47885 matches found
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion
/ A call to the String.prototype.localeCompare method can be inlineed when it only takes one argument. There are two versions of String.prototype.localeCompare, one 1 is written in JavaScript and the other 2 is written in C++ which just calls the JavaScript version when Intl enabled without...
Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris libnspr NSPRLOGFILE Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write vulnerability in the Netscape...
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
/ Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength propertyIndex currentType = predTypeHandler-GetPredecessorType; if currentType == nullptr ifdef...
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting
Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)
Linux/ARM - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 4 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 4 Bytes Date: 2018-09-18 Author: Ken Kitahara Tested: armv7l Raspberry Pi 3 Model B+ System...
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...
Notebook Pro 2.0 - Denial Of Service (PoC)
Exploit Title : Notebook Pro 2.0 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : http://Alipour.it Date: 2018-09-14 Vendor Homepage : http://www.stokedonit.com/apps/notebook-pro/ Software Link Download : https://www.microsoft.com/store/apps/9WZDNCRDMC76 Tested on : Windows 10 -...
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection
Title: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Date: 2018-09-14 Exploit Author: Hamza Megahed Vendor Homepage:https://www.joomla.org/ Download: https://arkextensions.com/products/jck-editor Version: 6.4.4 Tested on: Ubuntu, FireFox, CVE: N/A Parameter = parent Payload = " UNION...
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CVE: N/A...
CA Release Automation NiMi 6.5 - Remote Command Execution
Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Date: 2016-06-23 Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link: https://docops.ca.com/ca-release-automation/5-5-2/en/installation/deploy-agents/ Version: CA Release...
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
Exploit Title: Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service PoC Discovery by: Jose Eduardo Castro Discovery Date: 2018-09-14 Vendor Homepage: https://www.virtualbox.org/ Software Link:...
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service PoC Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CVE: N/A...
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
/ 3y3t3m th!s - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team clone of https://www.exploit-db.com/exploits/45401 deb yaaaa win7 narrrr fails ch@ng3 p@yl0@d!!!!!!!!!!!!! / include include include include pragma commentlib,"winsta.lib" pragma commentlib,"advapi32.lib" define...
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/86 - File Modification /etc/hosts 127.1.1.1 google.com + Polymorphic Shellcode 99 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/86 - File Modification/etc/hosts Polymorphic Shellcode 99 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Tested on: Linux/x86 gcc -o...
Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)
Linux/x86 - Read File /etc/passwd + MSF Optimized Shellcode 61 bytes. Shellcode exploit for Linuxx86 platform / Shellcode Title: Linux/x86 - Read File /etc/passwd MSF Optimized Shellcode 61 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 g...
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Date: 2018-09-09 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Tested on:...
Faleemi Plus 1.0.2 - Denial of Service (PoC)
Exploit Title: Faleemi Plus 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-14 Software Link: http://support.faleemi.com/fsc776/FaleemiPlusv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the python exploit script, it will creat...
InfraRecorder 0.53 - '.txt' Denial of Service (PoC)
Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service PoC Date: 2018-09-14 Exploit Author: Gionathan "John" Reale Version: version 0.53 Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested on: Windows 7 32bit Steps to Reproduce: Run the...
Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)
Exploit Title: Free MP3 CD Ripper 2.6 - '.wma' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested on OS: Windows 7 32bit Tested Version: 2.6 Steps to Reproduce: Run the...
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a backdoor account with known credentials. This can be used to gain a valid...
CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)
Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service PoC Discovery by: Alan Baeza Discovery Date: 2018-09-13 Vendor Homepage: https://cdburnerxp.se/ Software Link: https://cdburnerxp.se/downloadsetup.exe Tested Version: 4.5.8.6795 Tested on OS : Windows 10 Pro x64 es !/usr/bin/env...
Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
Linux/x86 - echo "Hello World" + Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode 54 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Teste...
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
Linux/x86 - Add Root User r00t/blank + Polymorphic Shellcode 103 bytes. Shellcode exploit for Linuxx86 platform / Shellcode Title: Linux/x86 - Add Userr00t/blank Polymorphic Shellcode 103 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 gcc...
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889, which is used by the "garcon" service. Among other things, garcon is...
Apache Syncope 2.0.7 - Remote Code Execution
Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
Exploit Title: InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-11 Vendor Homepage: http://www.indusoft.com/ Software Link: http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Local Buffer Overflow...
Apache Portals Pluto 3.0.0 - Remote Code Execution
Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
Exploit Title: Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe Tested Version: 1.8.2 Tested on OS: Windows 7 32bit Steps to Reproduce: Run the...
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Author: ZwX Exploit Date: 2018-09-11 Vendor Homepage : http://www.clone2go.com/ Software Link: http://www.clone2go.com/down/video-to-ipod-setup.exe Tested on OS: Windows 7 Proof of Concept PoC: The local buffer...
Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)
Exploit Title: Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested on OS: Windows 7 32bit Tested Version: 2.6 Steps to Reproduce: Run the...
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
Exploit Title: Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2018-09-13 Vendor Homepage : http://www.dvd-photo-slideshow.com/photo-to-video-converter.html Version Software : 8.07 Tested on OS: Windows 7 Related Exploit Link :...
TeamViewer App 13.0.100.0 - Denial of Service (PoC)
Exploit Title: TeamViewer App 13.0.100.0 - Denial of Service PoC Exploit Author: Ali Alipour WebSite: http://Alipour.it Date: 2018-09-13 Vendor Homepage: https://www.teamviewer.com Software Link...
MediaTek Wirless Utility rt2870 - Denial of Service (PoC)
Exploit Title: MediaTek Wirless Utility rt2870 - Denial of Service PoC Autor: Lawrence Amer Date: 2018-09-13 Vendor: MediaTek Software url: https://click.pstmrk.it/2ts/d86o2zu8ugzlg.cloudfront.net%2Fmediatek-craft%2Fdrivers%2FRT27702870RT307x.zip/K94pHAI/oTs1/oC6CdN114w Tested on OS: Windows 7...
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print userspace instructions. Because the userspace...
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)
/ Exploit Title: STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Date: 2018-09-13 Author: Parvez Anwar @parvezghh Vendor Homepage: https://www.stopzilla.com/ Software link: https://download.stopzilla.com/binaries/stopzilla/autoinstaller/STOPzillaAntiMalware.msi Tested Version: 6.5.2.59 Driv...
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
Exploit Title: Unauthenticated Remote SQLi Date: 11/09/2018 Exploit Author: Mohamed Sayed - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10728883 Version: IGI 5.2.3.2 REQUIRED Tested on: Windows 10 CVE : CVE-2018-1756 Hello , IBM IGI version 5.2.3.2 i...
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
Exploit Author: bzyo CVE: CVE-2018-10814 Twitter: @bzyo Exploit Title: SynaMan 4.0 - Cleartext password SMTP settings Date: 09-12-18 Vulnerable Software: SynaMan 4.0 build 1488 Vendor Homepage: http://web.synametrics.com/SynaMan.htm Version: 4.0 build 1488 Software Link:...
Apple macOS 10.13.4 - Denial of Service (PoC)
Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Date: 2018-09-10 Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE : CVE-2018-4240 2018 POC :...
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Exploit Title: Infiltrator Network Security Scanner 4.6 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-12 Software Link: https://www.infiltration-systems.com/download.shtml Tested Version: 4.6 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...
LG Smart IP Camera 1508190 - Backup File Download
Exploit Title: LG Smart IP Camera 1508190 - Backup File Download Date: 2018-09-11 Exploit Author: Ege Balci Vendor Homepage: https://www.lg.com Software version: 1310250 " exit0 print"==========================================================================" print" Exploit Title: LG Smart IP...
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Exploit Title: PDF Explorer 1.5.66.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-12 Software Link: https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip Tested Version: 1.5.66.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit scrip...
PicaJet FX 2.6.5 - Denial of Service (PoC)
Exploit Title: PicaJet FX 2.6.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-11 Software Link: http://www.picajet.com/download/PicaJetFXInstall.exe Tested Version: 2.6.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will crea...
MyBB 1.8.17 - Cross-Site Scripting
Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS Syndication page you can generate a URL for...
Rubedo CMS 3.4.0 - Directory Traversal
Exploit Title: Rubedo CMS 3.4.0 - Directory Traversal Google Dork: intext:rubedo.current.page.description Date: 2018-09-11 Exploit Author: Marouene Boubakri Vendor Homepage: https://www.rubedo-project.org Version: through 3.4.0 Tested on: Linux CVE : CVE-2018-16836 PoC: Read /etc/passwd file from...
RoboImport 1.2.0.72 - Denial of Service (PoC)
Exploit Title: RoboImport 1.2.0.72 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-11 Software Link: http://www.picajet.com/download/RoboImportInstall.exe Tested Version: 1.2.0.72 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it wi...
iCash 7.6.5 - Denial of Service (PoC)
Exploit Title: iCash 7.6.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-12 Software Link: https://www.maxprog.com/site/misc/downloadsus.php Tested Version: 7.6.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new...
PixGPS 1.1.8 - Denial of Service (PoC)
Exploit Title: PixGPS 1.1.8 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: http://www.br-software.com/pixgps11setup.exe Tested Version: 1.1.8 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new fil...
SynaMan 4.0 build 1488 - (Authenticated) Cross-Site Scripting
Exploit Author: bzyo CVE: CVE-2018-10763 Twitter: @bzyo Exploit Title: SynaMan 4.0 - Authenticated Cross Site Scripting XSS Date: 09-12-18 Vulnerable Software: SynaMan 4.0 build 1488 Vendor Homepage: http://web.synametrics.com/SynaMan.htm Version: 4.0 build 1488 Software Link:...
CirCarLife SCADA 4.3.0 - Credential Disclosure
Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 C...
jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
Exploit Title: jiNa OCR Image to Text 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: http://www.convertimagetotext.net/downloadsoftware.php Tested Version: 1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it...