978 matches found
Fast CD Ripper V1.8rc1 Denial of Service Exploit
Exploit Title: Fast CD Ripper V1.8rc1 Denial of Service Exploit Date: 20.04.2022 Vendor Homepage:https://www.litexmedia.com Software Link: https://en.softonic.com/download/fast-cd-ripper/windows/post-download Exploit Author: Achilles Tested Version: V1.7-V1.8rc1 Tested on: Windows 7 x64 1.- Run...
Audio Conversion Wizard V2.01 Denial of Service Exploit
Exploit Title: Audio Conversion Wizard V2.01 Denial of Service Exploit Date: 20.04.2022 Vendor Homepage:https://www.litexmedia.com Software Link: https://www.litexmedia.com/acwizard.exe Exploit Author: Achilles Tested Version: V2.01 Tested on: Windows 7 x64 1.- Run python code :Audio.py 2.- Open...
Karaoke Video Creator V2.5.6.3 Denial of Service Exploit
Exploit Title: Karaoke Video Creator V2.5.6.3 Denial of Service Exploit Date: 20.04.2022 Vendor Homepage:https://www.powerkaraoke.com Software Link: https://www.powerkaraoke.com/download/karaoke-video-creator-setup.exe?v=2.5.6.3 Exploit Author: Achilles Tested Version: V2.5.6.3 Tested on: Windows...
Xlight FTP 3.9.3.2 Buffer Overflow Exploit
Exploit Title: Xlight FTP v3.9.3.2 - Buffer Overflow SEH Egghunter + ROP Exploit Author: Hejap Zairy Software Link: http://www.xlightftpd.com/download/setup.exe Tested Version: v3.9.3.22022-1-5 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy Al...
Audio Conversion Wizard v2.01 - Buffer Overflow Exploit
Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content to Clipboard 3.-...
Cobian Backup 11 Gravity 11.2.0.582 Denial Of Service
Exploit Title: Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2022-02-16 Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type:...
25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question...
GHSA-6P56-WP2H-9HXR NumPy Buffer Overflow (Disputed)
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulnerability; In very...
CVE-2021-33430
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In very...
CVE-2021-33430
CVE-2021-33430 affects NumPy 1.9.x: a buffer overflow in PyArray_NewFromDescr_int (ctors.c) when creating very large arrays (>32) could cause a Denial of Service. The issue is disputed by the vendor as a vulnerability in some reports, and exploitation is constrained to unlikely API conditions....
Kingdia CD Extractor 3.0.2 Buffer Overflow
Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Date: 31.10.2021 Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt...
YouTube Video Grabber 1.9.9.1 Buffer Overflow
Exploit Title: YouTube Video Grabber 1.9.9.1 - Buffer Overflow SEH Date: 01.11.2021 Software Link: https://www.litexmedia.com/ytgrabber.exe Exploit Author: Achilles Tested Version: 1.9.9.1 Tested on: Windows 7 64bit 1.- Run python code : YouTube.py 2.- Open EVIL.txt and copy All content to...
Ether MP3 CD Burner 1.3.8 - Buffer Overflow (SEH) Exploit
Exploit Title: EtherMP3CDBurner 1.3.8 - Buffer Overflow SEH Software Link: https://mp3-avi-mpeg-wmv-rm-to-audio-cd-burner.software.informer.com/download/?caa8ec-1.2 Software Link 2: https://anonfiles.com/X2Ff36J6ue/ethercdburnerexe Exploit Author: Achilles Tested Version: 1.3.8 Tested on: Windows...
Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH)
Exploit Title: EtherMP3CDBurner 1.3.8 - Buffer Overflow SEH Date: 24.09.2021 Software Link: https://mp3-avi-mpeg-wmv-rm-to-audio-cd-burner.software.informer.com/download/?caa8ec-1.2 Software Link 2: https://anonfiles.com/X2Ff36J6ue/ethercdburnerexe Exploit Author: Achilles Tested Version: 1.3.8...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
Remote code execution
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
Design/Logic Flaw
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...