47904 matches found
LG SuperSign EZ CMS 2.5 - Remote Code Execution
Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution Date: 2018-09-18 Exploit Author: Alejandro Fanjul Vendor Homepage:https://www.lg.com Software Link: https://www.lg.com/ar/software-lg-supersign Version: SuperSignEZ 1.3 Tested on: LG WebOS 3.10 CVE : CVE-2018-17173 1. Description LG...
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE: CVE-2018-17128 Description: Attacker can run JavaScript...
udisks2 2.8.0 - Denial of Service (PoC)
Exploit: udisks2 2.8.0 - Denial of Service PoC Author: oxagast Date: 2018-09-22 Vendor Homepage: http://storaged.org/ Software Link: https://github.com/storaged-project/udisks Version: =udisks2 2.8.0 Tested on: Ubuntu x64 / / / \ / / / O / / \ \ /\//\// ========The vulnerable section of code...
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-18 Vendor Homepage: http://arenam.ru/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/amgallery/ Version: 1.2.3...
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Exploit Title: RICOH Aficio MP 301 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) + sigaction() Shellcode (52 Bytes)
Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL + sigaction Shellcode 52 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - sigaction Based Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 52 Bytes Date: 2018-09-24 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken...
WebRTC - FEC Out-of-Bounds Read
There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer. This bug causes the following ASAN crash: ==109993==ERROR: AddressSanitizer: heap-buffer-overflow on address...
WebRTC - VP9 Processing Use-After-Free
There is a use-after-free in VP9 processing in WebRTC. In the method RtpFrameReferenceFinder::ManageFrameVp9 the following code occurs: auto gofinfoit = gofinfo.findcodecheader.temporalidx == 0 ? codecheader.tl0picidx - 1 : codecheader.tl0picidx; ... // snip info = &gofinfoit-second; // Clean up...
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About: Collectric CMU is a Swedish made...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)
Exploit Title: NICO-FTP 3.0.1.19 - Buffer Overflow SEH Author: Abdullah Alıç Date: 2018-09-04 Software link: https://en.softonic.com/download/nico-ftp/windows/post-download Tested Version: 3.0.1.19 Vulnerability Type: Buffer Overflow SEH Tested on OS: Windows XP Professional SP3 x86 eng import...
Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)
Linux/x86 - Egghunter 0x50905090 + sigaction Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Egghunter + sigaction-based Shellcode 27 bytes Author:Valbrux Date: 2018-09-19 This exploit is a dirty-slow but small version of the sigaction-based egg hunter shellcode...
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Date: 2018-09-09 Exploit Author: Fahimeh Rezaei Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters Software Link: https://plugins.roundcube.net/packages/eagle00789/rcfilters Version: rcfilters plugin...
Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against cache signing has been mitigated through NtSetCachedSigningLevel it’s...
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug was found in the file: /wechat-broadcast/wechat/Image.php echo...
LG SuperSign EZ CMS 2.5 - Local File Inclusion
Exploit Title: LG SuperSign EZ CMS 2.5 - Local File Inclusion Date: 2018-09-13 Exploit Author: Alejandro Fanjul Vendor Homepage: https://www.lg.com/ar/software-lg-supersign Version: SuperSign EZ CMS Tested on: Web OS 4.0 CVE : CVE-2018-16288 More info:...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found in the file: /localize-my-post/ajax/include.php...
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correctly handle pre-defined keys resulting in a double dereference which can lead to...
Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)
Linux/ARM - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 4 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 4 Bytes Date: 2018-09-18 Author: Ken Kitahara Tested: armv7l Raspberry Pi 3 Model B+ System...
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting
Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris libnspr NSPRLOGFILE Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write vulnerability in the Netscape...
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion
/ A call to the String.prototype.localeCompare method can be inlineed when it only takes one argument. There are two versions of String.prototype.localeCompare, one 1 is written in JavaScript and the other 2 is written in C++ which just calls the JavaScript version when Intl enabled without...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Date: 2018-09-01 Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on:...
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2 Versions: 3.8.0 and below Tested Against: 03.07.0000.0011 a...
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
/ Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength propertyIndex currentType = predTypeHandler-GetPredecessorType; if currentType == nullptr ifdef...
CA Release Automation NiMi 6.5 - Remote Command Execution
Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Date: 2016-06-23 Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link: https://docops.ca.com/ca-release-automation/5-5-2/en/installation/deploy-agents/ Version: CA Release...
Notebook Pro 2.0 - Denial Of Service (PoC)
Exploit Title : Notebook Pro 2.0 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : http://Alipour.it Date: 2018-09-14 Vendor Homepage : http://www.stokedonit.com/apps/notebook-pro/ Software Link Download : https://www.microsoft.com/store/apps/9WZDNCRDMC76 Tested on : Windows 10 -...
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
Exploit Title: Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service PoC Discovery by: Jose Eduardo Castro Discovery Date: 2018-09-14 Vendor Homepage: https://www.virtualbox.org/ Software Link:...
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection
Title: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Date: 2018-09-14 Exploit Author: Hamza Megahed Vendor Homepage:https://www.joomla.org/ Download: https://arkextensions.com/products/jck-editor Version: 6.4.4 Tested on: Ubuntu, FireFox, CVE: N/A Parameter = parent Payload = " UNION...
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service PoC Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CVE: N/A...
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CVE: N/A...
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
/ 3y3t3m th!s - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team clone of https://www.exploit-db.com/exploits/45401 deb yaaaa win7 narrrr fails ch@ng3 p@yl0@d!!!!!!!!!!!!! / include include include include pragma commentlib,"winsta.lib" pragma commentlib,"advapi32.lib" define...
Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)
Linux/x86 - Read File /etc/passwd + MSF Optimized Shellcode 61 bytes. Shellcode exploit for Linuxx86 platform / Shellcode Title: Linux/x86 - Read File /etc/passwd MSF Optimized Shellcode 61 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 g...
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/86 - File Modification /etc/hosts 127.1.1.1 google.com + Polymorphic Shellcode 99 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/86 - File Modification/etc/hosts Polymorphic Shellcode 99 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Tested on: Linux/x86 gcc -o...
Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Teste...
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
Linux/x86 - Add Root User r00t/blank + Polymorphic Shellcode 103 bytes. Shellcode exploit for Linuxx86 platform / Shellcode Title: Linux/x86 - Add Userr00t/blank Polymorphic Shellcode 103 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 gcc...
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a backdoor account with known credentials. This can be used to gain a valid...
InfraRecorder 0.53 - '.txt' Denial of Service (PoC)
Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service PoC Date: 2018-09-14 Exploit Author: Gionathan "John" Reale Version: version 0.53 Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested on: Windows 7 32bit Steps to Reproduce: Run the...
Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)
Exploit Title: Free MP3 CD Ripper 2.6 - '.wma' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested on OS: Windows 7 32bit Tested Version: 2.6 Steps to Reproduce: Run the...
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Date: 2018-09-09 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Tested on:...
Faleemi Plus 1.0.2 - Denial of Service (PoC)
Exploit Title: Faleemi Plus 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-14 Software Link: http://support.faleemi.com/fsc776/FaleemiPlusv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the python exploit script, it will creat...
CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)
Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service PoC Discovery by: Alan Baeza Discovery Date: 2018-09-13 Vendor Homepage: https://cdburnerxp.se/ Software Link: https://cdburnerxp.se/downloadsetup.exe Tested Version: 4.5.8.6795 Tested on OS : Windows 10 Pro x64 es !/usr/bin/env...
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
Exploit Title: Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2018-09-13 Vendor Homepage : http://www.dvd-photo-slideshow.com/photo-to-video-converter.html Version Software : 8.07 Tested on OS: Windows 7 Related Exploit Link :...
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
Exploit Title: Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe Tested Version: 1.8.2 Tested on OS: Windows 7 32bit Steps to Reproduce: Run the...
MediaTek Wirless Utility rt2870 - Denial of Service (PoC)
Exploit Title: MediaTek Wirless Utility rt2870 - Denial of Service PoC Autor: Lawrence Amer Date: 2018-09-13 Vendor: MediaTek Software url: https://click.pstmrk.it/2ts/d86o2zu8ugzlg.cloudfront.net%2Fmediatek-craft%2Fdrivers%2FRT27702870RT307x.zip/K94pHAI/oTs1/oC6CdN114w Tested on OS: Windows 7...
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Author: ZwX Exploit Date: 2018-09-11 Vendor Homepage : http://www.clone2go.com/ Software Link: http://www.clone2go.com/down/video-to-ipod-setup.exe Tested on OS: Windows 7 Proof of Concept PoC: The local buffer...
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
Exploit Title: InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-11 Vendor Homepage: http://www.indusoft.com/ Software Link: http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Local Buffer Overflow...
TeamViewer App 13.0.100.0 - Denial of Service (PoC)
Exploit Title: TeamViewer App 13.0.100.0 - Denial of Service PoC Exploit Author: Ali Alipour WebSite: http://Alipour.it Date: 2018-09-13 Vendor Homepage: https://www.teamviewer.com Software Link...
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889, which is used by the "garcon" service. Among other things, garcon is...
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print userspace instructions. Because the userspace...