[--]( ISR apparitionsec | 0x4C4C4548)[--]
*** This site is by hyp3rlinx. Here you will find various security related informations of some
of my research. By continuing to access this site you are agreeing to the full disclaimer below. ***

Puppet Enterprise Web Interface Authentication Redirect CVE-2016-5715
Puppet Enterprise Web Interface User Enumeration
Oracle Netbeans IDE v8.1 Import Directory Traversal CVE-2016-5537
Nagios XI V5.2.9 Multiple Vulnerabilities
ZendStudio IDE v13.5.1 Privilege Escalation
Snort v2.9.7.0-WIN32 DLL Hijacking CVE-2016-1417
TeempIp XSS Cookie Theft
Necroscan <= v0.9.1 Buffer Overflow
Lepton CMS PHP Code Injection
Lepton CMS Directory Traversal
WSO2 Identity Server v5.1.0 XML External Entity CVE-2016-4312 / CVE-2016-4311
WSO2 Carbon Server v4.4.5 Local File Inclusion CVE-2016-4314
WSO2 Carbon Server v4.4.5 Persistent XSS Cookie Theft CVE-2016-4316
WSO2 Carbon Server v4.4.5 CSRF DOS CVE-2016-4315
AirSnort v0.2.7 Stack Corruption DOS
Any Video Converter DLL Hijack
Nagios Network Analyzer XSS
Nagios Network Analyzer CSRFs
Microsoft WinDbg logviewer.exe Buffer Overflow DOS
Microsoft Process Kill Utility "kill.exe" Buffer Overflow
WebCalendar v1.2.7 PHP Code Injection
WebCalendar v1.2.7 CSRF Protection Bypass
Symantec SEPM Multiple Vulnerabilities CVE-2016-3652 / CVE-2016-3653 / CVE-2016-5304
MyLittleForum v2.3.5 PHP Command Injection
Symphony CMS Session Fixation CVE-2016-4309
sNews CMS Remote Command Execution / CSRF / XSS
Oracle Orakill.exe Buffer Overflow
SimpleSAMLphp Link Injection
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS
VMWare vSphere Web Client Flash XSS CVE-2016-2078
dns_dhcp Web Interface SQL Injection
eXtplorer v2.1.9 Archive Path Traversal CVE-2016-4313
PHPBack v1.3.0 SQL Injection
CAM UnZip v5 Archive Path Traversal
WPN-XM v0.8.6 Cross Site Scripting
WPN-XM v0.8.6 CSRF - MySQL / PHP.INI Hijacking
op5 v7.1.9 Remote Command Execution
Trend Micro DDI Cross Site Request Forgerys
AbsoluteTelnet DLL Hijacking
Xoops Directory Traversal Bypass
Xoops CSRF - Arbitrary User Deletions
Xoops Weak Crypto
Microsoft PowerPointViewer DLL Hijack Code Execution
Coppermine 1.5.40 Weak Crypto
phpMyBackupPro v.2.5 Remote Code Execution / CSRF
phpMyBackupPro v.2.5 Arbitrary File Upload
phpMyBackupPro v.2.5 XSS
CyberCop Scanner Smbgrind v5.5 Buffer Overflow
dotDefender Firewall CSRF
dotDefender Firewall Vulnerable Flash
Mezzanine CMS 4.1.0 Arbitrary File Upload
Mezzanine CMS 4.1.0 XSS
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto
Java Platform SE 6 U24 HtmlConverter.exe Buffer Overflow
Advanced Electron Forum RFI
Advanced Electron Forum XSS
Advanced Electron Forum CSRF
FTPShell Client v5.24 Buffer Overflow
AccessDiver V4.301 Buffer Overflow
PHPDevShell V3.2.0 XSS
phpback v1.1 XSS
ZEN-PHOTO-1.4.10 Local File Inclusion
IBM i Access Buffer Overflow Code Exec CVE-2015-2023
IBM i Access Buffer Overflow DOS CVE-2015-7422
CF Image Host PHP Command Injection
CF Image Host XSS
CF Image Host CSRF
b374k Web Shell CSRF Command Injection
Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099 / MS15-118
NXFilter v3.0.3 XSS
NXFilter v3.0.3 CSRF
TCPing 2.1.0 Buffer Overflow
PHP Server Monitor 3.1.1 Privilege Escalation
PHP Server Monitor 3.1.1 CSRF
Blat.exe v2.7.6 SMTP/NNTP Mailer Buffer Overflow
Adobe Workgroup Helper Stack Buffer Overflow
Zope Management Interface CSRFs CVE-2015-7293
LanWhoIs.exe Stack Buffer Overflow
LanSpy Buffer Overflow
FTGate Version 7 CSRF
FTGate 2009 Build 6.4.00 XSS
FTGate 2009 Build 6.4.00 DOS
FTGate 2009 Build 6.4.00 CSRF
MakeSFX.exe v1.44 Buffer Overflow
Git-1.9.5 ssh-agent.exe Buffer Overflow
FortiManager Multiple XSS CVE-2015-8037, CVE-2015-8038
Microsoft Exchange Information Disclosure CVE-2015-2505 / MS15-103
Openfire 3.10.2 Unrestricted File Upload
Openfire 3.10.2 Remote File Inclusion
Openfire 3.10.2 Privilege Escalation CVE-2015-7707
Openfire 3.10.2 XSS CVE-2015-6972
Openfire 3.10.2 CSRF CVE-2015-6973
IKEView NGX R60 Stack Buffer Overflow
IKEView Fox beta 1 Stack Buffer Overflow
JSPMySQL Administrador CSRF & XSS CVE-2015-6944, CVE-2015-6945
Trend Micro DD XSS CVE-2015-2872
Trend Micro DD Authentication Bypass CVE-2015-2873
PHP File Navigator Persistent & Reflected XSS
PHP File Navigator Privilege Escalation
PHP File Navigator CSRF
phpIPAM XSS CVE-2015-6529
FortiSandbox WebUI XSS CVE-2015-7360
PHP FileManager CSRF Backdoor Shell
PHP FileManager CSRF Remote Command Execution CVE-2015-5958
Hawkeye-G Persistent XSS & Information Leakage
Hawkeye-G CSRF CVE-2015-2878
Open Web Analytics Crypto, Password Disclosure & XSS
phpSQLiteCMS CSRF, Unrestricted File Upload, Privilege Escalation & XSS
Symantec EP Denial Of Service
PHPLiteAdmin CSRF & XSS CVE-2015-6518
Novius-OS Persistent XSS, LFI & Open Redirect CVE-2015-5354, CVE-2015-5353
GeniXCMS XSS CVE-2015-5066
MySQL Lite Administrator XSS CVE-2015-5064
ZCMS 1.1 SQL Injection & Persistent XSS CVE-2015-7346, CVE-2015-7347
Nakid CMS CSRF, Persistent XSS & LFI
SilverStripe CMS Open Redirect & XSS CVE-2015-5063, CVE-2015-5062
Symphony CMS XSS CVE-2015-4661
VFront CSRF & Persistent XSS
Enhanced SQL Portal XSS CVE-2015-4660
Sypex Dumper XSS
JSPMyAdmin SQL Injection, CSRF & XSS
DbNinja Flash XSS
Webgrind XSS
TinyMy XSS
Sidu XSS
SQLBuddy Local File Inclusion (LFI)
Wing FTP Admin CSRF
Wing FTP Admin XSS

[+] Vulnerability Reporting Acknowledgements [+]
Trend Micro
Microsoft Online Services (June, July, November 2015, August 2016)
[+] Disclaimer [+]
This site is for educational and research purpose only. The author of this site doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever. Moreover, the author of the site prohibits any malicious misuse of security informations contained and found here or elsewhere. This website and all of its content is copyright of hyp3rlinx - (c) hyp3rlinx TM 2015. All rights reserved