41207 matches found
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Date : 2019-11-29 Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat pwn.c include...
eMerge E3 1.00-06 - Remote Code Execution
eMerge E3 1.00-06 - Remote Code Execution Exploit Title: eMerge E3 1.00-06 - Remote Code Execution Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...
CBAS-Web 19.0.0 - Username Enumeration
CBAS-Web 19.0.0 - Username Enumeration Exploit Title: CBAS-Web 19.0.0 - Username Enumeration Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Enigma NMS 65.0.0 - SQL Injection
Enigma NMS 65.0.0 - SQL Injection -------------------------------------------------------------------- Exploit Title: Enigma NMS searchpattern SQL Injection Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software...
Thunderbird ESR 60.7.XXX - icalrecur_add_bydayrules Stack-Based Buffer Overflow
Thunderbird ESR 60.7.XXX - icalrecuraddbydayrules Stack-Based Buffer Overflow X41 D-Sec GmbH Security Advisory: X41-2019-003 Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed...
Zoho ManageEngine ServiceDesk Plus 9.3 - SolutionSearch.do Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - SolutionSearch.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...
Zoho ManageEngine ServiceDesk Plus 10.5 - Improper Access Restrictions
Zoho ManageEngine ServiceDesk Plus 10.5 - Improper Access Restrictions Exploit Title: Zoho ManageEngine ServiceDesk Plus 10.5 Incorrect Access Control Date: 2019-05-21 Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
WeChat for Android 7.0.4 - vcodec2_hls_filter Denial of Service
WeChat for Android 7.0.4 - vcodec2hlsfilter Denial of Service Exploit Title: DoS Wechat with an emoji Date: 16-May-2019 Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0....
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4....
Apache Tika-server 1.18 - Command Injection
Apache Tika-server 1.18 - Command Injection Description: This is a PoC for remote command execution in Apache Tika-server. Versions Affected: Tika-server versions " print "Example: python CVE-2018-1335.py localhost 9998 calc.exe" else: host = sys.argv1 port = sys.argv2 cmd = sys.argv3 url =...
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...
Linux - kvm_ioctl_create_device() NULL Pointer Dereference
Linux - kvmioctlcreatedevice NULL Pointer Dereference kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret; listadd&dev-vmnode,...
IPFire 2.21 - Cross-Site Scripting
IPFire 2.21 - Cross-Site Scripting Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.is...
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution devolo dLAN 550 duo+ Starter Kit Remote Code Execution Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a...
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation
EE 4GEE Mini EE400002.0044 - Privilege Escalation Title: EE 4GEE Mini EE400002.0044 - Privilege Escalation Date: 2018-09-22 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...
Rubedo CMS 3.4.0 - Directory Traversal
Rubedo CMS 3.4.0 - Directory Traversal Exploit Title: Rubedo CMS 3.4.0 - Directory Traversal Google Dork: intext:rubedo.current.page.description Date: 2018-09-11 Exploit Author: Marouene Boubakri Vendor Homepage: https://www.rubedo-project.org Version: through 3.4.0 Tested on: Linux CVE :...
Project64 2.3.2 - Buffer Overflow (SEH)
Project64 2.3.2 - Buffer Overflow SEH...
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0...
Kaspersky KSN for Linux 5.2 - Memory Corruption
Kaspersky KSN for Linux 5.2 - Memory Corruption ''' Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux CVE: NotYet Exploit description: Kaspersky KSN v5.2 is prone to a remote memory corruption because it fails to properly filter the input on the remote subscribers...
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of...
Tuleap 9.17.99.189 - Blind SQL Injection
Tuleap 9.17.99.189 - Blind SQL Injection =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found: 2018-02-24 by:...
SEGGER embOSIP FTP Server 3.22 - Denial of Service
SEGGER embOSIP FTP Server 3.22 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SEGGER-embOS-FTP-SERVER-v3.22-FTP-COMMANDS-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============...
Oracle JDeveloper 11.1.x12.x - Directory Traversal
Oracle JDeveloper 11.1.x12.x - Directory Traversal + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-TRAVERSAL.txt + ISR: apparition security Vendor: ============= www.oracle.com Product:...
GitStack - Remote Code Execution
GitStack - Remote Code Execution Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setup your own private...
Synology DiskStation Manager (DSM) 6.1.3-15152 - forget_passwd.cgi User Enumeration
Synology DiskStation Manager DSM 6.1.3-15152 - forgetpasswd.cgi User Enumeration Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE ...
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-28...
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps...
Avaya IP Office (IPO) 10.1 - SoftConsole Remote Buffer Overflow (SEH)
Avaya IP Office IPO 10.1 - SoftConsole Remote Buffer Overflow SEH + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt + ISR: apparitionSec Vendor:...
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
Ladon Framework for Python 0.9.40 - XML External Entity Expansion Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and re...
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then...
Jenkins 1.650 - Java Deserialization
Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...
Geneko Routers - Path Traversal
Geneko Routers - Path Traversal Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile...
Microsoft Windows 78.12008 R22012 R22016 R2 - EternalBlue SMB Remote Code Execution (MS17-010)
Microsoft Windows 78.12008 R22012 R22016 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpackfrom import sys import socket import time ''' MS17-010 exploit for Windows 2000 and...
Australian Education App - Remote Code Execution
Australian Education App - Remote Code Execution Exploit Title: Australian Education App - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser2.com Software Link: See APK archive websites Screenshot: Refer to...
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal Vulnerabilities Summary The following advisory describe two 2 vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network...
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution !/usr/bin/python -- coding: utf-8 -- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = chr for in...
DNSTracer 1.8.1 - Buffer Overflow (PoC)
DNSTracer 1.8.1 - Buffer Overflow PoC Exploit Title: DNSTracer Stack-based Buffer Overflow CVE: CVE-2017-9430 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://www.mavetju.org Version : 1.8.1 Tested on: Parrot OS Date: 04-06-2017 Category: Application Author Mail :...
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software...
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
Microsoft Edge Scripting Engine - Memory Corruption MS16-129 !-- Source: http://www.security-assessment.com/files/documents/advisory/edgechakramemcorruption.pdf Name: Microsoft Edge Scripting Engine Memory Corruption Vulnerability MS16-129 CVE: CVE-2016-7202 Vendor Website:...
Linux Kernel 4.5.1 - Off-By-One (PoC)
Linux Kernel 4.5.1 - Off-By-One PoC / EDB Note Download: http://cyseclabs.com/exploits/matreshka.c Blog http://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit / / Quick and dirty PoC for CVE-2016-6187 heap off-by-one PoC By Vitaly Nikolenko [email protected] There's no privilege...
Macro Expert 4.0 - Multiple Privilege Escalations
Macro Expert 4.0 - Multiple Privilege Escalations Exploit Title: Macro Expert 4.0 Multiple Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.macro-expert.com/ Software Link:...
Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation
Apple Intel HD 3000 Graphics Driver 10.0.0 - Local Privilege Escalation / ░▀█▀░█▀█░█░░░█▀█░█▀▀░░░█░█░█░█░█░░░█▀█░█▀▄░█▀▀░█░█░ ░░█░░█▀█░█░░░█░█░▀▀█░░░▀▄▀░█░█░█░░░█░█░█░█░█▀▀░▀▄▀░ ░░▀░░▀░▀░▀▀▀░▀▀▀░▀▀▀░░░░▀░░▀▀▀░▀▀▀░▀░▀░▀▀░░▀▀▀░░▀░░ T A L O S V U L N D E V Proof-of-Concept Exploit Advisory:...
Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
Apache Sling Framework Adobe AEM 2.3.6 - Information Disclosure Document Title: =============== Apache Sling Framework v2.3.6 Adobe AEM CVE-2016-0956 - Information Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1536 Adobe...
D-Link DIR-645 - Multiple UPNP Vulnerabilities
D-Link DIR-645 - Multiple UPNP Vulnerabilities Advisory Information Title: Dlink DIR-645 UPNP Buffer Overflow Vendors contacted: William Brown Dlink Release mode: Released CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issue...
ZHONE S3.0.501 - Multiple Vulnerabilities
ZHONE S3.0.501 - Multiple Vulnerabilities Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx...
Liferay 6.1.0 CE - Privilege Escalation
Liferay 6.1.0 CE - Privilege Escalation Exploit Title: Liferay 6.1.0 CE GA1 Privilege Escalation Date: 18/05/2015 Exploit Author: Massimo De Luca - mentat.is Vendor Homepage: https://www.liferay.com Software Link:...
SO Planning 1.32 - Multiple Vulnerabilities
SO Planning 1.32 - Multiple Vulnerabilities SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and...
Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities
Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Critical vulnerabilities allow surveillance on...