47904 matches found
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)
Exploit Title: Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow SEH Date: 25.04.2018 Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokavi2dvd.exe Category:Local Contact:https://twitter.com/T3jv1l Version: Allok AVI to DVD SVCD VCD...
GitList 0.6 - Remote Code Execution
''' Exploit Title: GitList 0.6 Unauthenticated RCE Date: 25-04-2018 Software Link: https://github.com/klaussilveira/gitlist Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description Bypass/Exploit escapeshellarg...
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu 17.10 CVE: CVE-2018-10365 1. Description...
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Date: 2018-04-01 Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version: v2018.03.09-1 CVE : CVE-2018-9160 Category: webapps 1. Background...
Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
Exploit Title: WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion Date: 2018-04-25 Exploit Author: Wadeek Software Link: https://downloads.wordpress.org/plugin/wp-with-spritz.zip Software Version: 1.0 Google Dork: intitle:"Spritz Login Success" AND...
Shopy Point of Sale 1.0 - CSV Injection
Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13 Release Date...
Chrome V8 JIT - 'AwaitedPromise' Update Bug
/ Here's a snippet of AsyncGeneratorReturn. https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650 Node const context = ParameterDescriptor::kContext; Node const outerpromise = LoadPromiseFromAsyncGeneratorRequestreq...
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion
Exploit Title: HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10260 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac OS...
HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection
Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac ...
HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting
Exploit Title: HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross Site Scripting Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10259 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux...
Blog Master Pro 1.0 - CSV Injection
Exploit Title: Blog Master Pro v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10255 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/blog-master-pro/21689781 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13 Release Date:...
HRSALE The Ultimate HRM 1.0.2 - CSV Injection
Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac OS 10.13...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
/ When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns the destructuring assignments to the outer...
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in 2-step form then confirm. POST...
Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
Linux/x86 - execve/bin/sh + ROT-13 + RShift-2 + XOR Encoded Shellcode 44 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post :...
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)
Linux/x86 - Edit /etc/sudoers ALL ALL=ALL NOPASSWD: ALL For Full Access + Null-Free Shellcode 79 bytes. Shellcode exploit for Linuxx86 platform / Title: Edit /etc/sudoers with NOPASSWD for ALL Date: 2018-04-19 Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: edit...
Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - Reverse 127.1.1.1:5555/TCP Shell Shellcode 73 Bytes. Shellcode exploit for Linuxx86 platform / Linux x86 Reverse TCP shellcode 127.1.1.1/5555 Shellcode Author: Anurag Srivastava Shellcode Length: 73 Student-ID: SLAE-1219 Note...
Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)
Linux/x86 - chmod 4755 /bin/dash Shellcode 33 bytes. Shellcode exploit for Linuxx86 platform / Title: chmod 4755 /bin/dash Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: setuid bit on /bin/dash Tested On: Ubuntu 14.04 Arch: x86 Size: 33 bytes global start section .te...
Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)
Linux/x86 - execvecp /bin/sh /tmp/sh; chmod +s /tmp/sh + Null-Free Shellcode 74 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: cp shell into /tmp and setuid Teste...
Microsoft Windows - Local Privilege Escalation
include "stdafx.h" define PML4BASE 0xFFFFF6FB7DBED000 define PDPBASE 0xFFFFF6FB7DA00000 define PDBASE 0xFFFFF6FB40000000 define PTBASE 0xFFFFF68000000000 typedef LARGEINTEGER PHYSICALADDRESS, PPHYSICALADDRESS; pragma packpush,4 typedef struct CMPARTIALRESOURCEDESCRIPTOR UCHAR Type; UCHAR...
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
/ https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect HeapObjectMatcher mtargetGetValueInputeffect, 0; HeapObjectMatche...
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-Win-10-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ======= www.microsoft.com Product: ======== Internet Explorer Windows 10...
Adobe Flash - Out-of-Bounds Write in blur Filtering
The attached swf file causes and out-of-bounds write in blur filtering. This PoC crashes reliably in Firefox for Linux. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44529.zip...
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...
Adobe Flash - Info Leak in Image Inflation
The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png. Proof of Concept:...
Adobe Flash - Overflow in Slab Rendering
The attached fuzzed swf file causes heap or stack corruption depending on platform when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...
Adobe Flash - Overflow when Playing Sound
The attached fuzzed swf file causes heap overflow when playing a sound. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44526.zip...
ASUS infosvr - Authentication Bypass Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ASUS infosvr Auth Bypass Command Execution', 'Description' = %q This module exploits an authentication bypass vulnerability in the infosvr service...
lastore-daemon D-Bus - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'lastore-daemon D-Bus Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Deepin Linux systems by using...
Kaspersky KSN for Linux 5.2 - Memory Corruption
''' Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux CVE: NotYet Exploit description: Kaspersky KSN v5.2 is prone to a remote memory corruption because it fails to properly filter the input on the remote subscribers, this leads to heap segments overwrite and it...
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
...
Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
!/usr/bin/env python --------------------------------------------------------------------------------------------------- Exploit Title : Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow DEP Bypass Date : 04/24/2018 Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author...
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
Exploit Title: Buffer OverflowSEH on Allok Video to DVD Burner2.6.1217 Date: 23.04.2018 Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokdvdburner.exe Category:Local Contact:https://twitter.com/T3jv1l Version: Allok Video to DVD Burner 2.6.1217 Test...
RGui 3.4.4 - Local Buffer Overflow
!/usr/bin/python Exploit Author: bzyo CVE: CVE-2018-9060 Twitter: @bzyo Exploit Title: R 3.4.4 - Local Buffer Overflow Date: 03-27-2018 Vulnerable Software: R 3.4.4 Vendor Homepage: https://www.r-project.org/ Version: 3.4.4 Software Link: https://cloud.r-project.org/bin/windows/ Tested On: Window...
Open-AudIT 2.1 - CSV Macro Injection
Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link: https://www.open-audit.org/downloads.php Affected Version: 2.1...
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: macos 10.12.6, php 5....
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery Date: 2018-04-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10312 An issue was discovered in WUZHI CMS 4.1....
UK Cookie Consent - Persistent Cross-Site Scripting
Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting Date: 2018-04-22 Exploit Author: B0UG Vendor Homepage: https://catapultthemes.com/ Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/description Version: Tested on version 2.3.9 older versions may also be...
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)
""" VLC Media Player/Kodi/PopcornTime 'Red Chimera' 2.2.5 Memory Corruption PoC Author: SivertPL [email protected] CVE: CVE-2017-8311 Infamous VLC/Kodi/PopcornTime subtitle attack in libsubtitleplugin.dll. This is the Proof of Concept of the reverse engineered heap corruption vulnerability...
gif2apng 1.9 - '.gif' Stack Buffer Overflow
Exploit Title: gif2apng 1.9 '.gif' Stack-Buffer Overflow Date: 20 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: http://gif2apng.sourceforge.net/ Version: 1.9 Tested on: Ubuntu 16.04 CVE : gif2apng is vulnerable to a stack based buffer overflow when a malformed gif is supplied. Following i...
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
-- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoksel || bgoksel.com Vendor Homepage: http://www.ipecs.com/...
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer Software Link: Can't legally provide link but can be found on net...
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Bind 1337/TCP Shell /bin/sh + Null-Free Shellcode 92 bytes. Shellcode exploit for Linuxx86 platform / Linux x86 Bind TCP shellcode This shellcode will listen on port 1337 and give you /bin/sh Shellcode Author: Anurag Srivastava Shellcode Length: 92 Student-ID: SLAE-1219 Note...
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char readstring = "ToolsAutoInstallGetParams"; typedef struct DnDCPMsgHdrV4 char...
PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)
Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version: 18.1.39.1648 CVE : CVE-2018-10253 Post Reference:...
Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)
Exploit Title: Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Date: 2018-04-23 Exploit Author: Marwan Shamel Software Link: https://filehippo.com/downloadfreedownloadmanager/925/ Version: v2.0 Built 417 Tested on: Windows 7 Enterprise SP1 32 bit Special thanks to my wife Steps :...
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
!/usr/bin/env python ''' @author: r4wd3r @license: MIT License @contact: [email protected] ''' import argparse import re import sys import requests parser = argparse.ArgumentParser description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' + ' CVE-2017-12635'...
phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...
Ncomputing vSpace Pro 10/11 - Directory Traversal
Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability Date: 2018-04-20 Software Vendor: NComputing Software Link: Author: Javier Bernardo Contact: [email protected] Website: http://www.kwell.net CVE: CVE-2018-10201 Category: Webapps Description It is possible to read...