320 matches found
Microsoft Edge Chakra Incorrect Jit Optimization Exploit
This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient. Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter 2 CVE-2017-8548 I think the fix for 1045 is incorrect. Here's the original Po...
Google Chrome RCE + Sandbox Escape 0day Exploit
Item name: Google Chrome RCE + Sandbox Escape 0day Exploit 2. Affected OS : Windows 10 3. Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable? The vulnerability is present in the 32-bit and 64-bit versions of Google Chrome. With this vulnerability, you...
WonderCMS 2.1.0 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and...
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'AlienVault USM/OSSIM API Command Execution', 'Description' = %q This modu...
PonyOS 4.0 - fluttershy LD_LIBRARY_PATH Local Kernel Exploit
Exploit for linux platform in category local exploits !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for...
CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC) Exploit
Exploit for windows platform in category dos / poc import socket import binascii import time import struct s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.settimeout1 s.connect"10.101.0.85", 8400 def srp=None, r=None: if p: print "sending %d bytes: %s " % lenp/2,p payl = binascii.a2bhexp...
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
Exploit for multiple platform in category web applications document auto& htmlDocument = downcastdocument; auto atomicPropertyName = propertyName.publicName; if atomicPropertyName && htmlDocument.hasWindowNamedItematomicPropertyName JSValue namedItem; if...
Broadcom Wi-Fi SoC - dhd_handle_swc_evt Heap Overflow Exploit
Exploit for hardware platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1061 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and ar...
Cisco ASA - WebVPN CIFS Handling Buffer Overflow Vulnerability
Exploit for hardware platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=998 The WebVPN http server exposes a way of accessing files from CIFS with a url hook of the form: https://portal/+webvpn+/CIFSR/shareserver/sharename/file. When someone logged in...
SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
Exploit for windows platform in category web applications SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with w...
macOS 10.11.* / 10.12.* Kernel Code Execution - SIP bypass 0day Exploit
Privilege Escalation Exploit for OS macOS from root to kernel. Usage Info sudo ./exploit This is private exploit. You can buy it at https://0day.today...
Haraj v2 Script Shell Upload Vulnerability
Exploit for php platform in category web applications |----------------------------| | xBADGIRL21 | | N3W PUBLIC 3XPL0IT | | , | | 0day T == -- | | /-' | | // | | x21 | |----------------------------| | Exploit Title : Haraj v2 Script Shell Upload Vulnerability | Exploit Author : xBADGIRL21 | Dork...
Google Chrome + Fedora 25 / Ubuntu 16.04 - tracker-extract / gnome-video-thumbnailer + totem Drive-B
Exploit for linux platform in category local exploits Overview Full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error. I had a lot of fun...
Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
Source: https://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html Overview Full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interestin...
Android Mitigation Bypass Vulnerability
Because of a design bug in IOMX, the user-supplied sizes in the GETPARAMETER and SETPARAMETER calls ar e discarded before calling in to the responsible OMX code-paths. This has led to a variety of overflow-type bugs. Android: mitigation bypass - the guard page creation in IOMX can fail...
Microsoft Edge - FillFromPrototypes Type Confusion Exploit
Exploit for windows platform in category dos / poc var a = new Array0x11111111, 0x22222222, 0x33333333, 0x44444444, 0x12121212, 0x23232323, 0x12345670, 0x7777; var handler = getPrototypeOf: functiontarget, name...
DWebPro 8.4.2 - Multiple Vulnerabilities
Exploit for windows platform in category remote exploits Exploit Title: DWebPro 8.4.2 Remote Binary Execution Date: 01/10/2016 Exploit Author: Tulpa Contact: email protected Author website: www.tulpa-security.com Author twitter: @tulpasecurity Vendor Homepage: http://www.dwebpro.com/ Software Lin...
PHP 5.0.0 - 'html_doc_file()' Local Denial of Service
Exploit for php platform in category dos / poc 0day.today 2018-03-28...
PHP 5.0.0 - 'imap_mail()' Local Denial of Service
Exploit for php platform in category dos / poc 0day.today 2018-03-28...
PHP 5.0.0 - 'xmldocfile()' Local Denial of Service
Exploit for php platform in category dos / poc 0day.today 2018-01-01...