Lucene search
+L
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.117 views

Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)

Linux/x8664 - Reverse Shell 192.168.1.8:4444 Shellcode 104 bytes. Shellcode exploit for Linx86-64 platform / ;Category: Shellcode ;Title: GNU/Linux x8664 - Reverse Shell Shellcode ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 18/07/2017 ;Architecture: Linux x8664 ;Tested on: 1 S...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.42 views

Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection

POST /cgi-bin/login.cgi?redirect=/ HTTP/1.1 Host: 10.242.129.149 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0 Connection: close Referer: https://10.242.129.149/cgi-bin/login.cgi?redirect=/ Cookie: CAKEPHP=sleep 10 Content-Type...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.47 views

Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)

Exploit Title: Sonicwall gencsr CGI Remote Command Injection Vulnerablity Date: 12/24/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link: sonicwall.com/products/sra-virtual-appliance Version: 8.1.0.6-21sv Tested on: 8.1.0.2-14sv CVE : awaiting cve vuln:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.66 views

Oracle E-Business Suite 12.x - Server-Side Request Forgery

Exploit Title: Oracle E-Business Suite - Server Side Request Forgery Date: 19 July 2017 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Greetings: Raj3sh.tv, Deepu.tv Vendor Homepage: www.oracle.com Software Link:...

8.2CVSS8.3AI score0.13937EPSS
Exploits1
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.26 views

Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)

E-DB Note: + Source: https://github.com/sensepost/gdi-palettes-exp + Binary: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42432.exe include include include include //From http://stackoverflow.com/a/26414236 this defines the details of the NtAllocateVirtualMemor...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.56 views

Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection

Sonicwall Secure Remote Access SRA - Command Injection Vulnerabilities Vendor: Sonicwall Dell Product: Secure Remote Access SRA Version: 8.1.0.2-14sv Platform: Embedded Linux Discovery: Russell Sanford of Critical Start www.CriticalStart.com CVE: cve-2016-9682 Tested against version 8.1.0.2-14sv ...

10CVSS9.6AI score0.23296EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.37 views

Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)

Exploit Title: Citix SD-WAN logout cookie preauth Remote Command Injection Vulnerablity Date: 02/20/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.citrix.com Software Link: https://www.citrix.com/downloads/cloudbridge/ Version: 9.1.2.26.561201 Tested on: 9.1.2.26.561201 OS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/19 12:0 a.m.50 views

Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)

Exploit Title: Sonicwall importlogo/sitecustomization CGI Remote Command Injection Vulnerablity Date: 12/25/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link: sonicwall.com/products/sra-virtual-appliance Version: 8.1.0.2-14sv Tested on: 8.1.0.2-14sv CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.126 views

Microsoft Windows Kernel - 'IOCTL 0x120007 NsiGetParameter' nsiproxy/netio Pool Memory Disclosure

/ We have discovered that the handler of the 0x120007 IOCTL in nsiproxy.sys \.\Nsi device discloses portions of uninitialized pool memory to user-mode clients, likely due to output structure alignment holes. On our test Windows 7 32-bit workstation, an example layout of the output buffer is as...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.135 views

PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting

Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptive, cloud-architected software – built on its unified Pega® Platform ...

6.5CVSS6.3AI score0.03503EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.66 views

Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)

Exploit Title: Barracuda Load Balancer Firmware 'Barracuda Load Balancer Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Load Balancer Firmware Version = v6.0.1.006 2016-08-19 by exploiting a vulnerability in the web administration interface. By sending ...

9CVSS8.9AI score0.11081EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.58 views

Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)

Exploit Title: Sophos Web Appliance reporting JSON trafficType Remote Command Injection Vulnerablity Date: 01/28/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.3.0.2 Tested on: 4.3.0.2 CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.81 views

Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption

element. The bug was confirmed on IE Version 11.0.9600.18617 Update Version 11.0.40 running on Windows 7 64-bit. I was unable to reproduce it on Windows 10. PoC: ========================================== -- function go setTimeout"window.location.reload",100;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.37 views

Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion

PvarGetArithVal; VAR arithv2 = v2-PvarGetArithVal; int resulttype = resultlookuptablev1-vartypev2-vartype; ifresulttype == 10 RaiseError...; ifresulttype == 2 ... else ifresulttype == 3 ... else ifresulttype == 4 ... v1-vartype = resulttype; where the logic for VAR::PvarGetArithVal is roughly VAR...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/18 12:0 a.m.46 views

Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation

I'm a big fan of Hashicorp but this is an awful bug to have in software of their calibre. Their vagrant plugin for vmware fusion uses a product called Ruby Encoder to protect their proprietary ruby code. It does this by turning the ruby code into bytecode and executing it directly. Unfortunately...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/17 12:0 a.m.66 views

Belkin F7D7601 NetCam - Multiple Vulnerabilities

Exploit Title: Belkin NetCam F7D7601 | Remote Command Execution Date: 17/07/17 Exploit Author: Wadeek Vendor Homepage: http://www.belkin.com/ Tested on: Belkin NetCam F7D7601 WeMoNetCamWW2.00.10684.PVT ================================================ UnsetupMode == 0 Hard-coded password admin:adm...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/16 12:0 a.m.58 views

Geneko Routers - Path Traversal

Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition...

7.5CVSS7AI score0.0881EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/07/16 12:0 a.m.153 views

Orangescrum 1.6.1 - Multiple Vulnerabilities

Exploit Title: Orangescrum 1.6.1 Multiple Vulnerabilities Google Dork: NA Date: July 9 2017 Exploit Author: [email protected] Author blog : cupuzone.wordpress.com Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/free-download Version: 1.6.1 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/15 12:0 a.m.45 views

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass

Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor notification: 2017-07-15 Vendor fix: 2017-09-25 Public...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/14 12:0 a.m.55 views

WDTV Live SMP 2.03.20 - Remote Password Reset

WDTV Live SMP Remote Password Reset Vulnerability Date: Jul 14 2017 Author: sw1tch Demo: https://www.sw1tch.net/2017/07/12/wdtv-live-smb-exploit/ Description: A simple remotely exploitable web application vulnerability for the WDTV Live Streaming Media Player and possibly other WDTV systems...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/14 12:0 a.m.33 views

FTPGetter 5.89.0.85 - Remote Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: FTPGetter 5.89.0.85 Remote SEH Buffer Overflow Date: 07/14/2017 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: https://www.ftpgetter.com/ Vulnerable Version Download: Available for 30 days here: https://ufile.io/2celn I can upload again...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/14 12:0 a.m.143 views

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution

function asmjsmodule "use asm"; / huge jitted nop sled / function payloadcode var val = 0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0...

9.8CVSS9.2AI score0.87598EPSS
Exploits20
Exploit DB
Exploit DB
added 2017/07/13 12:0 a.m.75 views

OrientDB - Code Execution

Vulnerability Summary The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code. OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product. The first and best scalable,...

10CVSS7AI score0.73071EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/07/13 12:0 a.m.56 views

Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Models: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.02p2-1141 2.77p1-1125 2.77-1115 2.76-9999...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/13 12:0 a.m.42 views

Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation

Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 2.77-1115 2.76-9999 2.76-1101 2.67-1070 2.45-10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/13 12:0 a.m.48 views

Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass

Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 2.76-9999 2.76-1101 2.67-1070 2.45-1045 Summar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/13 12:0 a.m.41 views

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.03p1-1145 3.03-1144-01 3.02p2-1141...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/13 12:0 a.m.55 views

CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation

Exploit Title: Privilege Escalation via CyberArk Viewfinity 8. This will spawn a new CMD prompt. Verify you are now Administrator by typing in "net sess...

7.8CVSS7.8AI score0.00985EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/07/12 12:0 a.m.45 views

360 Total Security - Local Privilege Escalation

Vulnerability Summary The following advisory describes an Privileged Escalation vulnerability found in 360 Total Security. 360 Total Security offers your PC complete protection from Viruses, Trojans and other emerging threats. Whether you are shopping online, downloading files or chatting with yo...

7.8CVSS7.9AI score0.01984EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/07/12 12:0 a.m.55 views

WordPress Plugin Sabai Discuss - Cross-Site Scripting

Exploit Title: Sabai Discuss Wordpress Plugin Stored XSS vulnerability Exploit Author: Hesam Bazvand Contact: https://www.facebook.com/hesam.king73 Software demo : https://sabaidiscuss.com/ Tested on: Windows 7 / Kali Linux Category: WebApps Dork : User Your Mind ! :D Video Demo :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/12 12:0 a.m.99 views

Skype for Business 2016 - Cross-Site Scripting

Exploit Title: Skype for Business 2016 XSS Injection - CVE-2017-8550 Exploit Author: @nyxgeek - TrustedSec Date: 2017-04-10 Vendor Homepage: www.microsoft.com Versions: 16.0.7830.1018 32-bit & 16.0.7927.1020 64-bit or lower Requirements: Originating machine needs Lync 2013 SDK installed as well a...

5.4CVSS5.2AI score0.22433EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/07/11 12:0 a.m.64 views

NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection

Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/...

10CVSS9.4AI score0.14603EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/07/11 12:0 a.m.388 views

Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

!/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpackfrom import sys import socket import time ''' MS17-010 exploit for Windows 2000 and later by sleepya EDB Note: mysmb.py can be found here...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/11 12:0 a.m.62 views

DataTaker DT80 dEX 1.50.012 - Information Disclosure

Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-11165 Vendor: ===============...

9.8CVSS9.6AI score0.6413EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.36 views

Pelco VideoXpert 1.12.105 - Information Disclosure

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillanc...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.41 views

Pelco VideoXpert 1.12.105 - Directory Traversal

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillance...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.39 views

Pelco VideoXpert 1.12.105 - Local Privilege Escalation

Schneider Electric Pelco VideoXpert Privilege Escalations Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Core Software 1.12.105 Media Gateway Software 1.12.26 Exports 1.12 Summary: VideoXpert is a video management solution designed for scalability, fitting...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.48 views

Pelco Sarix/Spectra Cameras - Remote Code Execution

Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model: IME119 Firmware: 2.1.2.0.8280-A0.0 Sarix - Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.82 views

NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection

Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...

9CVSS8.7AI score0.16179EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.63 views

Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting

Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model: IME119 Firmware: 2.1.2.0.8280-A0.0 Sarix - Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.46 views

Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model: IME119 Firmware: 2.1.2.0.8280-A0.0 Sarix - Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/10 12:0 a.m.60 views

NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Local Privilege Escalation

Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage: http://www.alienvault.com/ Software Link:...

8.4CVSS9.1AI score0.01678EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/07/08 12:0 a.m.65 views

Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (DEP Bypass)

!/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - GET Buffer Overflow DEP Bypass with ROP Date: 8 July 2017 Exploit Author: Sungchul Park Author Contact: [email protected] Vendor Homepage: http://www.sharing-file.com Software Link: http://www.sharing-file.com/efssetup.exe Versio...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/07 12:0 a.m.45 views

Counter Strike: Condition Zero - '.BSP' Map File Code Execution

!/usr/bin/env python Counter Strike: Condition Zero BSP map exploit By @DigitalCold Jun 11, 2017 E-DB Note: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42325.zip bsp-exploit-source.zip from binascii import hexlify, unhexlify from struct import pack, unpack...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/07 12:0 a.m.60 views

Firefox 54.0.1 - Denial of Service

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0.1 Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/07 12:0 a.m.194 views

Apache Struts 2.3.x Showcase - Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- Just a demo for CVE-2017-9791 import requests def exploiturl, cmd: print"+ command: %s" % cmd payload = "%" payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?memberAccess=dm:" payload +=...

9.8CVSS9.6AI score0.98931EPSS
Exploits19
Exploit DB
Exploit DB
added 2017/07/07 12:0 a.m.76 views

Yaws 1.91 - Remote File Disclosure

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 Yet Another Web Server...

7.5CVSS7.6AI score0.81028EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/06 12:0 a.m.43 views

LibTIFF - 'tif_dirwrite.c' Denial of Service

Source: http://bugzilla.maptools.org/showbug.cgi?id=2712 Triggered by "./tiffset POC1" $ ./tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 0x12e encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 0xf209 encountered. poc3: AdobeDeflate compression support is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/06 12:0 a.m.25 views

LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read

Source: http://bugzilla.maptools.org/showbug.cgi?id=2693 On 4.0.7: tiffsplit $FILE ==2007== Invalid read of size 4 ==2007== at 0x40CD1A: TIFFVGetField tifdir.c:1072 ==2007== by 0x41B2C5: TIFFVGetField tifdir.c:1198 ==2007== by 0x41B2C5: TIFFGetField tifdir.c:1182 ==2007== by 0x404CCF: tiffcp...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/06 12:0 a.m.60 views

LibTIFF - 'tif_jbig.c' Denial of Service

Source: http://bugzilla.maptools.org/showbug.cgi?id=2706 Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” The asan debug information is below: $./tiff2ps $POC ================================================================= ==26627==ERROR:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904