Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.86 views

Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal

Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Google Dork: N/A Date: 3/13/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link: http://www.coreftp.com/server/index.html Version: Firmware: CoreFTP Server FTP / SFTP Serv...

5.3CVSS5.3AI score0.14535EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.90 views

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel García Cárdenas - Severity: 7/10 CVSS Base Score - CVE-ID: CVE-2019-9618 ============================================= I. VULNERABILIT...

9.8CVSS9.6AI score0.40771EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.244 views

elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...

9.8CVSS9.5AI score0.96633EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/03/12 12:0 a.m.67 views

PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)

Exploit Title: PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 10-03-2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://github.com/piluscart Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/12 12:0 a.m.49 views

Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)

Exploit Title: Core FTP 2.0 build 653 - 'PBSZ' - Unauthenticated - Denial of Service PoC Date: 2019-03-12 Exploit Author: Hodorsec [email protected] / [email protected] Vendor Homepage: http://www.coreftp.com/ Software Link: http://coreftp.com/server/download/archive/CoreFTPServer653.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.81 views

Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution

!/usr/bin/env python Exploit Title: FlexPaper PHP Publish Service = 2.3.6 RCE Date: March 2019 Exploit Author: Red Timmy Security - redtimmysec.wordpress.com Vendor Homepage: https://flowpaper.com/download/ Version: = 2.3.6 Tested on: Linux/Unix CVE : CVE-2018-11686 Disclamer: This exploit is for...

9.8CVSS9.7AI score0.49787EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.109 views

OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' , Vulnerability Discovery, PoC & Msf Module 'References' = 'URL'...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.94 views

Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak

include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date: 2019-03-11 Exploit Author: wally0813 Vendor Homepage: - Software Link: -...

5.5CVSS5.8AI score0.01202EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.163 views

Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.44 views

NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)

Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Discovery Date: 2019-03-11 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows XP SP3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.1728 views

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution

!/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Author: https://github.com/M4LV0 [email protected]...

9CVSS6.9AI score0.87173EPSS
Exploits12
Exploit DB
Exploit DB
added 2019/03/08 12:0 a.m.178 views

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)

PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploit.j...

8.8CVSS7.2AI score0.12808EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/03/08 12:0 a.m.86 views

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 GA Community Edition March 7th, 2019 Introduction OrientDB ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/08 12:0 a.m.116 views

McAfee ePO 5.9.1 - Registered Executable Local Access Bypass

Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Date: 2019-03-07 Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html Version: ePO v5.9.1 Tested on: Windows Server 2012...

6.5CVSS5.6AI score0.04699EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/03/08 12:0 a.m.75 views

DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery

Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...

8.8CVSS8.8AI score0.02435EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.71 views

Kados R10 GreenBee - Multiple SQL Injection

=========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Date: 06-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.63 views

Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)

!/usr/bin/python Exploit Title: Anyburn 4.3 - 'Copy disc to image file' Buffer Overflow - UNICODESEH Version: 4.3 Date: 07-03-2019 Author: Hodorsec [email protected] / [email protected] Vendor Homepage: http://www.anyburn.com/ Software Link: http://www.anyburn.com/download.php Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.118 views

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'QNAP TS-431 QTS %q This module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.166 views

Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTful Web Services unserialize RCE', 'Description' = %q This module exploits a PHP unserialize vulnerability in Drupal RESTful Web...

8.1CVSS7.4AI score0.91919EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.61 views

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Imperva SecureSphere PWS Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Imperva SecureSphere...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.121 views

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Intel SYSRET Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit...

7.2CVSS6.8AI score0.37212EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/03/06 12:0 a.m.246 views

Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

We already reported four bugs in Android that are caused by the use of getpidcon, which is fundamentally unsafe: https://bugs.chromium.org/p/project-zero/issues/detail?id=727 AndroidID-27111481; unexploitable https://bugs.chromium.org/p/project-zero/issues/detail?id=851 AndroidID-29431260;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/06 12:0 a.m.64 views

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/06 12:0 a.m.46 views

Android - binder Use-After-Free via racy Initialization of ->allow_user_free

The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. The binder driver permits userspace to free buffers in the kernel-managed shared...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/05 12:0 a.m.72 views

OpenDocMan 1.3.4 - 'search.php where' SQL Injection

=========================================================================================== Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection CVE: N/A Date: 05/03/2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/opendocman/files/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.96 views

Craft CMS 3.1.12 Pro - Cross-Site Scripting

Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro Vulernability Type : Cross-site Scripting...

6.1CVSS6.3AI score0.02591EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.99 views

Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Exploit Title: Remote code execution in Raisecom xpon Date: 03/03/2019 Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: https://www.raisecom.com Software Link: https://www.raisecom.com/products/xpon Version: ISCOMHT803G-U2.0.0140521R4.1.47.002 Tested on: MacOSX CVE-2019-7385 POC:...

7.8CVSS7.7AI score0.12168EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.80 views

Bolt CMS 3.6.4 - Cross-Site Scripting

Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-site Scripting Vulenrability : Stored X...

6.1CVSS6.3AI score0.01751EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.93 views

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

/ Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 / / author @0x4142 = Fahad Aid Alharbi cve-2019-0539 Getting Read ...

7.6CVSS7.7AI score0.82902EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.153 views

CMSsite 1.0 - Multiple Cross-Site Request Forgery

Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.69 views

Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

Exploit Title: Fiberhome AN5506-04-F - Stored Cross Site Scripting Date: 04.03.2019 Exploit Author: Tauco Vendor Homepage: http://www.fiberhomegroup.com/en/ Version: RP2669 Tested on: Windows 10 CVE : CVE-2019-9556 Description:...

5.4CVSS5.5AI score0.01122EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.76 views

FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)

Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service PoC Discovery by: Mr Winst0n Discovery Date: February 20, 2019 Vendor Homepage: https://filezilla-project.org Software Link : https://filezilla-project.org/download.php?type=client&showall=1 Tested Version: 3.40.0 Tested on: Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.52 views

OOP CMS BLOG 1.0 - Multiple SQL Injection

Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link : https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Tested Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.79 views

WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities

Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son Category: WebApps, WordPress Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.51 views

Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)

!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.80 views

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.391 views

elFinder 2.1.47 - 'PHP connector' Command Injection

!/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqid" : "1693222c439f4", "cmd" : "upload", "target" :...

9.8CVSS9.5AI score0.96633EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.103 views

MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal

!/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By default, the service sets up a listener on port 8080. Vendor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.138 views

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...

9.3CVSS8AI score0.97419EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.241 views

Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Booked Scheduler v2.7.5 - Remote Command Execution', 'Description' = %q This module exploits a file upload vulnerability Booked 2.7.5. In the "Loo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.206 views

Google Chrome < M72 - FileWriterImpl Use-After-Free

There's a use-after-free in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in https://cs.chromium.org/chromium/src/thirdparty/blink/public/mojom/filesystem/filewriter.mojom?type=cs&sq=package:chromium&g=0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.289 views

Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module

commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1 infrastructure is used instead of an open-coded parser. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.84 views

Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisory ID: CORE-2018-0012 Advisory URL:...

9CVSS8.3AI score0.10759EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.47 views

tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads

Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump source code from GitHub, compiled with AddressSanitizer: --- cut --- ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.78 views

Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost

There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniqueptr owning a P2PSocketDispatcherHost, which we bind to an interface using base::Unretained in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.87 views

Google Chrome < M72 - PaymentRequest Service Use-After-Free

There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the call to PaymentRequest::Init...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.83 views

Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.57 views

macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image

XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.261 views

WordPress Core 5.0 - Remote Code Execution

var wpnonce = ''; var ajaxnonce = ''; var wpattachedfile = ''; var imgurl = ''; var postajaxdata = ''; var postid = 0; var cmd = '?php phpinfo;/'; var cmdlen = cmd.length var payload = '\xff\xd8\xff\xed\x004Photoshop...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.71 views

FTP Server 1.32 - Denial of Service

!/usr/bin/env python coding: utf-8 Author: Marcelo Vázquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo Vázquez aka s4vitar Vendor: The Olive Tree Software Link:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904