Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.84 views

Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection

Exploit Title: Joomla! Component JE Photo Gallery 1.1 - SQL Injection Dork: N/A Date: 2018-11-26 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomlaextensions.co.in Software Link: http://joomlaextensions.co.in/download/1387375463JE%20PhotoGallery%20%20J-%203.0%20.zip Version: 1.1 Categor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.73 views

Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution

Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link: http://www.fleetco.space/download/215/ Version: v1.2 Category: Webap...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.76 views

WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/ Version: 5.7.7 Tested on: Win10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.96 views

Apache Superset < 0.23 - Remote Code Execution

Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' + supersetIP + ':' + supersetPort +...

9.8CVSS9.6AI score0.53934EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.62 views

Budabot 4.0 - Denial of Service (PoC)

Exploit Title: Budabot 4.0 - Denial of Service PoC Date: 2018-10-15 Exploit Author: Ryan Delaney Author Contact: [email protected] Vendor Homepage: http://budabot.com/ Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413 Version: 0.6 - 4.0 Tested on: 4.0 CVE: CVE-2018-19290 1...

9.8CVSS9.6AI score0.04048EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.51 views

Mozilla Firefox 63.0.1 - Denial of Service (PoC)

Exploit Title: Mozilla Firefox 63.0.1 - Denial of Service PoC Date: 2018-11-29 Exploit Author: SAIKUMAR CHEBROLU Vendor Homepage: https://www.mozilla.org/en-US/firefox/new/ Bugzilla report: https://bugzilla.mozilla.org/showbug.cgi?id=1504512 Version: Firefox 63.0.1 Tested on: Windows 10 CVE : No...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/03 12:0 a.m.60 views

PHP Server Monitor 3.3.1 - Cross-Site Request Forgery

Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Date: 2018-11-28 Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link: https://github.com/phpservermon/phpservermon/releases/tag/v3.3.1 Affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.67 views

PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability was identified within the PhpSpreadsheet...

8.8CVSS8.7AI score0.07791EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.53 views

VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free

Class class2 Private Sub ClassTerminate var17.RemoveAll End Sub End Class Set var17 = CreateObject"Scripting.Dictionary" Set var17.Item"foo" = new class2 var17.Item"foo" = 1 !-- =============================================================================== Preliminary Analysis: 1st issue: In...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.198 views

Apache Spark - (Unauthenticated) Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Spark Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution vulnerability in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.39 views

VBScript - 'rtFilter' Out-of-Bounds Read

On Error Resume Next Class class1 Public Default Property Get x ReDim arr1 End Property End Class set c = new class1 arr = Array"b", "b", "a", "a", c Call Filterarr, "a" !-- =============================================================================== Preliminary Analysis: The rtFilter function...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.51 views

Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass

Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-02 ver 5.53BC Summary: netBooter NP-02B and NP-02BH...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.70 views

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

!/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to...

7.2CVSS7.2AI score0.2704EPSS
Exploits39
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.59 views

Schneider Electric PLC - Session Calculation Authentication Bypass

!/usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...

9.1CVSS9.4AI score0.3182EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.76 views

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer

/ Exploit Title: Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp kernel pointer Google Dork: - Date: 2018-11-20 Exploit Author: Jinbum Park Vendor Homepage: - Software Link: - Version: Linux Kernel 4.8 Ubuntu 16.04 Tested on: 4.8.0-36-generic 3616.04.1-Ubuntu SMP Sun Feb 5 09:39:57 UTC 2017 x8664 x8664...

7.5CVSS6.5AI score0.03763EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.35 views

HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HTML5 Video Player 1.2.5 - Buffer Overflow SEH', 'Description' = %q This module exploits a stack based buffer overflow in HTML5 Vide...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.35 views

WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion

/ case ArrayPushIntrinsic: ... if staticcastargumentCountIncludingThis = MINSPARSEARRAYINDEX return false; ArrayMode arrayMode = getArrayModemcurrentInstructionOPCODELENGTHopcall - 2.u.arrayProfile, Array::Write; ... This code always assumes that the current instruction is an opcall instruction...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.29 views

TeamCity Agent - XML-RPC Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TeamCity Agent XML-RPC Command Execution', 'Description' = %q This module allows remote code execution on TeamCity Agents configured to use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.906 views

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...

7CVSS7.1AI score0.07611EPSS
Exploits24
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.46 views

WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object

/ This is simillar to issue 1263 . When hoisting a function onto the outer scope, if it overwrites the iteration variable for a for-in loop it should invalidate the corresponding ForInContext object, but it doesn't. As a result, an arbitrary object can be passed as the property variable to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.48 views

Mac OS X - libxpc MITM Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X libxpc MITM Privilege Escalation', 'Description' = %q This module exploits a vulnerablity in libxpc on macOS MSFLICENSE, 'Author' =...

7.8CVSS7.9AI score0.1392EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.1378 views

PHP imap_open - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'php imapopen Remote Code Execution', 'Description' = %q The imapopen function within php, if called without the /norsh flag, will attempt to...

8.5CVSS7.4AI score0.9523EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.32 views

WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion

/ When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every getbyid expression taking the loop variable as the index is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.47 views

Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends Enterprise Backup bpserverd Privilege Escalation', 'Description' = %q It was discovered that the Unitrends bpserverd proprietary...

10CVSS7.4AI score0.62464EPSS
Exploits7
Exploit DB
Exploit DB
added 2018/11/27 12:0 a.m.59 views

Netgear Devices - (Unauthenticated) Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Devices Unauthenticated Remote Command Execution', 'Description' = %q From the CVE-2016-1555 page: 1 boardData102.php, 2 boardData103.php...

10CVSS9.6AI score0.98325EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.64 views

Xorg X11 Server - SUID privilege escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xorg X11 Server SUID privilege escalation', 'Description' = %q This module attempts to gain root privileges with SUID Xorg X11 server versions...

7.2CVSS7AI score0.2704EPSS
Exploits39
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.52 views

ELBA5 5.8.0 - Remote Code Execution

Exploit Title: ELBA5 5.8.0 - Remote Code Execution Date: 2018-11-16 Exploit Author: Florian Bogner Vendor Homepage: https://www.elba.at Vulnerable Software: https://www.elba.at/eBusiness/01template1/1206507788612244132-12065155957890496571206515641959948315-1292519691128454196-NA-38-NA.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.31 views

Arm Whois 3.11 - Buffer Overflow (ASLR)

Exploit Title: Arm Whois 3.11 - Buffer Overflow ASLR Google Dork: if applicable Date: 23/11/2018 Exploit Author: zephyr Vendor Homepage: http://www.armcode.com Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows Vista Ultimate SP1 x86 unpatched CVE : nSE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.34 views

Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal

Exploit Title: Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal Date: 2018-11-17 Exploit Author: numan türle Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/productsservices/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/ Tested on: macOS Fixed firmware:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.32 views

WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Exploit Title: Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Date: 2018-11-23 Exploit Author: Endust Vendor Homepage: https://wordpress.org/plugins/easy-testimonials/ Software Link: https://wordpress.org/plugins/easy-testimonials/ Version: 3.2 CVE : N/A Tested on: Windows 10 x64...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.35 views

Ticketly 1.0 - 'kind_id' SQL Injection

Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version:...

9.8CVSS9.8AI score0.03213EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.29 views

No-Cms 1.0 - 'order_by' SQL Injection

Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Date: 2018-11-28 Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali Linux Google Dork: n/a Version: n/a CV...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.24 views

MariaDB Client 10.1.26 - Denial of Service (PoC)

Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/26 12:0 a.m.78 views

Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials

Exploit Title: Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 2018-11-19 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/21 12:0 a.m.311 views

Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)

!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.cron.sh Compiling... Writing payload...

7CVSS7.3AI score0.07611EPSS
Exploits24
Exploit DB
Exploit DB
added 2018/11/21 12:0 a.m.68 views

Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)

!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.ldpreload.sh Compiling... Addi...

7CVSS7.1AI score0.07611EPSS
Exploits24
Exploit DB
Exploit DB
added 2018/11/21 12:0 a.m.41 views

WordPress Theme CherryFramework 3.1.4 - Backup File Download

Exploit Title: Wordpress CherryFramework Themes 3.1.4 - Backup File Download Google Dork: inurl:/wp-content/themes/CherryFramework Date: 2018-11-17 Exploit Author: b1p0l4r Vendor Homepage: http://www.cherryframework.com/ Software Link: http://www.cherryframework.com/ Version: 3.x.x 3.1.4 Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/21 12:0 a.m.26 views

WebOfisi E-Ticaret V4 - 'urun' SQL Injection

Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Date: 2018-11-21 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/21 12:0 a.m.35 views

Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)

Title: Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Author: Gjoko 'LiquidWorm' Krstic @zeroscience Exploit Date: 2018-11-17 Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0801DU HW6.0 BL1.5 FW7.23 WF7.4 Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/21 12:0 a.m.34 views

Ticketly 1.0 - 'name' SQL Injection

Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version: 1...

9.8CVSS9.8AI score0.03213EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/11/20 12:0 a.m.26 views

Apple macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)

/ Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet: https://twitter.com/anoane/status/1048549170217451520...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/20 12:0 a.m.49 views

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql...

9.8CVSS9.8AI score0.02426EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/11/20 12:0 a.m.64 views

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal unmarshaler. I’m reporting multiple, non-exhaustive, issues...

7.8CVSS7.6AI score0.03295EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/11/19 12:0 a.m.45 views

XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)

Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Date: 2018-11-18 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP/7/8 CVE : N/A Lauch XMPlay and either drag...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/19 12:0 a.m.30 views

ImageMagick - Memory Leak

!/bin/bash help echo "Usage poc generator: basename $0 gen WIDTHxHEIGHT NAME.xbm minimal" echo " Example gen: basename $0 gen 512x512 poc.xbm" echo "Usage result recovery: basename $0 recover SAVEDPREVIEW.png|jpeg|gif|etc" echo " Example recovery: basename $0 recover avatar.png" if "$1" == "-h" ;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/19 12:0 a.m.43 views

HTML Video Player 1.2.5 - Buffer-Overflow (SEH)

Exploit Title: HTML Video Player 1.2.5 - Buffer-Overflow SEH Author: Kağan Çapar Discovery Date: 2018-11-16 Software Link: http://www.html5videoplayer.net/html5videoplayer-setup.exe Vendor Homepage : http://www.html5videoplayer.net Tested Version: 1.2.5 Tested on OS: Windows XP SP3 ENG Steps to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/19 12:0 a.m.43 views

Microsoft Edge Chakra - OP_Memset Type Confusion

/ Since the patch for CVE-2018-8372, it checks all inputs to native arrays, and if any input equals to the MissingItem value which can cause type confusion, it starts the bailout process. But it doesn't check the "value" argument to OPMemset. This can be exploited in the same way as for issue 158...

7.6CVSS7AI score0.24766EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/11/16 12:0 a.m.91 views

Linux - Broken uid/gid Mapping for Nested User Namespaces

commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switching to a different data structure if the number of mappings exceeds 5: Instead of linear search over an unsorted array of...

7CVSS7.3AI score0.07611EPSS
Exploits24
Exploit DB
Exploit DB
added 2018/11/16 12:0 a.m.29 views

Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection

Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link: https://kent.dl.sourceforge.net/project/warrantytrack/warrantytrack%20Rel.11.06.3.zip Version: 11.06....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/16 12:0 a.m.36 views

DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-09 Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19136 A Reflected Cross-site scripti...

6.1CVSS6.8AI score0.06653EPSS
Exploits5
Total number of security vulnerabilities47904