47904 matches found
Microsoft Edge - Sandbox Escape
Content process - Privileged content process firststage.js When spawning a new Edge content process, its privilege is determined by its URL. This URL check is performed by the LCIEUrlPolicy::GetPICForPrivilegedInternalPage method in eModel.dll. The method calls several another methods to check...
EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation
Title: EE 4GEE Mini EE400002.0044 - Privilege Escalation Date: 2018-09-22 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 – XML External Entity Injection Google Dork: N/A Date: 2018-09-27 Exploit Author: Sureshbabu Narvaneni Author Blog : https://nullnews.in Vendor Homepage: www.informationbuilders.co.uk Software Link:...
Rausoft ID.prove 2.95 - 'Username' SQL injection
Exploit Title: Rausoft ID.prove 2.95 - 'Username' SQL injection Google Dork: inurl:IdproveWebclient Date: 2018-09-26 Exploit Author: Ilya Timchenko, Mercedes pay S.A. Vendor Homepage: https://www.idprove.de Software Link:...
Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
Linux/ARM - Bind 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 92 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Bind 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 92 Bytes Date: 2018-09-26 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Informatio...
Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation
Since commit 615d6e8756c8 "mm: per-thread vma caching", first in 3.15, Linux has per-task VMA caches that contain up to four VMA pointers for fast lookup. VMA caches are invalidated by bumping the 32-bit per-mm sequence number mm-vmacacheseqnum; when the sequence number wraps, vmacacheflushall...
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
/ EDB-Note: Systems with less than 32GB of RAM are unlikely to be affected by this issue, due to memory demands during exploitation. EDB Note: poc-exploit.c / / poc-exploit.c for CVE-2018-14634 Copyright C 2018 Qualys, Inc. This program is free software: you can redistribute it and/or modify it...
TransMac 12.2 - Denial of Service (PoC)
Exploit Title: TransMac 12.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/tmac/tmsetup.exe Tested Version: 12.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new fil...
CrossFont 7.5 - Denial of Service (PoC)
Exploit Title: CrossFont 7.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/cfnt/cfsetup.exe Tested Version: 7.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new file...
Joomla! Component Music Collection 3.0.3 - SQL Injection
Exploit Title: Joomla! Component Music Collection 3.0.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://joomlathat.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/music-collection/ Version: 3.0.3 Category: Webapps Tested on:...
Joomla! Component Questions 1.4.3 - SQL Injection
Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3 Category: Webapps Tested on:...
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Exploit Title: Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/penny-auction-factory/ Version: 2.0.4 Category: Webapps Tested o...
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Exploit Title: RICOH MP C6503 Plus Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joomla! Component Social Factory 3.8.3 - SQL Injection
Exploit Title: Joomla! Component Social Factory 3.8.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/communities/social-factory/ Version: 3.8.3 Category: Webapps Tested...
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Exploit Title: Joomla! Component Jobs Factory 2.0.4 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/jobs-factory/ Version: 2.0.4 Category: Webapps Tested on...
Easy PhoroResQ 1.0 - Buffer Overflow
Exploit Title: Easy PhoroResQ 1.0 - Buffer Overflow PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-09-24 Tested Version: 1.0 Vulnerability Type: Local Buffer Overflow Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: http://www.easyphotoresq.com/ Download Link:...
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Exploit Title: Joomla! Component Raffle Factory 3.5.2 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/raffle-factory/ Version: 3.5.2 Category: Webapps Tested on:...
Super Cms Blog Pro 1.0 - SQL Injection
Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-17391 Exploit Author: Ihsan...
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Exploit Title: Joomla! Component Dutch Auction Factory 2.0.2 - 'filterorderDir' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
htmlvar00005, noframes, diplay: inline; padding-top: 0vw; -webkit-column-count: 41; transition-delay: body::first-letter box-flex-group: -webkit-background-size: contain; -webkit-opacity: 0.716727864979; htmlvar00001, .class1 1vmax; display: contents; left: transform-style: inherit;...
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
::selection, input:focus, .class0, ul::first-letter -webkit-column-count: 85; float: left; function jsfuzzer var fuzzervars = ; try / / var00034 = document.getSelection; catche try var00034.setPositionhtmlvar00003; var var00043 catche try / newvarvar00104:Element / var var00104 = htmlvar00013;...
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
function freememory forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69919==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000090e14 at pc 0x00011551a61a bp 0x7ffee91562a0...
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Exploit Title: Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/reverse-auction-factory/ Version: 4.3.8 Category: Webapps Test...
WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try htmlvar00028.autofocus = true; catche try htmlvar00034.appendChildhtmlvar00006; catche !--...
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Exploit Title: Joomla Component eXtroForms 2.1.5 - 'filtertypeid' SQL Injection Dork: N/A Date: 2018-08-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link:...
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Exploit Title: Joomla! Component Collection Factory 4.1.9 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/ Version: 4.1.9 Category: Webap...
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Exploit Title: Joomla! Component Swap Factory 2.2.1 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/swap-factory/ Version: 2.2.1 Category: Webapps Tested on:...
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
.class1 -webkit-mask-box-image-source: urlfoo; function freememory var a; forvar i=0;i100;i++ a = new Uint8Array10241024; document.implementation.createHTMLDocument"doc"; function jsfuzzer try var00097 = document.createElement"source"; catche try var00097.addEventListener"DOMSubtreeModified",...
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
Exploit Title: Joomla! Component Timetable Schedule 3.6.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://osthemeclub.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-schedule/ Version: 3.6.8 Category: Webapps Tested on:...
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Exploit Title: Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://multiplanet.gr/ Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/alphaindex-dictionaries/ Version: 1.0 Category: Webapps Tested on:...
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Exploit Title: Joomla! Component Article Factory Manager 4.3.9 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/content-submission/article-factory-manager/ Version: 4.3.9...
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Solaris 'EXTREMEPARR' dtappgather Privilege Escalation", 'Description' = %q This module exploits a directory traversal vulnerability in the...
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
-webkit-logical-width: 1px; -webkit-perspective: 1px; function jsfuzzer var htmlvar00011 = document.getElementById"htmlvar00011"; var htmlvar00019 = document.getElementById"htmlvar00019"; var htmlvar00049 = document.getElementById"htmlvar00049"; var htmlvar00005 =...
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
htmlvar00002, htmlvar00006 column-span: all; :root 1px; position: fixed; -webkit-column-width: 1px; .class2 text-indent: -webkit-shape-margin: 0px; -webkit-writing-mode: vertical-rl; '.' defselement, .class8 display: grid; 1s; function jsfuzzer / newvarhtmlvar00078:HTMLHRElement / htmlvar00078 =...
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
function jsfuzzer var a; forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69238==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120000aaa54 at pc 0x0003280b861a bp...
RICOH MP C2003 Printer - Cross-Site Scripting
Exploit Title: RICOH MP C2003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.ca/en/products/pd/mp-c2003-color-laser-multifunction-printer//R-240-417253 Software : RICOH Printer Product...
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
Exploit Title: Joomla! Component Responsive Portfolio 1.6.1 - 'filterorderDir' SQL Injection Dork: N/A Date: 2018-09-25 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Version: 1.6.1...
RICOH MP C406Z Printer - Cross-Site Scripting
Exploit Title: RICOH MP C406Z Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)
Exploit Title: Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-25 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe Tested Version: 1.8.2 Tested on OS: Windows 7 32bit Steps to Reproduce: Run the python...
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
tref, feMerge, title inherit; float: right; none; 81em function jsfuzzer try var var00006 = htmlvar00002.getSVGDocument; catche try var var00162 = document.head; catche try htmlvar00015.setSelectionRange2,56; catche try var00162.replaceWithhtmlvar00022; catche Text !--...
RICOH MP 305+ Printer - Cross-Site Scripting
Exploit Title: RICOH MP 305+ Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/all-in-one-printers/mp-305sp.html Software: RICOH Printer Product Version: ...
Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)
Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-09-24 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Information...
RICOH MP C6003 Printer - Cross-Site Scripting
Exploit Title: RICOH MP C6003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection Dork: N/A Date: 2018-09-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/ Version: 2.4....
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
Exploit Title: Beyond Remote 2.2.5.3 - Denial of Service PoC Author: Erenay Gencay Discovey Date: 2018-09-24 Vendor notified : 2018-09-24 Software Link: https://beyond-remote-client-and-server.jaleco.com/ Tested Version: 2.2.5.3 Tested on OS: Windows XP Professional sp3 ENG Steps to Reproduce: Ru...
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
Exploit Title: Joomla! Component Auction Factory 4.5.5 - 'filterorder' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/auction-factory/ Version:...
Termite 3.4 - Denial of Service (PoC)
Exploit Title: Termite 3.4 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-09-23 Vendor notified : 2018-09-24 Homepage: https://www.compuphase.com Software Link: https://www.compuphase.com/softwaretermite.htm Tested Version: 3.4 Tested on OS: Windows XP Professional sp3 ENG Step...
SoftX FTP Client 3.3 - Denial of Service (PoC)
Exploit Title: SoftX FTP Client 3.3 - Denial of Service PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-09-24 Tested Version: 3.3 Vulnerability Type: DOS Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: www.softx.org Download Link: http://www.softx.org/ftp.html Step...
Navigate CMS 2.8 - Cross-Site Scripting
Title: Navigate CMS 2.8 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-09-19 Vendor: https://www.navigatecms.com/en/home Software: Navigate CMS 2.8 CVE: CVE-2018-17255 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the...
LG SuperSign EZ CMS 2.5 - Remote Code Execution
Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution Date: 2018-09-18 Exploit Author: Alejandro Fanjul Vendor Homepage:https://www.lg.com Software Link: https://www.lg.com/ar/software-lg-supersign Version: SuperSignEZ 1.3 Tested on: LG WebOS 3.10 CVE : CVE-2018-17173 1. Description LG...