47884 matches found
CentOS Control Web Panel 0.9.8.838 - User Enumeration
Exploit Title: CWP CentOS Control Web Panel 0.9.8.848 User Enumeration via HTTP Response Message Date: 15 July 2019 Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/changelog Software Link: Not available, user panel on...
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AppXSvc Hard Link Privilege Escalation', 'Description' = %q There exists a privilege escalation vulnerability for Windows 10 builds prior to buil...
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
//====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
Exploit Title: CWP CentOS Control Web Panel ||//theme/original CV...
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
!/usr/bin/python Exploit Title: R 3.4.4 Windows 10 x64 - Buffer Overflow SEHDEP/ASLR Bypass Date: 2019-07-15 Exploit Author: blackleitus Vendor Homepage: https://www.r-project.org/ Tested on: Windows 10 Home Single Language 64-bit Social: https://twitter.com/blackleitus Website:...
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Date: 07-07-2019 Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Tested on: Kali Linux CVE : CVE-2019-13396 Parameters...
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)
Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected RDP services by cve-2019-0708 Tested on: Windows XP 32-bits / Windows 7...
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
Exploit Title: NETGEAR WiFi Router R6080 - Security Questions Answers Disclosure Date: 13/07/2019 Exploit Author: Wadeek Hardware Version: R6080-100PES Firmware Version: 1.0.0.34 / 1.0.0.40 Vendor Homepage: https://www.netgear.com/support/product/R6080.aspx Firmware Link:...
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
Exploit Title: CISCO Small Business 200, 300, 500 Switches Multiple Vulnerabilities. Shodan query: /config/logoffpage.html Discovered Date: 07/03/2014 Reported Date: 08/04/2019 Exploit Author: Ramikan Website: http://fact-in-hack.blogspot.com Vendor...
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
!/usr/bin/python Exploit Title: StreamRipper32 Buffer Overflow Date: 07/2019 Exploit Author: Andrey Stoykov OSCP Tested On: Win7 SP1 x64 Software Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Version: 2.6 Steps To Reproduce: Double click on "Add" in the "Station/Song Section...
Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write
CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video with tiles enabled - pspps-i1tilesenabledflag you can possibly do RCE. The codec affected is HVEC a.k.a H.265 and MPEG-...
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/ Tested on: Linux CVE : 2019-13491 Poc...
Sahi Pro 8.0.0 - Remote Command Execution
Exploit Title: Sahi Pro V8.0.0 - Unauthenticated Remote Command Execution Date: 2019-07-12 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sahipro.com Software Link: https://sahipro.com/static/builds/pro/installsahiprov80020181031.jar Reference:...
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation
VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combine the issues mentioned below with a bug in Chromium to escape its sandbox. HTTP - SMB NTLM...
Xymon 4.3.25 - useradm Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link: https://www.citrix.com/downloads/citrix-sd-wan/ Version: Tested against 10.2.2...
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link: https://sourceforge.net/projects/myt/files/latest/download Version: 1.5.1 Category: Webapps Tested o...
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE : CVE-2019-13493 Vendor...
SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
!/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://www.castlerock.com/ Software Linke:...
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Siemens TIA Portal - Remote Command Execution
Exploit Title: Siemens TIA Portal unauthenticated remote command execution Date: 06/11/2019 Exploit Author: Joseph Bingham CVE : CVE-2019-10915 Vendor Homepage: www.siemens.com Software Link: https://new.siemens.com/global/en/products/automation/industry-software/automation-software/tia-portal.ht...
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the "post" Table
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
FreeBSD 12.0 - 'fd' Local Privilege Escalation
!/bin/sh Exploit script for FreeBSD-SA-19:02.fd Author: Karsten König of Secfault Security Contact: [email protected] Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper echo "+ Root Exploit for...
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
/ For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final Shape. As such, at the entrypoint of the constructor the construct...
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Firefox 67.0.4 - Denial of Service
Loading please wait function MyFun var text = ; forvar i=0 ;i"+ ""+ ""+ ""+ ""+ ""+ "\x7...
Karenderia Multiple Restaurant System 5.3 - SQL Injection
=========================================================================================== Exploit Title: Karenderia CMS 5.3 - Multiple SQL Vuln. Dork: N/A Date: 05-07-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: [email protected] Software Link:...
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
/ OF version r00t VERY PRIV8 spabam Version: v3.0.4 Requirements: libssl-dev apt-get install libssl-dev Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena irc.brasnet.org Note: if required, host ptrace and replace wget target /...
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
=========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694 Version: v5...
Microsoft Exchange 2003 - base64-MIME Remote Code Execution
Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability', 'Description' = %q This module exploits a vulnerability in Apache Tomcat's...