41207 matches found
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem / It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and...
ResourceSpace 8.6 - collection_edit.php SQL Injection
ResourceSpace 8.6 - collectionedit.php SQL Injection Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...
Pydio AjaXplorer 5.0.4 - (Unauthenticated) Arbitrary File Upload
Pydio AjaXplorer 5.0.4 - Unauthenticated Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 5.0.3 – 3.3.5 Date: 01/18/2019 Exploit Author: @jazz Vendor Homepage: https://pydio.com/ Software Link:...
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link:...
OpenSLP 2.0.0 - Multiple Vulnerabilities
OpenSLP 2.0.0 - Multiple Vulnerabilities / | | | / / | . | . | -| | -| | . | ||/ || |||||| | || || 2018-11-07 MORE BUGS IN OPENSLP-2.0.0 ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June...
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...
PHP File Browser Script 1 - Directory Traversal
PHP File Browser Script 1 - Directory Traversal Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software...
Microsoft Windows - dnslint.exe Drive-By Download
Microsoft Windows - dnslint.exe Drive-By Download + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DNSLINT.EXE-FORCED-DRIVE-BY-DOWNLOAD.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...
Dolibarr ERPCRM 7.0.0 - (Authenticated) SQL Injection
Dolibarr ERPCRM 7.0.0 - Authenticated SQL Injection CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
SearchBlox 8.6.6 - Cross-Site Request Forgery
SearchBlox 8.6.6 - Cross-Site Request Forgery Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windo...
EMC RecoverPoint 4.3 - Admin CLI Command Injection
EMC RecoverPoint 4.3 - Admin CLI Command Injection Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint fo...
WebKit - WebCore::jsElementScrollHeightGetter Use-After-Free
WebKit - WebCore::jsElementScrollHeightGetter Use-After-Free input:enabled content: urlfoo; padding-top: 0vmin .class4 -webkit-transform: scale1, 255; function jsfuzzer document.head.appendChildkg; var test = input.scrollHeight; ::ptr const...
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
VideoFlow Digital Video Protection DVP 2.10 - Directory Traversal VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original...
Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access
Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector:...
HPE iMC 7.3 - RMI Java Deserialization
HPE iMC 7.3 - RMI Java Deserialization Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability Date: 01-28-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
Artica Web Proxy 3.06 - Remote Code Execution
Artica Web Proxy 3.06 - Remote Code Execution + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt + ISR: ApparitionSec Vendor: ======= www.articatech.com Product...
MistServer 2.12 - Cross-Site Scripting
MistServer 2.12 - Cross-Site Scripting + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product:...
Ipswitch WS_FTP Professional 12.6.0.3 - Local Buffer Overflow (SEH)
Ipswitch WSFTP Professional 12.6.0.3 - Local Buffer Overflow SEH !/usr/bin/python Title: Ipswitch WSFTP Professional Local Buffer Overflow SEH Author: Kevin McGuigan. Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: https://www.ipswitch.com Date: 03/11/2017 Version:...
FS Realtor Clone - id SQL Injection
FS Realtor Clone - id SQL Injection Exploit Title: FS Realtor Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/realtor-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS...
Shadowsocks - Log File Command Execution
Shadowsocks - Log File Command Execution X41 D-Sec GmbH Security Advisory: X41-2017-008 Multiple Vulnerabilities in Shadowsocks ======================================= Overview -------- Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6 Confirmed Patched Versions: N/A Vendor: Shadowsocks...
DiskBoss Enterprise 8.4.16 - Import Command Local Buffer Overflow
DiskBoss Enterprise 8.4.16 - Import Command Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 "Import Command"...
Stock Photo Selling 1.0 - SQL Injection
Stock Photo Selling 1.0 - SQL Injection !/usr/bin/perl -w Exploit Title: Stock Photo Selling Script 1.0 - SQL Injection Dork: N/A Date: 21.09.2017 Vendor Homepage: http://sixthlife.net/ Software Link: http://sixthlife.net/product/stock-photo-selling-website/ Demo: http://www.photoreels.com/...
Sitefinity CMS 9.2 - Cross-Site Scripting
Sitefinity CMS 9.2 - Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description...
Microsoft Edge Chakra - Heap Buffer Overflow
Microsoft Edge Chakra - Heap Buffer Overflow IsCoroutine ... else InterpreterStackFrame::Setup setupfunction, args; sizet varAllocCount = setup.GetAllocationVarCount; //printf"varAllocCount: %d%X\r\n", varAllocCount, varAllocCount; sizet varSizeInBytes = varAllocCount sizeofVar; // // Allocate a...
Horde Groupware 5.2.21 - Unauthorized File Download
Horde Groupware 5.2.21 - Unauthorized File Download Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users ca...
libao 1.2.0 - Denial of Service
libao 1.2.0 - Denial of Service libao memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= Libao is a cross-platform audio library that allows programs to output audio using a simple API on a wide variety of platforms. Affected version: ===...
REDDOXX Appliance Build 2032 2.0.625 - Remote Command Execution
REDDOXX Appliance Build 2032 2.0.625 - Remote Command Execution Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root...
Nitro Pro PDF - Multiple Vulnerabilities
Nitro Pro PDF - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you chan...
WebKit - WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free
WebKit - WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free function go li.hidden = true; dir.setAttribute"aria-labeledby", "map"; !-- ================================================================= ASan log: =================================================================...
Sungard eTRAKiT3 3.2.1.17 - SQL Injection
Sungard eTRAKiT3 3.2.1.17 - SQL Injection Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticat...
Microsoft Windows Server 2008 R2 (x64) - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010)
Microsoft Windows Server 2008 R2 x64 - SrvOs2FeaToNt SMB Remote Code Execution MS17-010 Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: May, 9 2017 - 13:00PM Found this and more exploits on my open source security project: http://www.exploitpack.com...
MySQL 5.6.35 5.7.17 - Integer Overflow
MySQL 5.6.35 5.7.17 - Integer Overflow ''' Source: https://raw.githubusercontent.com/SECFORCE/CVE-2017-3599/master/cve-2017-3599poc.py Exploit Title: Remote MySQL DOS Integer Overflow Google Dork: N/A Date: 13th April 2017 Exploit Author: Rodrigo Marcos Vendor Homepage: https://www.mysql.com/...
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1086 There is a vulnerability in VirtualBox that permits an attacker with root privileges in a virtual machine with a NAT network...
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation Title: ====== Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router. CVE Details: ============ CVE-2017-6896 Reference: ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896...
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request...
Joomla! Component JE Tour 2.0 - SQL Injection
Joomla! Component JE Tour 2.0 - SQL Injection Exploit Title: Joomla! Component JE Tour 2.0 - SQL Injection Google Dork: inurl:index.php?option=comjetour Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled
Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled function boom m.append"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; m.setAttribute"aria-labeledby", "t"; d.open = false; foo firstChild; The function expects that the first child is going to be of type...
PHPBack 1.3.1 - SQL Injection Cross-Site Scripting
PHPBack 1.3.1 - SQL Injection Cross-Site Scripting Exploit Title :PHPback alertdocument.cookie; in title parameter title="alertdocument.location; SQLI Screenshot https://cloud.githubusercontent.com/assets/10351062/14776703/c9440524-0ae5-11e6-9240-a37a685a72b1.png XSS screenshot...
Zend Framework zend-mail 2.4.11 - Remote Code Execution
Zend Framework zend-mail 2.4.11 - Remote Code Execution 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/...
FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery
FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable...
Microsoft Internet Explorer 891011 IIS CScript.exeWScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080MS14-084)
Microsoft Internet Explorer 891011 IIS CScript.exeWScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory MS14-080MS14-084 !-- Source: http://blog.skylined.nl/20161107001.html Synopsis A specially crafted script can cause the VBScript engine to access data before initializing it. An...
HikVision Security Systems - Activex Buffer Overflow
HikVision Security Systems - Activex Buffer Overflow !/usr/bin/env python The exploit is a part of EAST Framework - use only under the license agreement specified in LICENSE.txt in your EAST Framework distribution visit eastfw.com eastexploits.com for more info import sys import re import os impo...
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation MS16-125 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=887 Windows: Diagnostics Hub DLL Load EoP Platform: Windows 10 10586, not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The fix...
Subversion 1.6.61.6.12 - Code Execution
Subversion 1.6.61.6.12 - Code Execution This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne [email protected] Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available, subversion serv...
Cisco Webex Player T29.10 - .WRF Use-After-Free Memory Corruption
Cisco Webex Player T29.10 - .WRF Use-After-Free Memory Corruption Application: Cisco Webex Player Platforms: Windows Versions: Cisco Webex Meeting Player version T29.10 Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: August 31, 2016 CVE:...
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
Open Upload 0.4.2 - Cross-Site Request Forgery Add Admin ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...