Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/10/16 12:0 a.m.541 views

HotelDruid 2.2.4 - 'anno' SQL Injection

Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/16 12:0 a.m.566 views

Kados R10 GreenBee - 'release_id' SQL Injection

Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/16 12:0 a.m.543 views

Navigate CMS 2.8.5 - Arbitrary File Download

Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link: http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip Version: 2.8.5 Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/16 12:0 a.m.554 views

Library CMS 2.1.1 - Cross-Site Scripting

Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1.1 Vulernability Type : Cross-site...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/16 12:0 a.m.285 views

VLC Media Player - MKV Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VLC Media Player MKV Use After Free', 'Description' = %q This module exploits a use after free vulnerability in VideoLAN VLC = MSFLICENSE, 'Autho...

8CVSS8.1AI score0.40612EPSS
Exploits10
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.577 views

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.543 views

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.536 views

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)

Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.546 views

AlchemyCMS 4.1 - Cross-Site Scripting

Exploit Title: AlchemyCMS 4.1 - Cross-Site Scripting Date: 2018-10-14 Exploit Author: Ismail Tasdelen Vendor Homepage: https://alchemy-cms.com/ Software Link : https://github.com/AlchemyCMS/alchemycms Software : AlchemyCMS Version : 4.1-stable Vulernability Type : Cross-site Scripting Vulenrabili...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.534 views

College Notes Management System 1.0 - 'user' SQL Injection

Exploit Title: College Notes Management System 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://anirbandutta.ml/ Software Link: https://sourceforge.net/projects/college-notes-management/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.558 views

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3, Hardware: Flir Systems Ne...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.554 views

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure

Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842, Api: 1.0.0, Node: 0.10.33, Onvif: 0.1.1.47 Tested on: Tita...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.542 views

Snes9K 0.0.9z - Buffer Overflow (SEH)

Exploit Title: Snes9K 0.0.9z - Buffer Overflow SEH Date: 2018-10-13 Exploit Author: Abdullah Alıç Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on: Windows XP Professional sp3ENG...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.554 views

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.655 views

NoMachine < 5.3.27 - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com Product NoMachine / hyp3rlinx / / gcc -c -m32...

7.8CVSS7.9AI score0.04554EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.562 views

Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities

Exploit Title: Centos Web Panel 0.9.8.480 Multiple Vulnerabilities Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/system-requirements Version: 0.9.8.480 Tested on: Centos 7 Vulnerabilit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.560 views

FLIR Brickstream 3D+ - RTSP Stream Disclosure

FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream line of sensors provides highly accurate,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.560 views

Advanced HRM 1.6 - Remote Code Execution

Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Date: 2018-10-06 Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1.6 Tested on: Windows 10 CVE: N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.529 views

Academic Timetable Final Build 7.0 - Information Disclosure

\n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin 2 = ADMIN 3 = 4AC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.528 views

KORA 2.7.0 - 'cid' SQL Injection

Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.577 views

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3, Hardware: Flir Systems...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.548 views

HaPe PKH 1.1 - Arbitrary File Upload

Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.541 views

CAMALEON CMS 2.4 - Cross-Site Scripting

Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability Type : Cross-site Scripting...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.538 views

SugarCRM 6.5.26 - Cross-Site Scripting

Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version: 6.5.26 Tested on: Ubuntu 16.04 CVE :...

6.1CVSS6.5AI score0.04353EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.528 views

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.532 views

LUYA CMS 1.0.12 - Cross-Site Scripting

Exploit Title: LUYA CMS 1.0.12 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://luya.io/ Software Link : https://github.com/luyadev/luya/ Software : LUYA CMS Version : 1.0.12 Vulernability Type : Cross-site Scripting Vulenrability : Stored XSS CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.559 views

Phoenix Contact WebVisit 2985725 - Authentication Bypass

Exploit Title: Phoenix Contact WebVisit 2985725 - Authentication Bypass Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link: https://www.phoenixcontact.com/online/portal/nl/?uri=pxc-oc-itemdetail:pid=2985725&library=nlnl&pcck=P-19-05-01&tab=5 Version...

7.5CVSS7.4AI score0.11199EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.538 views

HaPe PKH 1.1 - 'id' SQL Injection

Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.46 views

D-Link Routers - Plaintext Password

Password stored in plaintext CVE: CVE-2018-10824 Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably...

9.8CVSS7.6AI score0.39268EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.46 views

D-Link Routers - Directory Traversal

Directory Traversal CVE: CVE-2018-10822 CVSS v3: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Description: Directory traversal vulnerability in the web interface on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912...

7.5CVSS7.6AI score0.39268EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/10/12 12:0 a.m.72 views

D-Link Routers - Command Injection

Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably...

9CVSS8.8AI score0.78191EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.501 views

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Date: 2018-09-30 Vendor Homepage: www.phoenixcontact.com Software Link: https://www.phoenixcontact.com/online/portal/nl/?uri=pxc-oc-itemdetail:pid=2985725&library=nlnl&pcck=P-19-05-01&tab=5 Version:...

7.3CVSS7.2AI score0.05845EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.488 views

Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection

Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview...

5.5CVSS5.5AI score0.23373EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.497 views

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview 4 CVE:...

5.5CVSS5.4AI score0.23373EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.788 views

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The code in...

9.8CVSS9.3AI score0.97107EPSS
Exploits15
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.500 views

Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection

Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Previe...

5.5CVSS5.8AI score0.23373EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.473 views

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

Exploit Title: E-Registrasi Pencak Silat 18.10 - 'idpartai' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-11 Vendor Homepage: https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.476 views

WAGO 750-881 01.09.18 - Cross-Site Scripting

Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting Date: 2018-08-30 Exploit Author: SecuNinja @secuninja Vendor Homepage: wago.com Version: 01.09.1813 and earlier Affected Products: Ethernet Controller 750-881 - 01.09.1813, 01.08.01 10 CVE : N/A Description WAGO 750-881 Ethernet Controll...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.470 views

Wikidforum 2.20 - Cross-Site Scripting

Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/10 12:0 a.m.471 views

Ektron CMS 9.20 SP2 - Improper Access Restrictions

Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...

9.8CVSS9.7AI score0.22379EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/10 12:0 a.m.481 views

WhatsApp - RTP Processing Heap Corruption

Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet. 08-31 15:43:50.721 9428 9713 F libc : Fatal signal 11 SIGSEGV, code 1, fault addr 0x7104200000 in tid 9713 Thread-11 08-31 15:43:50.722 382 382 W : debuggerd: handling request: pid=9428 uid=10119...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/10 12:0 a.m.3368 views

MicroTik RouterOS < 6.43rc3 - Remote Root

/ Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By...

9.1CVSS8.7AI score0.96087EPSS
Exploits23
Exploit DB
Exploit DB
added 2018/10/10 12:0 a.m.483 views

FileZilla 3.33 - Buffer Overflow (PoC)

Exploit Title: FileZilla 3.33 Buffer-Overflow PoC Author: Kağan Çapar Discovery Date: 2018-10-10 Software Link: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/filezilla/3.33.0-1/filezilla3.33.0-1.debian.tar.xz Vendor Homepage : https://filezilla-project.org Tested Version: 3.33 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.73 views

Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer...

9.8CVSS7.4AI score0.68957EPSS
Exploits10
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.478 views

Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)

Exploit Title: Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow SEH DEP Bypass Date: 2018-10-08 Exploit Author: Matteo Malvica Vendor: Cleanersoft Software Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested Version: 2.8 Tested on OS: Windows 7 -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.479 views

Wikidforum 2.20 - 'select_sort' SQL Injection

Exploit Title: Wikidforum 2.20 - 'selectsort' SQL Injection Date: 2018-10-08 Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.467 views

ifwatchd - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ifwatchd Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the...

7.2CVSS7.4AI score0.02906EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.39 views

ghostscript - executeonly Bypass with errorhandler Setup

While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc. Additionally, because nautilus will automatically invoke...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.103 views

Microsoft Edge Chakra JIT - Type Confusion

/ The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances where "objValueType.IsLikelyArrayOrObjectWithArray" is not...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.454 views

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass

/ The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check which means that no bailout will happen. The...

7.4AI score
Exploits0
Total number of security vulnerabilities47904