File Inclusion & Open Redirect CVE-2015-5354, CVE-2015-5353
GeniXCMS XSS CVE-2015-5066
MySQL Lite Administrator Cross Site Scripting CVE-2015-5064
ZCMS 1.1 SQL Injection & Persistent XSS CVE-2015-7346, CVE-2015-7347
Nakid CMS CSRF, Persistent XSS & Local File Inclusion
SilverStripe CMS Open Redirect & XSS CVE-2015-5063, CVE-2015-5062
Symphony CMS Cross Site Scripting CVE-2015-4661
VFront CSRF & Persistent XSS
Enhanced SQL Portal Cross Site Scripting CVE-2015-4660
Sypex Dumper Cross Site Scripting
JSPMyAdmin SQL Injection, CSRF & XSS
DbNinja Flash Based XSS
Webgrind XSS
TinyMy XSS
Sidu XSS
SQLBuddy Local File Inclusion
Wing FTP Add User Cross Site Request Forgery
Wing FTP Admin XSS

[+] Vulnerability Reporting Acknowledgements [+]
Microsoft 2017
Adobe 2017
Fortinet Fortinet
Trend Micro
Microsoft Online Services (June, July, November 2015, August 2016)
[+] Disclaimer [+]
This site is for educational and research purpose only. The author of this site doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever. Moreover, the author of the site prohibits any malicious misuse of security informations contained and found here or elsewhere. This website and all of its content is copyright of hyp3rlinx - (c) hyp3rlinx TM 2015. All rights reserved