47885 matches found
Microsoft Edge / Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
.class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table border-spacing: 0px; function boom document.styleSheets0.media.mediaText = "aaaaaaaaaaaaaaaaaaaa"; th1.align = "right"; !-- Note: The analysis below is based on an 64-bit IE running in single process mode running ...
Joomla! Component JO Facebook Gallery 4.5 - SQL Injection
Exploit Title: Joomla! Component JO Facebook Gallery v4.5 - SQL Injection Google Dork: inurl:index.php?option=comjofacebookgallery Date: 24.02.2017 Vendor Homepage: http://joomcore.com/joomla32/ Software Buy:...
Joomla! Component AJAX Search for K2 2.2 - SQL Injection
Exploit Title: Joomla! Component AJAX Search for K2 v2.2 - SQL Injection Google Dork: inurl:index.php?option=comk2ajaxsearch Date: 24.02.2017 Vendor Homepage: http://taleia.software/ Software Buy:...
Joomla! Component Community Quiz 4.3.5 - SQL Injection
Exploit Title: Joomla! Component Community Quiz v4.3.5 - SQL Injection Google Dork: inurl:index.php?option=comcommunityquiz Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/community-quiz/ Demo:...
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if !firstWindow.allowPopUp tree.findframeName return nullptr;...
Joomla! Component GPS Tools 4.0.1 - SQL Injection
Exploit Title: Joomla! Component GPS Tools v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comgpstools Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/gps-tools/ Demo:...
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
&& newDocument ASSERT!newDocument || newDocument-frame == this; if mdoc && mdoc-pageCacheState != Document::InPageCache mdoc-prepareForDestruction; mdoc = newDocument.copyRef; ... Before setting |mdoc| to |newDocument|, it calls |prepareForDestruction| that fires unload event handlers. If we call...
Joomla! Component Community Polls 4.5.0 - SQL Injection
Exploit Title: Joomla! Component Community Polls v4.5.0 - SQL Injection Google Dork: inurl:index.php?option=comcommunitypolls Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/polls/community-polls/ Demo...
Joomla! Component JooDatabase 3.1.0 - SQL Injection
Exploit Title: Joomla! Component JooDatabase v3.1.0 - SQL Injection Google Dork: inurl:index.php?option=comjoodb Date: 24.02.2017 Vendor Homepage: https://feenders.de/ Software Buy: https://extensions.joomla.org/extensions/extension/core-enhancements/coding-a-scripts-integration/joodatabase/ Demo...
Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting
domWindow; mframe.document-domWindow-resetUnlessSuspendedForDocumentSuspension; mframe.script.clearWindowShellnewDocument-domWindow, mframe.document-pageCacheState == Document::AboutToEnterPageCache; / Apple WebKit: UXSS via FrameLoader::clear When the new page is loading, FrameLoader::clear is...
Joomla! Component Community Surveys 4.3 - SQL Injection
Exploit Title: Joomla! Component Community Surveys v4.3 - SQL Injection Google Dork: inurl:index.php?option=comcommunitysurveys Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/surveys/community-surveys...
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Linux/x86-64 - Egghunter Shellcode 38 bytes. Shellcode exploit for Linux platform / Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of...
NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection
Exploit Title: NetGain Enterprise Manager – “Ping” Command Injection Date: 23.02.2017 Exploit Author: MrChaZ Vendor Homepage: http://www.netgain-systems.com/ Version: = v7.2.562 build 853 Tested on: Windows 10 Pro 64-bit 10,0 Build 14393 Description:...
Joomla! Component Store for K2 3.8.2 - SQL Injection
Exploit Title: Joomla! Component Store for K2 v3.8.2 - SQL Injection Google Dork: inurl:index.php?option=comk2store Date: 23.02.2017 Vendor Homepage: http://jworkplace.com/ Software Buy: https://extensions.joomla.org/extensions/extension/extension-specific/k2-extensions/store-for-k2/ Demo:...
Joomla! Component UserExtranet 1.3.1 - SQL Injection
Exploit Title: Joomla! Component UserExtranet v1.3.1 - SQL Injection Google Dork: inurl:index.php?option=comuserextranet Date: 23.02.2017 Vendor Homepage: http://www.beesto.com/ Software Buy: https://extensions.joomla.org/extensions/extension/access-a-security/site-access/userextranet/ Demo:...
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read
/ OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help or using "help:" scheme: help...
Joomla! Component MultiTier 3.1 - SQL Injection
Exploit Title: Joomla! Component MultiTier v3.1 - SQL Injection Google Dork: inurl:index.php?option=commultitier Date: 23.02.2017 Vendor Homepage: http://www.beesto.com/ Software Buy: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/affiliate-systems/multitier/ Demo:...
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
!/usr/bin/python import requests import argparse import urllib import base64 import tarfile import os parser = argparse.ArgumentParserdescription='Fibaro RCE' parser.addargument'--rhost' parser.addargument'--lhost' parser.addargument'--lport' args = parser.parseargs f = open'run.sh', 'w'...
D-Link DCS Series Cameras - Insecure Crossdomain
Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on DCS-933L with firmware version 1.03. Other...
Joomla! Component MediaLibrary Basic 3.5 - SQL Injection
Exploit Title: Joomla! Component MediaLibrary Basic v3.5 - SQL Injection Google Dork: inurl:index.php?option=combooklibrary Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/ Demo:...
Teradici Management Console 2.2.0 - Privilege Escalation
Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console Software Link:...
Disk Savvy Enterprise 9.4.18 - Remote Buffer Overflow (SEH)
Exploit Title: DiskSavvy Enterprise 9.4.18 - Remote buffer overflow - SEH overwrite with WoW64 egghunters Date: 2017-02-22 Exploit Author: Peter Baris Vendor Homepage: www.saptech-erp.com.au Software Link: http://www.disksavvy.com/downloads.html Version: 9.4.18 Tested on: Windows 7 Pro SP1 x64...
Joomla! Component RealEstateManager 3.9 - SQL Injection
Exploit Title: Joomla! Component RealEstateManager v3.9 - SQL Injection Google Dork: inurl:index.php?option=comrealestatemanager Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...
Joomla! Component ContentMap 1.3.8 - 'contentid' SQL Injection
Exploit Title: Joomla! Component ContentMap v1.3.8 - SQL Injection Google Dork: inurl:index.php?option=comcontentmap Date: 22.02.2017 Vendor Homepage: https://www.turismo.eu/ Software Buy: https://extensions.joomla.org/extensions/extension/maps-a-weather/geotagging/contentmap/ Demo:...
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product: =========================== EASYCOM AS400 iBMI PHP API...
EasyCom For PHP 4.0.0 - Denial of Service
Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product: =========== SQL iPlug EasycomPHP4.0029.iC8im2.exe SQL iPlug...
Google Chrome - 'layout' Out-of-Bounds Read
content contain: size layout; function leak document.execCommand"selectAll"; opt.text = ""; aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...
Joomla! Component VehicleManager 3.9 - SQL Injection
Exploit Title: Joomla! Component VehicleManager v3.9 - SQL Injection Google Dork: inurl:index.php?option=comvehiclemanager Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/ Demo:...
Joomla! Component BookLibrary 3.6.1 - SQL Injection
Exploit Title: Joomla! Component BookLibrary v3.6.1 - SQL Injection Google Dork: inurl:index.php?option=combooklibrary Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/booklibrary-basic/ Demo:...
Grails PDF Plugin 0.6 - XML External Entity Injection
Exploit Title: Grails PDF Plugin 0.6 XXE Date: 21/02/2017 Vendor Homepage: http://www.grails.org/plugin/pdf Software Link: https://github.com/aeischeid/grails-pdfplugin Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/grails-pdf-plugin-xxe...
ProjectSend r754 - Insecure Direct Object Reference
Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID:...
Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was observed in Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled...
Adobe Flash - MP4 AMF Parsing Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. Proof of Concept:...
Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection
Exploit Title: Joomla! Component AppointmentBookingPro v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comrsapptpro3 Date: 21.02.2017 Vendor Homepage: http://appointmentbookingpro.com/ Software Buy:...
Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection
Exploit Title: Joomla! Component J-BusinessDirectory v4.6.8 - SQL Injection Google Dork: inurl:index.php?option=comjbusinessdirectory Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy: http://www.cmsjunkie.com/ajax/index/options/productid/73/ Demo:...
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
Exploit Title: Joomla! Component Directorix Directory Manager v1.1.1 - SQL Injection Google Dork: inurl:index.php?option=comdirectorix Date: 21.02.2017 Vendor Homepage: http://informafix.fr/ Software Buy:...
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/gifts-a-coupons/magic-deals-web/...
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
Exploit Title: Joomla! Component Eventix Events Calendar v1.0 - SQL Injection Google Dork: inurl:index.php?option=comeventix Date: 21.02.2017 Vendor Homepage: http://informafix.fr/ Software Buy: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/eventix-events-calendar/...
Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=949 Platform: Microsoft Office 2010 on Windows 7 x86 Class: heap memory corruption The following crash was observed in Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled. This crash appeared to be...
Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=950 Platform: Microsoft Office 2010 on Windows 7 x86 Class: Time of check time of use leading to memory corruption The following crash was observed in Microsoft Office 2010 running under Windows 7 x86 with Application Verifier...
Adobe Flash - YUVPlane Decoding Heap Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1008 The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit 127.0.0.1/LoadMP4.swf?file=yvplane.flv. Proof of Concept:...
Joomla! Component J-HotelPortal 6.0.2 - 'review_id' SQL Injection
Exploit Title: Joomla! Component J-HotelPortal v6.0.2 - SQL Injection Google Dork: inurl:index.php?option=comjhotelreservation Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy: http://www.cmsjunkie.com/joomla-hotel-portal Demo: http://hoteldemo.cmsjunkie.com/j3/portal/...
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
Document Title: =============== Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2032 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID:...
Adobe Flash - Use-After-Free in Applying Bitmap Filter
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1007 The attached swf causes a use-after-free in applying bitmap filters. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41422.zip...
Adobe Flash - SWF Stack Corruption
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1013 The attached fuzzed swf causes stack corruption when it is loaded, likely due to the parsing of the SWF file. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41421.zip...
Joomla! Component J-CruiseReservation Standard 3.0 - 'city' SQL Injection
Exploit Title: Joomla! Component J-CruiseReservation Standard v3.0 - SQL Injection Google Dork: inurl:index.php?option=comjcruisereservation Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy: http://www.cmsjunkie.com/ajax/index/options/productid/58/ Demo:...
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' SQL Injection
Exploit Title: Joomla! Component J-MultipleHotelReservation Standard v6.0.2 - SQL Injection Google Dork: inurl:index.php?option=comjcruisereservation Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy: http://www.cmsjunkie.com/joomlamultihotelreservationstandard Demo:...
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
Digisol Router CSRF Exploit - Indrajith A.N history.pushState'', '', '/' input type="hidden"...
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode 45 bytes. Shellcode exploit for Linx86 platform Title: x86 SELinux change between permissive and enforcing modes shellcode Date: 20-02-2017 Author: Krzysztof Przybylski Platform: Linx86 Tested on: CentOS 6.8 i686 Shellcode Size: 45 bytes ID:...
Joomla! Component MaQma Helpdesk 4.2.7 - 'id' SQL Injection
Exploit Title: Joomla! Component MaQma Helpdesk v4.2.7 - SQL Injection Google Dork: inurl:index.php?option=commaqmahelpdesk Date: 20.02.2017 Vendor Homepage: http://componentslab.com/ Software Buy: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/maqma-helpdesk/...