41207 matches found
MySQL 5.6.35 5.7.17 - Integer Overflow
MySQL 5.6.35 5.7.17 - Integer Overflow ''' Source: https://raw.githubusercontent.com/SECFORCE/CVE-2017-3599/master/cve-2017-3599poc.py Exploit Title: Remote MySQL DOS Integer Overflow Google Dork: N/A Date: 13th April 2017 Exploit Author: Rodrigo Marcos Vendor Homepage: https://www.mysql.com/...
HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation
HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation Source: https://www.securify.nl/advisory/SFY20170408/localprivilegeescalationvulnerabilityinhidemyassprovpnclientv3xformacos.html Abstract A local privilege escalation vulnerability has been found in the helper binary...
Tuleap Project Wiki 8.3 9.6.99.86 - Command Injection
Tuleap Project Wiki 8.3 9.6.99.86 - Command Injection Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and...
Alerton Webtalk 2.53.3 - Multiple Vulnerabilities
Alerton Webtalk 2.53.3 - Multiple Vulnerabilities ''' Security Issues in Alerton Webtalk ================================== Introduction ------------ Vulnerabilities were identified in the Alerton Webtalk Software supplied by Alerton. This software is used for the management of building automatio...
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation Source: https://www.securify.nl/advisory/SFY20170402/multiplelocalprivilegeescalationvulnerabilitiesinhidemyassprovpnclientv2xforosx.html Abstract Multiple local privilege escalation vulnerabilities were found in the helper...
Emby MediaServer 3.2.5 - Directory Traversal
Emby MediaServer 3.2.5 - Directory Traversal Emby MediaServer 3.2.5 Directory Traversal File Disclosure Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to...
Emby MediaServer 3.2.5 - Password Reset
Emby MediaServer 3.2.5 - Password Reset Emby MediaServer 3.2.5 Password Reset Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream...
Emby MediaServer 3.2.5 - SQL Injection
Emby MediaServer 3.2.5 - SQL Injection Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize...
Panda Free Antivirus - PSKMAD.sys Denial of Service
Panda Free Antivirus - PSKMAD.sys Denial of Service / Exploit Title: Panda Cloud Antivirus Free - 'PSKMAD.sys' - BSoD - denial of service Date: 2017-04-29 Exploit Author: Peter baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...
IrfanView 4.44 - Denial of Service
IrfanView 4.44 - Denial of Service Exploit Title: Irfanview - OtherExtensions Input Overflow Date: 29-04-2017 Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button Exploit Author: Dreivan Orprecio Version: Irfanview 4.44 Irfanview is vulnerable to overflow in...
Admidio 3.2.8 - Cross-Site Request Forgery
Admidio 3.2.8 - Cross-Site Request Forgery Exploit Title :Admidio 3.2.8 CSRF to Delete Users Date: 28/April/2017 Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website: http://provensec.com/ Vendor Homepage: https://www.admidio.org/ Software Link: https://www.admidio.org/download.ph...
Easy File Uploader - Arbitrary File Upload
Easy File Uploader - Arbitrary File Upload Exploit Title: Easy File Uploader - Arbitrary File Upload Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/1722228...
TYPO3 Extension News - SQL Injection
TYPO3 Extension News - SQL Injection Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3...
Simple File Uploader - Arbitrary File Download
Simple File Uploader - Arbitrary File Download Exploit Title: Simple File Uploader - Arbitrary File Download Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link:...
Microsoft Internet Explorer 11.576.14393.0 - CStyleSheetArray::BuildListOfMatchedRules Memory Corruption
Microsoft Internet Explorer 11.576.14393.0 - CStyleSheetArray::BuildListOfMatchedRules Memory Corruption details transition-duration: 61s; function go document.fgColor = "foo"; m.setAttribute"foo", "bar"; document.head.innerHTML = "a"; aaaaaaaaaaaaa !--...
Revive Ad Server 4.0.1 - Cross-Site Scripting Cross-Site Request Forgery
Revive Ad Server 4.0.1 - Cross-Site Scripting Cross-Site Request Forgery --------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website :...
Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE
Oracle PeopleSoft - PeopleSoftServiceListeningConnector XML External Entity via DOCTYPE Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory:...
FlySpray 1.0-rc4 - Cross-Site Scripting Cross-Site Request Forgery
FlySpray 1.0-rc4 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: XSRF Stored FlySpray 1.0-rc4 XSS2CSRF add admin account Date: 19/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT : https://www.openoffice.org Version: 1.0-rc4 Tested on: Windows 7 x64 SP1 / Kali Linux...
Dell Customer Connect 1.3.28.0 - Local Privilege Escalation
Dell Customer Connect 1.3.28.0 - Local Privilege Escalation Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation Date: 25.04.2017 Software Link: http://www.dell.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local...
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting Remote File Inclusion
HPE OpenCall Media Platform OCMP 4.3.2 - Cross-Site Scripting Remote File Inclusion Source: https://blogs.securiteam.com/index.php/archives/3087 SSD Advisory – HPE OpenCall Media Platform OCMP Multiple Vulnerabilities Want to get paid for a vulnerability similar to this one? Contact us at:...
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection Exploit Title: Wow Viral Signups v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-viral-signup/ Version: 2.1 Contact:...
WordPress Plugin KittyCatfish 2.2 - SQL Injection
WordPress Plugin KittyCatfish 2.2 - SQL Injection Exploit Title: KittyCatfish 2.2 Plugin for WordPress - SQL Injection Date: 20/03/2017 Exploit Author: TAD GROUP Vendor Homepage: https://wordpress.org/plugins-wp/kittycatfish/ Software Link: https://wordpress.org/plugins-wp/kittycatfish/ Version:...
WordPress Plugin Car Rental System 2.5 - SQL Injection
WordPress Plugin Car Rental System 2.5 - SQL Injection Exploit Title: Car Rental System v2.5 Date: 28/03/2017 Exploit Author: TAD GROUP Vendor Homepage: https://www.bestsoftinc.com/ Software Link: https://www.bestsoftinc.com/car-rental-system.html Version: 2.5 Contact: infoattad.group Website:...
Apple Safari - Array concat Memory Corruption
Apple Safari - Array concat Memory Corruption !-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1095 There is an out-of-bounds memcpy in Array.concat that can lead to memory corruption. In builtins/ArrayPrototype.js, the function concatSlowPath calls a native method...
WordPress Plugin Wow Forms 2.1 - SQL Injection
WordPress Plugin Wow Forms 2.1 - SQL Injection Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website:...
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1227 We have discovered a heap double-free vulnerability in the latest version of VirtualBox 5.1.18, with Guest Additions and more...
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Realtek Audio Driver 6.0.1.7898 Windows 10 - Dolby Audio X2 Service Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075 Windows: Dolby Audio X2 Service Elevation of Privilege Platform: Windows 10 + Realtek Audio Driver version 6.0.1.7898 on a Lenovo P50...
LightDM (Ubuntu 16.0416.10) - Guest Account Local Privilege Escalation
LightDM Ubuntu 16.0416.10 - Guest Account Local Privilege Escalation Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source...
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
OpenText Documentum Content Server - dmbptransition.ebs docbase Method Arbitrary Code Execution ''' CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server all versions Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8...
October CMS 1.0.412 - Multiple Vulnerabilities
October CMS 1.0.412 - Multiple Vulnerabilities October CMS v1.0.412 several vulnerabilities Information =========== Name: October CMS v1.0.412 build 412 Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be authenticated user...
Oracle E-Business Suite 12.2.3 - IESFOOTPRINT SQL Injection
Oracle E-Business Suite 12.2.3 - IESFOOTPRINT SQL Injection...
Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution
Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory...
PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH)
PrivateTunnel Client 2.8 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : Private Tunnel VPN Client 2.8 - Local Buffer Overflow SEH Date : 25/04/2017 Exploit Author : Muhann4d Vendor Homepage : https://www.privatetunnel.com Software Link :...
LogRhythm Network Monitor - Authentication Bypass Command Injection
LogRhythm Network Monitor - Authentication Bypass Command Injection Exploit Title: LogRhythm Network Monitor Auth Bypass Root RCE Public Disclosure Date: 24 Apr 2017 Author: Francesco Oddo Reference: http://security-assessment.com/files/documents/advisory/Logrhythm-NetMonitor-Advisory.pdf Softwar...
Joomla! Component Myportfolio 3.0.2 - pid SQL Injection
Joomla! Component Myportfolio 3.0.2 - pid SQL Injection Exploit Title: Joomla Component Myportfolio 3.0.2 - SQL Injection Exploit Author: Persian Hack Team Discovered by : Mojtaba Kazemi Mojtaba MobhaM Home :...
SquirrelMail 1.4.22 - Remote Code Execution
SquirrelMail 1.4.22 - Remote Code Execution !/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh...
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config
Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1141 This is another way to escalate from an unprivileged userspace process into the VirtualBox process, which has a...
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1079 Windows: Runtime Broker ClipboardBroker EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 Class: Elevation of Privilege Summary: The Runtime...
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10...
Apple WebKit Safari 10.0.2(12602.3.12.0.1) - operationSpreadGeneric Universal Cross-Site Scripting
Apple WebKit Safari 10.0.212602.3.12.0.1 - operationSpreadGeneric Universal Cross-Site Scripting 'use strict'; function spreada return ...a; let arr = Object.create1, 2, 3, 4; for let i = 0; i f.onload = null; try spreadf.contentWindow; catch e e.constructor.constructor'alertlocation'; ; f.src =...
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Oracle VM VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of...
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualB...
Oracle VM VirtualBox - virtio-net Guest-to-Host Out-of-Bounds Write
Oracle VM VirtualBox - virtio-net Guest-to-Host Out-of-Bounds Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1136 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to...
Apple WebKit Safari 10.0.2(12602.3.12.0.1) - PrototypeMap::createEmptyStructure Universal Cross-Site Scripting
Apple WebKit Safari 10.0.212602.3.12.0.1 - PrototypeMap::createEmptyStructure Universal Cross-Site Scripting jsCallee // newTarget may be an InternalFunction if we were called from Reflect.construct. JSFunction targetFunction = jsDynamicCastnewTarget; if LIKELYtargetFunction ... return...
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy
Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1086 There is a vulnerability in VirtualBox that permits an attacker with root privileges in a virtual machine with a NAT network...
Microsoft Windows 10 (Build 10586) - IEETWCollector Arbitrary DirectoryFile Deletion Privilege Escalation
Microsoft Windows 10 Build 10586 - IEETWCollector Arbitrary DirectoryFile Deletion Privilege Escalation / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1093 Windows: IEETWCollector Arbitrary Directory/File Deletion EoP Platform: Windows 10 10586 not tested on anything else...
Dmitry 1.3a - Local Buffer Overflow (PoC)
Dmitry 1.3a - Local Buffer Overflow PoC Exploit Title: DmitryDeepmagic Information Gathering Tool Local Stack Buffer Overflow CVE: CVE-2017-7938 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/ Versio...
Microsoft Word - .RTF Remote Code Execution
Microsoft Word - .RTF Remote Code Execution !/usr/bin/env python ''' Exploit toolkit CVE-2017-0199 - v4.0 https://github.com/bhdresh/CVE-2017-0199 Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41894.zip ''' import...
Tenable Appliance 4.5 - Root Remote Code Execution
Tenable Appliance 4.5 - Root Remote Code Execution !/bin/bash : ' According to http://static.tenable.com/proddocs/upgradeappliance.html they fixed two security vulnerabilities in the web interface in release 4.5 so I guess previous version are also vulnerable. Exploit Title: Unauthenticated remot...
pinfo 0.6.9 - Local Buffer Overflow (PoC)
pinfo 0.6.9 - Local Buffer Overflow PoC Title: pinfo v0.6.9 - Local Buffer Overflow Author: Nassim Asrir Researcher at: Henceforth Author contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: N/A Download $ apt-get install pinfo POC For any Question or discussion...