[--]( ISR ApparitionSec | 0x4C4C4548 )[--]
*** This site is by hyp3rlinx. Here you will find various security related informations of some
of my research. By continuing to access this site you are agreeing to the full disclaimer below. ***

Symantec VIP Access Desktop Arbitrary DLL Execution CVE-2016-6593
Microsoft PowerShell XML External Entity
Apache CouchDB Local Privilege Escalation CVE-2016-8742
Microsoft Windows Media Center "ehshell.exe" XML External Entity
Microsoft Excel Starter 2010 XML External Entity
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
Microsoft Authorization Manager "azman" XML External Entity
Microsoft Event Viewer v1.0 XML External Entity
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow
EasyPHP Devserver CSRF / Remote Command Execution
Putty Cleartext Password Storage
ScriptCase PHP RAD Tool Command Execution / SQL Injection / XSS / CSRF / User Enum
Intel Identity Protection Technology Service Privilege Escalation
Intel Security Application Local Management Service Privilege Escalation
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
Axessh 4.2.2 Remote Denial Of Service
Rapid PHP Editor IDE Remote Command Execution
Hewlett Packard TouchSmart Calendar Privilege Escalation
wincvs-2.0.2.4 Privilege Escalation
CVSNT v2.0.51d Privilege Escalation
Puppet Enterprise Web Interface Authentication Redirect CVE-2016-5715
Puppet Enterprise Web Interface User Enumeration
Oracle Netbeans IDE v8.1 Import Directory Traversal CVE-2016-5537
Nagios XI V5.2.9 Multiple Vulnerabilities
ZendStudio IDE v13.5.1 Privilege Escalation
Snort v2.9.7.0-WIN32 DLL Loading Vulnerability CVE-2016-1417
TeempIp XSS Cookie Theft
Necroscan <= v0.9.1 Local Buffer Overflow
Lepton CMS PHP Code Injection
Lepton CMS Directory Traversal
WSO2 Identity Server v5.1.0 XML External Entity CVE-2016-4312 / CVE-2016-4311
WSO2 Carbon Server v4.4.5 Local File Inclusion Credentials Exposure CVE-2016-4314
WSO2 Carbon Server v4.4.5 Persistent XSS Cookie Theft CVE-2016-4316
WSO2 Carbon Server v4.4.5 Cross Site Request Forgery DOS CVE-2016-4315
AirSnort v0.2.7 Stack Corruption DOS
Any Video Converter DLL Loading Vulnerabiity
Nagios Network Analyzer Cross Site Scripting (XSS)
Nagios Network Analyzer Cross Site Request Forgerys
Microsoft WinDbg logviewer.exe Local Buffer Overflow
Microsoft Process Kill Utility "kill.exe" Local Buffer Overflow
WebCalendar v1.2.7 PHP Code Injection
WebCalendar v1.2.7 Cross Site Request Forgery Token Bypass
Symantec SEPM Multiple Vulnerabilities CVE-2016-3652 / CVE-2016-3653 / CVE-2016-5304
MyLittleForum v2.3.5 PHP Command Injection
Symphony CMS Session Fixation CVE-2016-4309
sNews CMS Remote Command Execution CSRF / XSS
Oracle Orakill.exe Local Buffer Overflow
SimpleSAMLphp Link Injection
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS
VMWare vSphere Web Client Flash Based Cross Site Scripting CVE-2016-2078
dns_dhcp Web Interface SQL Injection
eXtplorer v2.1.9 Archive Path Traversal CVE-2016-4313
PHPBack v1.3.0 SQL Injection
CAM UnZip v5 Archive Path Traversal
WPN-XM v0.8.6 Cross Site Scripting
WPN-XM v0.8.6 CSRF - Unauthorized MySQL / PHP.INI Tampering
op5 v7.1.9 Remote Command Execution
Trend Micro DDI Cross Site Request Forgerys
AbsoluteTelnet DLL Loading Vulnerability
Xoops 2.5.7.2 Directory Traversal Bypass
Xoops 2.5.7.2 CSRF - Remote Arbitrary User Deletions
Xoops 2.5.7.2 Weak Crypto
Microsoft PowerPointViewer DLL Load Vuln Code Execution
Coppermine 1.5.40 Weak Crypto
phpMyBackupPro v.2.5 Remote Code Execution / CSRF
phpMyBackupPro v.2.5 Unrestricted File Upload
phpMyBackupPro v.2.5 Cross Site Scripting
CyberCop Scanner Smbgrind v5.5 Local Buffer Overflow
dotDefender Firewall Cross Site Request Forgery Settings Tampering
dotDefender Firewall Vulnerable Flash XSS
Mezzanine CMS 4.1.0 Unrestricted File Upload
Mezzanine CMS 4.1.0 Cross Site Scripting
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto
Java Platform SE 6 U24 HtmlConverter.exe Local Buffer Overflow
Advanced Electron Forum Remote File Inclusion
Advanced Electron Forum Cross Site Scripting
Advanced Electron Forum Cross Site Request Forgery
FTPShell Client v5.24 Local Buffer Overflow
AccessDiver V4.301 Local Buffer Overflow
PHPDevShell V3.2.0 Cross Site Scripting
phpback v1.1 Cross Site Scripting
ZEN-PHOTO-1.4.10 Local File Inclusion
ZEN-PHOTO-1.4.10 Cross Site Scripting
IBM i Access Buffer Overflow Code Execution CVE-2015-2023
IBM i Access Buffer Overflow Denial Of Service CVE-2015-7422
CF Image Host PHP Command Injection
CF Image Host Cross Site Scripting
CF Image Host Cross Site Request Forgery
b374k Web Shell CSRF Command Injection
Microsoft .NET Framework Elevation of Privilege CVE-2015-6099 / MS15-118
NXFilter v3.0.3 Cross Site Scripting
NXFilter v3.0.3 Cross Site Request Forgery
TCPing 2.1.0 Local Buffer Overflow
PHP Server Monitor 3.1.1 Privilege Escalation
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Blat.exe v2.7.6 SMTP/NNTP Mailer Local Buffer Overflow
Adobe Workgroup Helper Stack Buffer Overflow
Zope Management Interface Cross Site Request Forgery CVE-2015-7293
LanWhoIs.exe 1.0.1.120 Local Stack Buffer Overflow
LanSpy 2.0.0.155 Local Buffer Overflow
FTGate Version 7 Cross Site Request Forgery
FTGate 2009 Build 6.4.00 Cross Site Scripting
FTGate 2009 Build 6.4.00 Remote Denial Of Service
FTGate 2009 Build 6.4.00 Cross Site Request Forgery
MakeSFX.exe v1.44 Local Buffer Overflow
Git-1.9.5 ssh-agent.exe Local Buffer Overflow
FortiManager Multiple Cross Site Scripting CVE-2015-8037, CVE-2015-8038
Microsoft Exchange OWA Information Cookie Disclosure CVE-2015-2505 / MS15-103
Openfire 3.10.2 Unrestricted File Upload
Openfire 3.10.2 Remote File Inclusion
Openfire 3.10.2 Privilege Escalation CVE-2015-7707
Openfire 3.10.2 Cross Site Scripting CVE-2015-6972
Openfire 3.10.2 Cross Site Request Forgery CVE-2015-6973
IKEView NGX R60 Local Stack Buffer Overflow
IKEView Fox beta 1 Local Stack Buffer Overflow
Monsta FTP CSRF & XSS
JSPMySQL Administrador CSRF & XSS CVE-2015-6944, CVE-2015-6945
Trend Micro DD Cross Site Scripting CVE-2015-2872
Trend Micro DD Authentication Bypass CVE-2015-2873
PHP File Navigator Persistent & Reflected XSS
PHP File Navigator Privilege Escalation
PHP File Navigator CSRF
phpIPAM XSS CVE-2015-6529
FortiSandbox WebUI Cross Site Scripting CVE-2015-7360
PHP FileManager CSRF Backdoor Shell
PHP FileManager CSRF Remote Command Execution CVE-2015-5958
Hawkeye-G Persistent XSS & Information Leakage
Hawkeye-G Cross Site Request Forgery System Tampering CVE-2015-2878
Open Web Analytics Insecure Crypto, Password Disclosure & XSS
phpSQLiteCMS CSRF, Unrestricted File Upload, Privilege Escalation & XSS
Symantec EP Local Denial Of Service
PHPLiteAdmin CSRF & XSS CVE-2015-6518
Novius-OS Persistent XSS, Local File Inclusion & Open Redirect CVE-2015-5354, CVE-2015-5353
GeniXCMS XSS CVE-2015-5066
MySQL Lite Administrator Cross Site Scripting CVE-2015-5064
ZCMS 1.1 SQL Injection & Persistent XSS CVE-2015-7346, CVE-2015-7347
Nakid CMS CSRF, Persistent XSS & Local File Inclusion
SilverStripe CMS Open Redirect & XSS CVE-2015-5063, CVE-2015-5062
Symphony CMS Cross Site Scripting CVE-2015-4661
VFront CSRF & Persistent XSS
Enhanced SQL Portal Cross Site Scripting CVE-2015-4660
Sypex Dumper Cross Site Scripting
JSPMyAdmin SQL Injection, CSRF & XSS
DbNinja Flash Based XSS
Webgrind XSS
DBKiss XSS
TinyMy XSS
Sidu XSS
SQLBuddy Local File Inclusion
Wing FTP Add User Cross Site Request Forgery
Wing FTP Admin XSS

[+] Vulnerability Reporting Acknowledgements [+]
VMware
IBM
Fortinet
Fortinet
Trend Micro
Microsoft Online Services (June, July, November 2015, August 2016)
[+] Disclaimer [+]
This site is for educational and research purpose only. The author of this site doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever. Moreover, the author of the site prohibits any malicious misuse of security informations contained and found here or elsewhere. This website and all of its content is copyright of hyp3rlinx - (c) hyp3rlinx TM 2015. All rights reserved