47904 matches found
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...
Apple macOS 10.13.5 - Local Privilege Escalation
import import import import import import import "offsets.h" //utils define ENFORCEa, label \ do \ if builtinexpect!a, 0 \ \ timedlog"! %s is false l.%d\n", a, LINE; \ goto label; \ \ while 0 // from https://stackoverflow.com/questions/4415524/common-array-length-macro-for-c define COUNTOFx...
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and educatio...
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
''' ======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ======== Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical...
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link: https://github.com/rxtur/BlogEngine.NET/releases/download/v3.3.6.0/3360.zip Version: = 3.3.6 Tested on: Windows 2016...
Android - binder Use-After-Free via fdget() Optimization
This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the wahoo kernel and maybe elsewhere? but at least the android commo...
Android - binder Use-After-Free of VMA via race Between reclaim and munmap
The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is a race condition between the direct reclaim path enters binder through the...
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The...
OPNsense < 19.1.1 - Cross-Site Scripting
Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19.1 Introduction OPNsense is an open...
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1)
Usage Edit HOST inside payload.c, compile with make. Start nc and run pwn.sh inside the container. Notes - This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload. It'll also overwrite /bin/sh inside the container. - Tested only on Debian 9. - No...
LayerBB 1.1.2 - Cross-Site Scripting
Exploit Title: LayerBB 1.1.2 - Cross-Site Scripting Date: 11/19/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=28 Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2019-7688 1. Description: LayerBB is a free open-source...
AirDroid 4.2.1.6 - Denial of Service
!/bin/bash Author: Marcelo Vázquez aka s4vitar AirDroid Denial of Service DoS & System Crash + Forced Reboot Exploit Title: AirDroid Remote Denial of Service DoS & System Crash + Forced Reboot Date: 2019-02-13 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendo...
Webiness Inventory 2.3 - 'email' SQL Injection
=========================================================================================== Exploit Title: Webiness Inventory 2.3 - 'email' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/...
MyBB Bans List 1.0 - Cross-Site Scripting
Exploit Title: MyBB Bans List - Cross Site Scripting Date: 7/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=423 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14724 1. Description: Adds bans.php page, showing a li...
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Exploit Title: Indusoft Web Studio Unauthenticated RCE Date: 02/04/2019 Exploit Author: Jacob Baines Vendor Homepage: http://www.indusoft.com/ Software http://www.indusoft.com/Products-Downloads/Download-Library Version: 8.1 SP2 and below Tested on: Windows 7 running the Web Studio 8.1 SP2 demo a...
Evince - CBT File Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini upgradehandle.php Remote Command Execution', 'Description' = %q This exploits a vulnerability in the web application of NUUO NVRmini...
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
Exploit Title: River Past Video Cleaner Buffer Overflow SEH Date: 9-2-2019 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Software Link: https://river-past-video-cleaner.softonic.com/ Version: 7.6.3 Tested on: Windows 10 Pro x64 SPANISH Category: Windows Local Exploit How to...
FutureDj Pro 1.7.2.0 - Denial of Service
Exploit Title: FutureDj Pro Local Dos Exploit Date: 07.02.2019 Vendor Homepage: https://www.xylio.com Software Link: https://www.xylio.com/future-dj-pro-a-new-level-of-mixing-perfection/ Exploit Author: Achilles Tested Version: 1.7.2.0 32bit Tested on: Windows 7 SP1 Ultimate 1.- Run python code :...
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 - 4.0.0.48, Coship RT3050 - 4.0.0.40, Coship WM3300 - 5.0.0.54,...
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
!/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: IP-Tools 2.5 - Local Buffer OverflowEggHunter Date: 2019-02-06 Author: Juan Prescotto Tested Against: Win7 Pro SP1 64 bit Software...
VA MAX 8.3.4 - (Authenticated) Remote Code Execution
root@nippur:/home/c/src/nippur cat vamax3.py !/usr/bin/env python quick poc for postauth rce bug in va max 8.3.4 more: https://code610.blogspot.com 10.02.2019 p.s. listening on any 4444 ... 192.168.1.126: inverse host lookup failed: Unknown host connect to 192.168.1.160 from UNKNOWN 192.168.1.126...
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
Exploit Title: River Past CamDo SEH Local Exploit Date: 07.02.2019 Vendor Homepage:www.riverpast.com Software Link: https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1 Exploit Author: Achilles Tested Version: 3.7.6 Tested on: Windows XP SP3 EN 1.- Run python code :...
NordVPN 6.19.6 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: NordVPN 6.19.6 - Denial of Service PoC Date: 07/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://nordvpn.com/ Software Link: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Version: 6.19.6 Tested on: Windows 10 Proof of...
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
Exploit Title: Avast Anti-Virus Local Credentials Disclosure 19.1.2360 Date: 01/18/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Version: before 19.1.2360 build 19.1.4142.0 Tested on: Windows 10 x64 CVE: CVE-2018-12572 Based on LiquidWorm's and Yakir Wizman's proof of concepts...
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion', 'Description' = %q This module exploits a type confusion on Adobe Flash Player,...
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link: https://sourceforge.net/projects/smoothwall/files/SmoothWall/3.1%20SP4/Express-3.1-SP4-x8664.iso/download...
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
Exploit Title: CentOS Web Panel 0.9.8.763 - Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 10 - January - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.763 Tested on: CentOS 7 CVE : CVE-2019-7646...
IPFire 2.21 - Cross-Site Scripting
Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.iso Version: IPFire 2.21 - Core Updat...
osCommerce 2.3.4.1 - 'currency' SQL Injection
Exploit Title: osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A Software...
osCommerce 2.3.4.1 - 'products_id' SQL Injection
Exploit Title: osCommerce 2.3.4.1 - 'productsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A Software...
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing...
osCommerce 2.3.4.1 - 'reviews_id' SQL Injection
Exploit Title: osCommerce 2.3.4.1 - 'reviewsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A Software...
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
Exploit Title: RiverPastAudioConverter - Buffer Overflow SEH Date: 06.02.2019 Vendor Homepage: www.riverpast.com Software Link: https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Matteo Malvica Tested Version: 7.7.16 Tested on: Windows 10 -...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)
BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks,...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks...
River Past Audio Converter 7.7.16 - Denial of Service (PoC)
Exploit Title: RiverPastAudioConverterDoS Date: 05.02.2019 Vendor Homepage:www.riverpast.com Software Link :https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Achilles Tested Version: 7.7.16 Tested on: Windows XP SP3 Vulnerability Type: Denial...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for...
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N JAVA 8 ENVIRONMENT By injecting an XML payload ...
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
devolo dLAN 550 duo+ Starter Kit Remote Code Execution Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for an...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks,...
Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)
Exploit Title: Device Monitoring Studio 8.10.00.8925 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-04 Tested Version: 8.10.00.8925 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.- Run python code: DeviceMonitoringStudio8.10.00.8925.py 2.- Op...
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit Version: Zyxel VMG3312-B10B Tested on : Parrot Os Author: Yusuf Furkan Twitter: h1yusuf CVE: CVE-2019-7391 model name: DSL-491HNU-B1B v2 history.pushState'', '', '/'...
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative f...
SuiteCRM 7.10.7 - 'record' SQL Injection
Exploit Title: SuiteCRM 7.10.7 - 'record' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE: N/A Software Description:...
pfSense 2.4.4-p1 - Cross-Site Scripting
Exploit Title: pfSense 2.4.4-p1 | Cross-Site Scripting Date: 28.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.pfsense.org Software Link: https://frafiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso.gz Version: 2.4.4-p1 Introduction pfSense® software is a...
TaskInfo 8.2.0.280 - Denial of Service (PoC)
Exploit Title: TaskInfo v8.2.0.280 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.iarsn.com/ Software Link : http://www.iarsn.com/ Tested Version: v8.2.0.280 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buff...
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE: N/A Software Description:...
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
Exploit Title: ResourceSpace =8.6 'watchedsearches.php' SQL Injection Dork: intext:"Powered by ResourceSpace" Date: 2019-02-01 Exploit Author: dd [email protected] Vendor Homepage: https://www.resourcespace.com/ Software Link: https://www.resourcespace.com/get Version: Stable release: 8.6 Mino...
Nessus 8.2.1 - Cross-Site Scripting
Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting Date: 29.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.tenable.com Software Link: https://www.tenable.com/downloads/nessus Version: 8.2.1 Introduction Nessus is 1 For Vulnerability Assessment From the beginning, we've...