Lucene search
+L
ExploitdbRecent

47904 matches found

exploitdb
exploitdb
added 2017/11/28 12:0 a.m.48 views

Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation

Source: https://twitter.com/lemiorhan/status/935578694541770752 & https://forums.developer.apple.com/thread/79235 "Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware ...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/28 12:0 a.m.100 views

Synology StorageManager 5.2 - Root Remote Command Execution

''' SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3540 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes a remote command execution vulnerability found in...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/28 12:0 a.m.87 views

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download

''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/28 12:0 a.m.63 views

HP iMC Plat 7.2 - Remote Code Execution

!/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE Date: 11-28-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

10CVSS7.7AI score0.82877EPSS
Exploits8
exploitdb
exploitdb
added 2017/11/28 12:0 a.m.132 views

WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal

Exploit Title: WordPress woocommerce directory traversal Date: 28-11-2017 Software Link: https://wordpress.org/plugins/woocommerce/ Exploit Author:fu2x2000 Contact: [email protected] Website: CVE:2017-17058 Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0 Category: webapps 1. Description...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.44 views

Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

/ EDB Note Source https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source https://blog.xpnsec.com/windows-warbird-privesc/ Source https://github.com/xpn/warbirdexploit Ref https://bugs.chromium.org/p/project-zero/issues/detail?id=1391 / //...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.37 views

ZTE ZXDSL 831CII - Improper Access Restrictions

Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================= The Router usually servers html files &...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.41 views

Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1367 In the following JavaScript code, both of the print calls must print out "undefined" because of "x" is a formal parameter. But the second print call prints out "function x ". This bug may lead to type confusion in JITed code...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.40 views

Microsoft Edge Chakra JIT - 'Inline::InlineCallApplyTarget_Shared' does not Return the return Instruction

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1366 Here's a snippet of Inline::Optimize. FOREACHINSTREDITINGinstr, instrNext, func-mheadInstr switch instr-mopcode case Js::OpCode::Label: ... if instr-AsLabelInstr-misForInExit Assertthis-currentForInDepth != 0; // The PoC hit...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.61 views

ALLPlayer 7.5 - Denial of-Service (PoC)

!/usr/bin/python buffer = b"http://" buffer += b"\x41" 1500 f=open"player.m3u","wb" f.writebuffer f.close...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.135 views

Exim 4.89 - 'BDAT' Denial of Service

While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.cL1867 Exim goes into an incorrect state after this message is sent because the function pointer receivegetc is not reset. If the following command is...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.46 views

Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1365 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode. Here's a snippet of GlobOpt::OptTagChecks. if valueType.CanBeTaggedValue &&...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.43 views

Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 1. In the Chakra's JIT compilation process, it stores variables' type information by basic block. function optb let o; if b // BASIC BLOCK a o = ; else // BASIC BLOCK b o = 1.1; // BASIC BLOCK c return o; For example, let's...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/27 12:0 a.m.65 views

Diving Log 6.0 - XML External Entity Injection

Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...

5.5CVSS5.5AI score0.03663EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/25 12:0 a.m.58 views

ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)

!/usr/bin/python Tested on: Windows 10 Professional x86 Exploit for previous version: https://www.exploit-db.com/exploits/42455/ Seems they haven't patched the vulnerability at all :D msfvenom -p windows/exec CMD="calc.exe" -e x86/unicodemixed BufferRegister=EAX -f python shellcode = "" shellcode...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/24 12:0 a.m.45 views

Linux Kernel - 'mincore()' Uninitialized Kernel Heap Page Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I found the following bug with an AFL-based fuzzer: When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/23 12:0 a.m.173 views

Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation

Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It...

7.8CVSS8.4AI score0.0215EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/23 12:0 a.m.25 views

Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)

Linux/x64 - Egghunter 0xbeefbeef Shellcode 34 bytes. Shellcode exploit for Linuxx86-64 platform global start section .text start: xor rsi,rsi push rsi ; starts the search at position 0 pop rdi nextpage: or di,0xfff inc rdi next4bytes: push 21 pop rax syscall cmp al,0xf2 jz nextpage mov...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.50 views

WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1344 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / function freememory var a;...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.52 views

WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1348 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / max-height: 0;...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.47 views

WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1350 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / /...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.53 views

WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1346 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / function jsfuzzer...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.55 views

WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1347 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.57 views

WebKit - 'WebCore::InputType::element' Use-After-Free (2)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1345 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / function go...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.49 views

WebKit - 'WebCore::FormSubmission::create' Use-After-Free

function jsfuzzer textarea1.setRangeText"foo"; textarea2.autofocus = true; textarea1.name = "foo"; form.insertBeforetextarea2, form.firstChild; form.submit; function eventhandler2 forvar i=0;i a b !-- ================================================================= ASan log:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.73 views

WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free

.class9 column-span: all; function f document.execCommand"indent", false; var var00031 = window.getSelection.setBaseAndExtentsum,16,null,6; f; !-- ================================================================= ASan log: =================================================================...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.49 views

Winamp Pro 5.66.Build.3512 - Denial of Service

!/usr/bin/perl Exploit Title: Winamp Pro .wav|.wmv|.au|.asf|.aiff|.aif Denial of Service Date: 2017-11-22 Exploit Author: R.Yavari Version: v5.66.Build.3512 Tested on: Windows 10 , Windows 7 other version should be affected CVE-2017-16951 http://meggamusic.co.uk/winamp/winamp5666fullen-usredux.ex...

5.5CVSS5.7AI score0.03235EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.39 views

WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free

function go iframe.name = "foo"; var form = document.createElement"form"; iframe.src = "data:text/html,foo"; form.submit; window.onbeforeunload = f; function f document.head.appendChilddel; ::get /Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x8664+0x45a...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.48 views

WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free

function eventhandler1 try txt.appendChildkg; catche function eventhandler2 try anim.appendChildkg; catche function eventhandler3 try table.scrollIntoViewtrue; catche a !-- ================================================================= ASan log:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.49 views

WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1349 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / border-bottom: green...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/22 12:0 a.m.35 views

KMPlayer 4.2.2.4 - Denial of Service

!/usr/bin/perl Exploit Title: KMPlayer .nsv Denial of Service Date: 2017-11-22 Exploit Author: R.Yavari Version: v4.2.2.4 Tested on: Windows 10 , Windows 7 other version should be affected NSV is Streaming video container format developed by Nullsoft; used for streaming video clips over the...

5.5CVSS5.6AI score0.03226EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/21 12:0 a.m.108 views

DblTek - Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 1...

10CVSS9.7AI score0.13465EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/21 12:0 a.m.55 views

Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/21 12:0 a.m.36 views

Vonage VDV-23 - Denial of Service

Overview During an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/20 12:0 a.m.166 views

Microsoft Office - OLE Remote Code Execution

Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
exploitdb
exploitdb
added 2017/11/20 12:0 a.m.98 views

Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1332 Windows: CiSetFileCache TOCTOU Security Feature Bypass Platform: Windows 10 10586/14393/10S not tested 8.1 Update 2 or Windows 7 Class: Security Feature Bypass Summary: It’s possible to add a cached signing level to an unsigne...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/20 12:0 a.m.108 views

iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service

Exploit Title: TpwnT - iOS Denail of Service POC Date: 10-31-2017 Exploit Author: Russian Otter Ro Vendor Homepage: https://support.apple.com/en-us/HT208222 Version: 2.1 Tested on: iOS 10.3.2 - 11.1 CVE: CVE-2017-13849 """ ------------------------- CVE-2017-13849 TpwnT by Ro of SavSec...

5.5CVSS6.6AI score0.03782EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/17 12:0 a.m.42 views

Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting

Exploit Title: Icon Time Systems RTC-1000 alert"xss"; ========================================================== PROOF OF CONCEPT - With valid credentials that has permissions to modify the employee records, access the employeelist.html page via Lists-Employees...

5.4CVSS5.6AI score0.01897EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.38 views

Microsoft Edge Chakra JIT - Type Confusion with switch Statements

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1341&desc=3 Let's start with a switch statement and its IR code for JIT. JS: for let i = 0; i ; 100; i++ switch i case 2: case 4: case 6: case 8: case 10: case 12: case 14: case 16: case 18: case 20: case 22: case 24: case 26: ca...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.65 views

Zeta Components Mail 1.8.1 - Remote Code Execution

Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into /var/www/html/cache/exploit.php. The resulting file will contain t...

8.1CVSS7AI score0.10652EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.29 views

VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH)

!/usr/bin/env python Exploit Title : VXSearch v10.2.14 Local SEH Overflow Date : 11/16/2017 Exploit Author : wetw0rk Vendor Homepage : http://www.flexense.com/ Software link : http://www.vxsearch.com/setups/vxsearchentsetupv10.2.14.exe Version : 10.2.14 Tested on : Windows 7 x86 Description : VX...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.40 views

LanSweeper 6.0.100.75 - Cross-Site Scripting

LanSweeper - Cross Site Scripting and HTMLi Title: Vulnerability in LanSweeper Date: 16-11-2017 Status: Vendor contacted, patch available Author: Miguel Mendez Z Vendor Homepage: http://www.lansweeper.com Version: 6.0.100.75 CVE: CVE-2017-16841 Vulnerability description -------------------------...

6.1CVSS6.4AI score0.01438EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.30 views

Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption

,1::FindEntry+0x41: 00007fffe2b7c841 8b0c81 mov ecx,dword ptr rcx+rax4 ds:0000023b4a2ea4c4=???????? 0:015 k Child-SP RetAddr Call Site 00 000000be563fbba0 00007fffe2f52e3e chakra!JsUtil::WeaklyReferencedKeyDictionary,1::FindEntry+0x41 01 000000be563fbbf0 00007fffe2e1f9a4...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.35 views

Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1343 Here's a snippet of the method. void Lowerer::LowerBoundCheckIR::Instr const instr ... ifrightOpnd-IsIntConstOpnd IntConstType newOffset; if!IntConstMath::Addoffset, rightOpnd-AsIntConstOpnd-GetValue, &newOffset --- a offset...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.37 views

Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1357 function opta, b, v if b.length b0 = ; return 0; ; printb0; main;...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.57 views

TP-Link TL-WR740N - Cross-Site Scripting

Exploit Title: XSS Vuln - TP-LINK TL-WR740N Date: 15/11/2017 Exploit Author: bl00dy Vendor Homepage: http://www.tp-link.com Version: TP-LINK TL-WR740N - 3.17.0 Build 140520 Rel.75075n Tested on: Windows 8.1 Cross-site scripting XSS in TP-LINK TL-WR740N Proof of Concept: 1. Go to your wireless...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/16 12:0 a.m.43 views

Vonage VDV23 - Cross-Site Scripting

Exploit Title: Vonage Home Router – Stored Xss Date: 16/11/2017 Exploit Author: Nu11By73 Hardware Version: VDV-23: 115 Software Version: 3.2.11-0.9.40 CVE : CVE-2017-16843 NewKeyword Parameter: 1. Login to the router 2. Click advanced setup 3. Click parental controls 4. In the block these keyword...

5.4CVSS5.6AI score0.01494EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/15 12:0 a.m.41 views

CommuniGatePro 6.1.16 - Cross-Site Scripting

Exploit Title: CommuniGatePro webmails Multiple Stored XSS Date: 15/11/2017 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.stalker.com/ Software Link: http://www.stalker.com/ paid product Version: 6.1.16 Tested on: production server on crystal, pron...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/14 12:0 a.m.38 views

Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow

Tested on Windows 10 x86 The application requires to have the web server enabled. Exploit for older version: https://www.exploit-db.com/exploits/40832/ !/usr/bin/python import socket,os,time,struct,argparse parser = argparse.ArgumentParser parser.addargument'--host', required=True args =...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/14 12:0 a.m.70 views

PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free

X41 D-Sec GmbH Security Advisory: X41-2017-006 Multiple Vulnerabilities in PSFTPd Windows FTP Server ===================================================== Overview -------- Confirmed Affected Versions: 10.0.4 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung Vend...

5.9CVSS4.9AI score0.08742EPSS
Exploits4
Total number of security vulnerabilities47904