Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution

Summary DAQMaster is comprehensive device management program that can be used with Autonics thermometers, panel meters, pulse meters, and counters, etc and with Konics recorders, indicators. DAQMaster provides GUI control for easy and convenient management of parameters and multiple device data...

Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS X. The same techniques should transfer smoothly to iOS : The bug is here: void...

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)

Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux MS16-008 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=589 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 Platform: Windows 8.1, not tested any other OS...

RIPS Scanner 0.55 Multiple LFI Vulnerabilities

RIPS scanner is prone to multiple local file inclusion LFI vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Google Chrome - Renderer Process to Browser Process Privilege Escalation

Google Chrome - Renderer Process to Browser Process Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=664 There is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method. In...

Adobe Flash MovieClip.localToGlobal - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called with an integer parameter, the new constructor will get...

Adobe Flash TextField.tabIndex Setter - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leading to a use-after-free. A minimal PoC follows: var...

Microsoft Office 2007 - OneTableDocumentStream Invalid Object

Microsoft Office 2007 - OneTableDocumentStream Invalid Object Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1 The following access violation was observed in Microsoft Office 2007 Word document: 8c0.e68: Access violation - code c0000005 first chance First chan...

Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation (MS15-076)

Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation MS15-076 Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory...

WordPress 2.9 - Failure to Restrict URL Access

Description When WordPress implemented the new Trash feature they failed to change the permissions granted when the post is in the trash. This means that an unauthenticated user cannot see the post, however an authenticated user can, no matter what privileges they have, even ‘subscriber’. See...

WM Downloader 3.0.0.9 - Buffer Overflow (Meta)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

ASX to MP3 Converter 3.0.0.100 - Local stack overflow exploit

No description provided by source. !/usr/bin/python import time ASX to MP3 Converter Version 3.0.0.100 = Local stack overflow exploit Author: Hazem Mofeed PoC: http://www.exploit-db.com/exploits/11930 Tested On: Windows Xp Home Edition SP3 Home: http://hakxer.wordpress.com print ' Exploited by...

CA ARCserve D2D r15 Web Service Servlet Code Execution

No description provided by source. Computer Associates ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc product homepage: https://support.ca.com/phpdocs/0/8363/support/arcserved2dsupport.html vulnerability: The Tomcat Server, which listens for...

SurgeMail 3.0 - Real CGI executables Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27992/info SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Successfully exploiting this issue allows remote attackers to execute arbitrary machin...

JE CMS 1.0.0 - Bypass Authentication by SQL Injection Vulnerability

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-28-je-cms-1-0-0-bypass-authentication-by-sql-injection-vulnerability/ ''' Title : JE CMS 1.0.0 Bypass...

X-Chat 1.x CTCP Ping Arbitrary Remote IRC Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3830/info X-Chat is a graphical client for IRC. It requires the GTK+ toolkit, and is available for many Linux and Unix operating systems. If a CTCP ping request includes escaped newline characters and additional IRC...

Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)

Symantec Endpoint Protection Manager 12.1.x - Overflow SEH PoC Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/33056-sepm-secars-poc-v0.3.tar.gz !/usr/bin/perl -w Exploit Title: Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC...

plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak

Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execute backdoor commands.txt list of useful commands for owning remote...

MP3Info 0.8.5 SEH Buffer Overflow

Exploit Title: mp3info SEH exploit Date: 18 March 2014 Exploit Author: Ayman Sagy Vendor Homepage: http://ibiblio.org/mp3info/ Software Link: http://www.exploit-db.com/wp-content/themes/exploit/applications/cb7b619a10a40aaac2113b87bb2b2ea2-mp3info-0.8.5a.tgz Version: MP3Info 0.8.5 Tested on:...

CVE-2013-6162

creationtimestamp| type| source ---|---|--- 2013-12-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/30373...