Live Membership System 安全漏洞

Live Membership System is a live membership system by rashmi mishra individual developer. A security vulnerability exists in Live Membership System v1.0, which stems from a cross-site request forgery CSRF vulnerability found in /deletemembers.php...

Local Privilege Escalation in polkits pkexec

A bug exists in the polkit pkexec binary in how it processes arguments. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populat...

Polkit pkexec Local Privilege Escalation Exploit

This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument...

Anchor CMS 0.12.7 - CSRF (Delete user)

Exploit Title: Anchor CMS 0.12.7 - CSRF Delete user Exploit Author: Ninad Mishra Vendor Homepage: https://anchorcms.com/ Software Link: https://anchorcms.com/download Version: 0.12.7 CVE : CVE-2020-23342 PoC the cms uses get method to perform sensitive actions hence users can be deleted via...

VIM 8.2 - Denial of Service (PoC)

Exploit Title: VIM 8.2 - Denial of Service PoC Date: 2019-12-17 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal

Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Date: 2019-12-17 CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author: Dhiraj Mishra Vulnerable Version: 10.5, 11.1, 12.0, 12.1, and 13.0 Vendor...

Smart TV and then exposed vulnerabilities--Supra Smart Cloud TV vulnerability can cause the device to be hijacking-vulnerability warning-the black bar safety net

An attacker can take advantage of a smart TV vulnerability, the attack connected to the home router to get remote access. Supra smart TV in a not patched the vulnerability so that the same Wi-Fi network, the attacker can hijack the TV device, play their own content, such as a fake emergency...

Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows SetImeInfoEx Win32k NULL Pointer Dereference', 'Description' = %q This module exploits elevation of privilege vulnerability that exists i...

Epiphany Web Browser 3.28.1 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service PoC Author: Dhiraj Mishra Date: 2018-08-23 Software: https://projects-old.gnome.org/epiphany/ Version: 3.28.1 CVE: N/A Tested on: Ubuntu 18 64bit Steps to reproduce: 1. Open epiphany...

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service PoC Author: Dhiraj Mishra Date: 2018-08-23 Software: https://projects-old.gnome.org/epiphany/ Version: 3.28.1 CVE: N/A Tested on: Ubuntu 18 64bit Steps to reproduce: 1. Open epiphany browser 2. Bookmark any random page 3. Then navigat...

cgit 1.2.1 - Directory Traversal Exploit

Exploit for linux platform in category local exploits Title: cgit 1.2.1 - Directory Traversal Metasploit Author: Dhiraj Mishra Software: cgit Link: https://git.zx2c4.com/cgit/ CVE: CVE-2018-14912 This module exploits a directory traversal vulnerability which exists in cgit 'cgit Directory...

cgit 1.2.1 - Directory Traversal (Metasploit)

Title: cgit 1.2.1 - Directory Traversal Metasploit Author: Dhiraj Mishra Software: cgit Link: https://git.zx2c4.com/cgit/ Date: 2018-08-14 CVE: CVE-2018-14912 This module exploits a directory traversal vulnerability which exists in cgit 'cgit Directory Traversal', 'Description' = %q This module...

Path Traversal in Oracle GlassFish Server Open Source Edition

This module exploits an unauthenticated directory traversal vulnerability which exists in administration console of Oracle GlassFish Server 4.1, which is listening by default on port 4848/TCP. This module requires Metasploit: https://metasploit.com/download Current source:...

WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit)

WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service Metasploit Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in...

WebKitGTK+ WebKitFaviconDatabase Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If...

WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service

Summary: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash, CVE-2018-11646 was assigned to this issue. Po...

WebKitGTK+ < 2.21.3 - Crash (PoC)

Title: WebKitGTK+ win = window.open"sleeponesecond.php", "WIN"; window.open"https://www.paypal.com", "WIN"; win.document.execCommand'Stop'; win.document.write"Spoofed URL"; win.document.close; Backtrace using fedora 27: 0 WTF::StringImpl::rawHash at...

SA158: Improper Restriction of Excessive Authentication Attempts in Reporter

SUMMARY Symantec Reporter does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. AFFECTED PRODUCTS Reporter --- CVE | Affected Versions | Remediation CVE-2017-15531 | 10...

Metasploit Cross Site Rquest Forgery

Exploit Title: CSRF Date: Wed, Aug 30, 2017 Software Link: https://www.metasploit.com/ Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-15084 R7-2017-22 Category: Metasploit Pro, Express, Ultimate, and Community 1...

Samsung Internet Browser - SOP Bypass Exploit

Exploit for Android platform in category remote exploits Hi team, below advisory for your reference, Exploit Title: SOP Bypass Date: 06 Septmber 2017 Software Link: https://play.google.com/store/apps/details?id=com.sec.android.app.sbrowser&hl=en Exploit Author: Dhiraj Mishra Contact:...