11967 matches found
WebKit: heap-buffer-overflow in JSC::SymbolTableEntry::isWatchable (CVE-2017-2469)
I confirmed the PoC crashes the release version of Safari 10.0.312602.4.8. It might need to refresh the page several times. PoC: function x = 0 var a; function arguments function b var g = 1; a5; f; g; ; Asan Log: ==55079==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000c8e88 at...
My Gaming Ladder Combo System 7.5 - SQL Injection
My Gaming Ladder Combo System 7.5 - SQL Injection Exploit Title: My Gaming Ladder Combo System 7.5 - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: http://www.mygamingladder.com/ Software: http://www.mygamingladder.com/demos.shtml Demo: http://www.mygamingladder.com/upgrade/comb...
MacOS/iOS kernel memory corruption due to off-by-one in SIOCGIFORDER socket ioctl (CVE-2017-2474)
SIOCSIFORDER and SIOCGIFORDER allow userspace programs to build and maintain the ifnetorderedhead linked list of interfaces. SIOCSIFORDER clears the existing list and allows userspace to specify an array of interface indexes used to build a new list. SIOCGIFORDER allow userspace to query the list...
MacOS/iOS kernel heap overflow in bpf (CVE-2017-2482)
The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof size; if size bpfmaxbufsize size = bpfmaxbufsize; else if size bdbufsize = size; break; d-bdbif is set to the currently attached...
Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection
!/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ', content: if ' ' in s: s = '\x20' if '\n' in s: s = '\n' else:...
PHP Forum Script v3.0 - SQL Injection
PHP Forum Script v3. 0 - SQL Injection PHP Forum Script v3. 0, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you turn off the error display, you can use the time-based and...
Safari Browser: Builtin JavaScript allows Function.caller to be used in strict mode(CVE-2017-2446)
If a builtin script in webkit is in strict mode, but then calls a function that is not strict, this function is allowed to call the Function. caller and can obtain a reference to the strict function. This is inconsistent with the behavior when executing non-builtin scripts in Safari, and the...
Samba: symlink race permits opening files outside share directory (CVE-2017-2619)
The Samba server is supposed to only grant access to the configured share directories unless the "wide links" are enabled, in which case the server is allowed to follow symlinks. The default since CVE-2010-0926 is that wide links are disabled. smbd ensures that it isn't following symlinks by...
Just Another Video Script 1.4.3 - SQL Injection
Exploit Title: Just Another Video Script 1.4.3 - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://justanothervideoscript.com/ Software: http://justanothervideoscript.com/demo Demo: http://javsdemo.com/ Version: 1.4.3 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
acacarsofdublin.com XSS vulnerability
Vulnerable URL: http://www.acacarsofdublin.com/all-inventory/index.htm?listingConfigId=AUTO-new,AUTO-used"'--!confirmOPENBUGBOUNTY...
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
For a full list of their clients please visit: https://www.checkbox.com/clients/ 1- Directory traversal vulnerability : For example to download the web.config file we can send a request as the following: http://www.example.com/Checkbox/Upload.ashx?f=....\web.config&n=web.config 2- Direct Object...
Disk Sorter Enterprise 9.5.12 - GET Buffer Overflow (SEH) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'GET' Remote buffer overflow SEH Date: 2017-03-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com Software...
Disk Sorter Enterprise 9.5.12 - GET Remote Buffer Overflow (SEH)
Disk Sorter Enterprise 9.5.12 - GET Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'GET' Remote buffer overflow SEH Date: 2017-03-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com...
FTPShell Client 6.53 - 'Session name' Local Buffer Overflow
print ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: FTPShell Client 6.53 Session name BufferOverflow Date: 2017.03.17 Exploit Author: Greg Priest Version: FTPShell Client 6.53 Tested on: Windows7 x64 HUN/ENG Professional ''' a = "A" 460 b =...
CVE-2012-4699
...
CVE-2013-0697
CVE-2013-0697 is rejected/not used and does not represent an active vulnerability entry.
The regular expression uses the improper triggering of the system command execution vulnerability-vulnerability warning-the black bar safety net
Sometimes, through a regular expression to the string of white list filter is not good。 This example demonstrates a regular expression in the string to the white list filter of time may lead to the OSCI(Operating System Command Injection)vulnerabilities. 0x01 text The test code is as follows:...
Most Wanted Real Estate,1.1.0,SQL Injection
Most Wanted Real Estate, 1.1.0, SQL Injection...
CVE-2017-6820
CVE-2017-6820 affects Roundcube’s webmail software via rcube_utils.php. The vulnerability is a cross-site scripting (XSS) flaw caused by a crafted CSS token sequence inside an SVG element, impacting Roundcube versions before 1.1.8 and 1.2.x before 1.2.4. Exploitation details indicate a remote att...
Fiyo CMS 2.0.6.1 Privilege Escalation
Exploit Title: Privilege Escalation Manipulation of User Group Vulnerability on Fiyo CMS 2.0.6.1 Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link: https://sourceforge.net/projects/fiyo-cms Version: 2.0.6.1 Tested on: Window...