Lucene search
+L
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.53 views

PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption

Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a security vulnerability. difficulty: fun: Just needs tuits, and not...

9.8CVSS9.8AI score0.21816EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.284 views

Linux Kernel - 'ping' Local Denial of Service

// Source: https://raw.githubusercontent.com/danieljiang0415/androidkernelcrashpoc/master/panic.c include include include include static int sockfd = 0; static struct sockaddrin addr = 0; void fuzzvoid param while1 addr.sinfamily = 0;//rand%42; printf"sinfamily1 = %08lx\n", addr.sinfamily;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.71 views

Xavier 2.4 - SQL Injection

Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2076 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID VL-ID: ==================================== 20...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.51 views

Robert 0.5 - Multiple Vulnerabilities

Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link : https://github.com/RobertManager/robert/archive/master.zip Live demo :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.69 views

Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service

/ Source: https://bugzilla.novell.com/showbug.cgi?id=1034862 QA REPRODUCER: gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils ./CVE-2017-7472 will run the kernel out of memory / include include int main for ;; keyctlsetreqkeykeyringKEYREQKEYDEFLTHREADKEYRING;...

5.5CVSS7AI score0.02263EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.38 views

DC/OS Marathon UI - Docker (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.62 views

Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting

Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2 Tested on: Kali Linux 2.0 | Windows 8.1 Email:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.33 views

Artifex MuPDF - Null Pointer Dereference

Source: https://bugs.ghostscript.com/showbug.cgi?id=697500 POC to trigger null pointer dereference mutool After some fuzz testing I found a crashing test case. Git HEAD: 8eea208e099614487e4bd7cc0d67d91489dae642 To reproduce: mutool convert -F cbz nullptrfzpaintpixmapwithmask -o /dev/null ASAN:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/06 12:0 a.m.44 views

Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution

Sources: https://phoenhex.re/2017-06-02/arrayspread https://github.com/phoenhex/files/blob/master/exploits/spread-overflow JavaScriptCore will allocate a JSFixedArray for every spread operand of the array literal in slowpathspread. As such, roughly 4 billion JSValues will have to be allocated,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/06 12:0 a.m.71 views

Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 7.0.0-build1904 Confirmed Patched Versions:...

9.8CVSS6.9AI score0.61577EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/06/06 12:0 a.m.46 views

Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = chr for in xrange0x00, 0xFF + 0x01 def randbaselength, bad, chars: '''generate a random string wi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/06 12:0 a.m.51 views

WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting

DefenseCode WebScanner DAST Advisory WordPress Tribulant Newsletters Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-012 Advisory Title: WordPress Tribulant Newsletters Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.62 views

Linux/x86-64 - /bin/sh Shellcode (31 bytes)

Linux/x86-64 - /bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x86-64 - /bin/sh Shellcode ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: This shellcode baased on "JMP CALL POP"...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.55 views

Kronos Telestaff < 2.92EU29 - SQL Injection

Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote systems ?php $cmdtoexecute = strToHex"pi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.45 views

Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service

Source: https://bugs.wireshark.org/bugzilla/showbug.cgi?id=13637 Build Information: TShark Wireshark 2.3.0 v2.3.0rc0-3235-gd97ce76161 Copyright 1998-2017 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions. There i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.46 views

Subsonic 6.1.1 - Server-Side Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media...

8.8CVSS9AI score0.01776EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.46 views

Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...

8.8CVSS9AI score0.15395EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.63 views

DNSTracer 1.8.1 - Buffer Overflow (PoC)

Exploit Title: DNSTracer Stack-based Buffer Overflow CVE: CVE-2017-9430 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://www.mavetju.org Version : 1.8.1 Tested on: Parrot OS Date: 04-06-2017 Category: Application Author Mail : [email protected] Description:...

9.8CVSS9.8AI score0.1132EPSS
Exploits8
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.786 views

BIND 9.10.5 - Unquoted Service Path Privilege Escalation

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BIND9-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: =========== www.isc.org Product: =========== BIND9 v9.10.5 x86 / x64 BIND is open source software that enables you...

7.8CVSS7AI score0.01413EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.33 views

Wireshark 2.2.6 - IPv6 Dissector Denial of Service

Build Information: TShark Wireshark 2.3.0 v2.3.0rc0-3369-g2e2ba64b72 Copyright 1998-2017 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.52 views

Parallels Desktop - Virtual Machine Escape

Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website :...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.46 views

Subsonic 6.1.1 - XML External Entity Injection

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...

7.4CVSS7.7AI score0.26906EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.45 views

Subsonic 6.1.1 - Cross-Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-PASSWORD-RESET-CSRF.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...

7.5CVSS7.8AI score0.02478EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/04 12:0 a.m.52 views

WordPress Plugin Event List < 0.7.8 - SQL Injection

Exploit Title: WordPress Plugin Event List = 0.7.8 - SQL Injection Date: 04-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://wordpress.org/plugins/event-list/ Version: 0.7.8 CVE : CVE-2017-9429 Category: webapps 1. Description: SQL injection vulnerability in t...

8.8CVSS9AI score0.0273EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/04 12:0 a.m.58 views

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution

!/usr/bin/env python coding: utf8 EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution Vendor: EnGenius Technologies Inc. Product web page: https://www.engeniustech.com Affected version: ESR300 1.4.9, 1.4.7, 1.4.2, 1.4.1.28, 1.4.0, 1.3.1.42, 1.1.0.28 ESR350 1.4.11, 1.4.9,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/03 12:0 a.m.57 views

WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection

Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/ Version: 3.4.1...

8.8CVSS9AI score0.0239EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/03 12:0 a.m.36 views

Joomla! Component Payage 2.05 - 'aid' SQL Injection

Exploit Title: Joomla Payage 2.05 - SQL Injection Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Mojtaba Kazemi Vendor Home : https://extensions.joomla.org/extensions/extension/e-commerce/payment-systems/payage/ My Home : http://persian-team.ir/ Google Dork :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/02 12:0 a.m.47 views

HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution

Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 E0403P10 Enterprise, this vulnerability leads to an exploitable remote code execution. HPE Intelligent Management Center iMC delivers comprehensive...

10CVSS8AI score0.34245EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/06/02 12:0 a.m.45 views

Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection

Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticated user. Vulnerabilities ================...

9.8CVSS9.8AI score0.11769EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/06/02 12:0 a.m.57 views

reiserfstune 3.6.25 - Local Buffer Overflow

Title: reiserfstune 3.6.25 – Local Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A - Download -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/02 12:0 a.m.22 views

Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: DiskSorter v9.7.14 - Input Directory Local Buffer Overflow - PoC Date: 25 May 2017 Exploit Author: n3ckD Vendor Homepage: http://www.disksorter.com/ Software Link: http://www.disksorter.com/setups/disksortersetupv9.7.14.exe Version: Disk Sorter v9.7.14 32-Bit Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.32 views

CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities

Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad design. CMS log file besides DB log location wi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.48 views

WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting

Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w = open'about:blank', 'w', 'width=500, height=500'; let i0 =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.54 views

WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting

Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function waitForcheck, cb let it = setInterval = if check clearIntervalit; cb; , 10; window.onclick = = window.onclick = null; w = opencreateURL'', '', 'width=500, height=500'; w.onload ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.51 views

WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.65 views

WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting

tree.parent; Frame openerFrame = mframe-loader.opener; Frame ownerFrame = parentFrame; if !ownerFrame ownerFrame = openerFrame; if !ownerFrame didFailToInitializeSecurityOrigin; return; ... setCookieURLownerFrame-document-cookieURL; // We alias the SecurityOrigins to match Firefox, see Bug 15313 ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.73 views

Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read

Exploit title : Arbitry file reading by authenticated users on Riverbed SteelHead VCX Vendor: Riverbed Author: Gregory DRAPERI Date: 03/2017 Software Link: https://www.riverbed.com/gb/products/steelhead/Free-90-day-Evaluation-SteelHead-CX-Virtual-Edition.html Version: SteelHead VCX VCX255U x8664...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.55 views

WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1165 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is called whether...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/01 12:0 a.m.49 views

WebKit - 'Element::setAttributeNodeNS' Use-After-Free

Element::setAttributeNodeNSAttr& attrNode ... setAttributeInternalindex, attrNode.qualifiedName, attrNode.value, NotInSynchronizationOfLazyAttribute; attrNode.attachToElementthis; treeScope.adoptIfNeededattrNode; ensureAttrNodeListForElementthis.append&attrNode; return WTFMoveoldAttrNode;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/31 12:0 a.m.55 views

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting

Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/31 12:0 a.m.66 views

OV3 Online Administration 3.0 - SQL Injection

OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data management, the course is set for...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/31 12:0 a.m.64 views

OV3 Online Administration 3.0 - Directory Traversal

OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data management, the course is set for...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/31 12:0 a.m.56 views

OV3 Online Administration 3.0 - Remote Code Execution

!-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.64 views

Piwigo Plugin Facetag 0.0.3 - SQL Injection

Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.63 views

uc-http Daemon - Local File Inclusion / Directory Traversal

''' | \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | |...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.80 views

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution

Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster VLM deployed on Hyper­V, VMWare, on bare metal or in the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.62 views

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.55 views

Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution

The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross­-generational threat defense techniques that have been optimized to protect physical,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.49 views

Microsoft MsMpEng - Use-After-Free via Saved Callers

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1259 In JsRuntimeState::setCaller, it saves the current caller in the JsRuntimeState objectrcx+158h in 64-bit. But the garbage collector doesn't mark this saved value. So it results in a UAF. Unlike in our test environmentLinux, it...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.78 views

TiEmu 2.08 - Local Buffer Overflow

!/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: Windows 7 32 bits Description: TiEmu Texas Instrument Emulator 2.08 and prior is prone to a stack-based buffer overflow vulnerability because the...

7.4AI score
Exploits0
Total number of security vulnerabilities47904