47904 matches found
WebRTC - H264 NAL Packet Processing Type Confusion
Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before this loop, and if it is true, the loop extracts and se...
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SonicWall Global Management System XMLRPC settimezone Unath RCE", 'Description' = %q This module exploits a vulnerability in SonicWall Global...
WebRTC - VP8 Block Decoding Use-After-Free
There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc 0x0000014cde2f bp 0x7ff20616d7e0 sp 0x7ff20616d7d8 READ of size...
WebRTC - FEC Processing Overflow
There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incomingrtppacket, which is an RTP packet with a mac length that is defined by the transport 2048 bytes for DTLS in Chrome. This packet is...
Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)
Exploit Title: Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite POC Vulnerability Type: SEH Overwrite POC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-01 Software Link: http://www.alloksoft.com/fastsplitter.htm Tested Version: 1.2 Tested on OS:...
ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Exploit Title: ipPulse 1.92 - 'License Key' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovery Date: 2018-07-30 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link: http://download.netscantools.com/ipls192.zip Tested...
LG NAS 3718.510.a0 - Remote Command Execution
LG NAS 3718.510.a0 - Remote Command Execution Author: @0x616163 Date: 2018-07-29 Credits: https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ CVE: N/A Firmware Version: 3718.510.a0 !/usr/bin/env python import sys import argparse import requests from collections...
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact: https://twitter.com/0xB455 CVE: CVE-2018-14716 Category: webapps 1. Description An...
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
Exploit Title: Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-07-27 Vendor Homepage: https://switchportmapper.com/ Software Link : http://download.switchportmapper.com/spm281.zip Tested Version: 2.81 Vulnerability Type:...
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
Exploit Title: ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-07-27 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link : http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability...
Charles Proxy 4.2 - Local Privilege Escalation
Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...
Responsive Filemanager 9.13.1 - Server-Side Request Forgery
Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery Date: 2018-07-29 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zip...
Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)
/ Exploit Title: Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service PoC Author: vportal Date: 2018-07-27 Vendor homepage: http://www.microsoft.com Version: Windows 7 x86 Tested on: Windows 7 x86 CVE: N/A It is possible to trigger a BSOD caused by a Null pointer deference...
fusermount - user_allow_other Restriction Bypass and SELinux Label Control
/ It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode: =============================================== uuser@debian:$ mount|grep...
Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Exploit Title: Allok MOV Converter 4.6.1217 - Buffer Overflow SEH Date: 2018-07-29 Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link: http://www.alloksoft.com/allokmovconverter.exe Tested Version: 4.6.1217 Tested on OS: Windows XP Service Pack 3 x86 Greetz:...
H2 Database 1.4.197 - Information Disclosure
Exploit Title: H2 Database 1.4.197 - Information Disclosure Date: 2018-07-16 Exploit Author: owodelta Vendor Homepage: www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux CVE : CVE-2018-14335 Description: Insecure handling of...
SoftNAS Cloud < 4.0.3 - OS Command Injection
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date...
Online Trade 1 - Information Disclosure
Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: Dhamotharan Date: 2018-07-17 Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE : CVE-2018-14328 Version: 1 Tested on: Kali Linux Description :...
Skia - Heap Overflow in SkScan::FillPath due to Precision Error
There is a heap overflow in Skia when drawing paths with antialiasing turned off. This issue can be triggered in both Google Chrom and Mozilla Firefox by rendering a specially crafted SVG image. PoCs for both browsers are attached. Details: When Skia fills a path with antialiasing turned off,...
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
Exploit Title: NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service PoC Discovery by: Luis Martínez Discovery Date: 2018-07-26 Vendor Homepage: https://www.netscantools.com/ Software Link : http://download.netscantools.com/nstb250.zip Tested Version: 2.5 Vulnerability Type: Denial of...
QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
Exploit Title: QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service PoC Discovery by: Luis Martínez Discovery Date: 2018-07-26 Vendor Homepage: https://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/QVRClient/Qmon5.1.1.30070.zip Tested Version: 5.1.1.30070...
WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "WordPress Responsive Thumbnail Slider Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload vulnerability in...
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis Network Camera .srv to parhand RCE', 'Description' = %q This module exploits an auth bypass in .srv functionality and a command injection in...
Core FTP 2.0 - 'XRMD' Denial of Service (PoC)
Exploit Title: Core FTP 2.0 - 'XRMD' Denial of Service PoC Date: 2018-07-24 Exploit Author: Erik David Martin Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/server/download/CoreFTPServer.exe Version: Version 2.0, build 653, 32-bit Tested on: Windows XP Professional...
Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
Exploit Title: Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: 2.5.12 CVE: NA Category: Web Application 1. Description The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web...
Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware, webapps Tested on: V8.76 - SNR 8604.26 - C4 Professional...
GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)
Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow Denial of Service Date: 2018-07-25 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2017-17849 Tested On: Windows 7 x86, Windows 10 x64 Details The downloader feature of GetGo Download Manager is vulnerable to a...
10-Strike LANState 8.8 - Local Buffer Overflow (SEH)
Exploit Title: 10-Strike LANState 8.8 - Local Buffer Overflow SEH Date: 2018-07-24 Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/lanstate/download.shtml Version 8.8 Tested on: Windows 7 SP 1 x86 Open LANState, File -...
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
Title: 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow SEH Date: 2018-07-24 Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/bandwidth-monitor/download.shtml Run script, open up generated txt file and copy to...
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com Version: Hardware version: F1 Firmware version: 6.O5 Tested...
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...
Nagios Core 4.4.1 - Denial of Service
Exploit Title: Nagios Core Multiple Local Denial of Service Date: 2018-07-09 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.nagios.org/ Software Link: https://www.nagios.org/downloads/nagios-core/ Version: 4.4.1 and earlier Tested on: 4.4.1 qhcore, qhhelp, and qhecho in...
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)
Linux/x86 - Bind 4444/TCP Shell /bin/sh + IPv6 Shellcode 100 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - Bind 4444/TCP Shell + IPv6 Shellcode 100 bytes Length : 100bytes Author: Kartik Durg Write-up Link: https://iamroot.blog/2018/07/17/0x1-shellbindtcpipv6-linux-x86/ Tested...
Microsoft Windows - 'dnslint.exe' Drive-By Download
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DNSLINT.EXE-FORCED-DRIVE-BY-DOWNLOAD.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ================= www.microsoft.com Product ===========...
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Exploit Title: NUUO NVR Unauthenticated Remote Code Execution Exploit Author: Berk Dusunur Google Dork: N/A Date: 2018-07-21 Vendor Homepage: http://www.nuuo.com/ Software Link: http://www.nuuo.com/ Affected Version: v2016 Tested on: Parrot OS CVE : N/A Proof Of Concept GET...
Kirby CMS 2.5.12 - Cross-Site Scripting
Exploit Title: Kirby CMS 2.5.12 - Cross-Site Scripting Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: 2.5.12 CVE : NA Category: Web Application Description The application allows user injected payload which can lead to Stored Cross Site Scripting. Proof of Concept 1. Visit the...
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Date: 2018-07-21 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2015-5996 Description: The router is vulnerable to a cross-site request forgery attacker. If an administrator is...
Davolink DVW 3200 Router - Password Disclosure
Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Author: Ankit Anubhav Vendor Homepage: www.davolink.co.kr Softwa...
Splinterware System Scheduler Pro 5.12 - Privilege Escalation
Exploit Title: Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2018-07-21 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.12 Tested Windows 7 SP1 x86 CVE: N/A Description: Splinterware...
Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Splinterware System Scheduler Pro 5.12 - Local Buffer Overflow SEH Date: 07-21-18 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.12 Software Link:...
Microsoft Windows Speech Recognition - Buffer Overflow (PoC)
Title: Windows Speech Recognition- Buffer Overflow Author: Nassim Asrir Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.microsoft.com/ About Windows Speech Recognition: ================================= Windows Speech Recognition lets you...
Synology DiskStation Manager 4.1 - Directory Traversal
Exploit Title: Synology DiskStation Manager 4.1 - Directory Traversal Google Dork: N/A Date: 2018-07-21 Exploit Author: Berk Dusunur Vendor Homepage: https://www.synology.com Software Link: https://www.synology.com Version: v4.1 Tested on: Parrot OS CVE : N/A PoC...
GeoVision GV-SNVR0811 - Directory Traversal
Exploit Title: GeoVision GV-SNVR0811 Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Date: 2018-07-21 Vendor Homepage: http://www.geovision.com.tw/product/GV-SNVR0811 Software Link: http://www.geovision.com.tw/product/GV-SNVR0811 Affected Version: N/A Tested on:...
Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation
!/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" req = json.dumps"jsonrpc":"2.0","method":"call",...
MSVOD 10 - 'cid' SQL Injection
Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/ Payload:...
TP-Link TL-WR840N - Denial of Service
Exploit Title:- TP-Link Wireless N Router WR840N - Buffer Overflow Date:- 2018-07-16 Vendor Homepage:- https://www.tp-link.com/ Hardware Link:- https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version:- TP-Link Wireless N Router WR840N Category:- Hardware Exploit...
Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass
Exploit Title: Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 - Unauthorized Authentication Reset Date: 2018-07-20 Software Link: https://world.trivum-shop.de Version: 2.56 build 13381 - 12-07-2018 Category: webapps Tested on: Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6...
Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux BPF Sign Extension Local Privilege Escalation', 'Description' = %q Linux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter BPF whi...
MyBB New Threads Plugin 1.1 - Cross-Site Scripting
Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Date: 7/16/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-14392 1. Description: New Threads is a plugi...
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0 destRect.y1; ifflipX swapdRect.x0, dRect.x1; swapsRect.x0, sRect.x1;...