41207 matches found
Flippa Clone - SQL Injection
Flippa Clone - SQL Injection Exploit Title: Flippa Clone - SQL Injection Google Dork: N/A Date: 23.03.2017 Vendor Homepage: http://www.snobscript.com/ Software: http://www.snobscript.com/downloads/flippa-clone/ Demo: http://flippaportal.scriptfirm.com/ Version: N/A Tested on: Win7 x64, Kali Linux...
wifirxpower - Local Buffer Overflow (PoC)
wifirxpower - Local Buffer Overflow PoC + Title: wifirxpower - Local Stack Based Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: ===============...
Disk Sorter Enterprise 9.5.12 - GET Remote Buffer Overflow (SEH)
Disk Sorter Enterprise 9.5.12 - GET Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'GET' Remote buffer overflow SEH Date: 2017-03-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com...
SpyCamLizard 1.230 - Denial of Service
SpyCamLizard 1.230 - Denial of Service import socket import sys author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: SpyCamLizard SC liz v1.230 Remote Buffer Overflow ZeroDay Date: 2017.03.22 Exploit Author: Greg Priest Version: SpyCamLizard...
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log...
Joomla! Component Modern Booking 1.0 - coupon SQL Injection
Joomla! Component Modern Booking 1.0 - coupon SQL Injection Exploit Title: Joomla Modern Booking - SQL Injection Author: Hamed Izadi IRAN Vendor Homepage : https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/modern-booking/ Vendor Homepage :...
Linux Kernel 3.11 4.8 0 - SO_SNDBUFFORCE SO_RCVBUFFORCE Local Privilege Escalation
Linux Kernel 3.11 4.8 0 - SOSNDBUFFORCE SORCVBUFFORCE Local Privilege Escalation // CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-97...
GLink Word Link Script 1.2.3 - SQL Injection
GLink Word Link Script 1.2.3 - SQL Injection Exploit Title: GLink Word Link Script v1.2.3 - SQL Injection Google Dork: N/A Date: 22.03.2017 Vendor Homepage: http://www.tufat.com/ Software: http://www.tufat.com/wp-content/uploads/sites/4/2015/zips/script131.zip Demo:...
DLGVx0e4Fg5EA6d
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Joomla! Component Extra Search 2.2.8 - establename SQL Injection
Joomla! Component Extra Search 2.2.8 - establename SQL Injection Exploit Title: Joomla! Component Extra Search v2.2.8 - SQL Injection Google Dork: N/A Date: 21.03.2017 Vendor Homepage: http://www.joomlaboat.com/ Software: http://www.joomlaboat.com/extra-search Demo: http://www.joomlaboat.com/...
VqgNA8RVTtdBLKP
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
2C0PhzMm3fQ2jqP
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
OPJGPp1tzxJUaQe
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
assasa
...
Joomla! Component JooCart 2.x - product_id SQL Injection
Joomla! Component JooCart 2.x - productid SQL Injection Exploit Title: Joomla! Component JooCart Joomla OpenCart Integration v2.x - SQL Injection Google Dork: N/A Date: 20.03.2017 Vendor Homepage: http://soft-php.com Software:...
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1031 Through fuzzing, we have discovered a number of different crashes in the Windows Uniscribe user-mode library, while trying to...
Microsoft Windows - Uniscribe Font Processing Buffer Overflow in USP10!FillAlternatesList (MS17-011)
Microsoft Windows - Uniscribe Font Processing Buffer Overflow in USP10!FillAlternatesList MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1030 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!FillAlternatesList function, while trying ...
Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in USP10!ScriptApplyLogicalWidth Triggered via EMF (MS17-013)
Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in USP10!ScriptApplyLogicalWidth Triggered via EMF MS17-013 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1053 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ScriptApplyLogicalWidth...
Mozilla Firefox - table Use-After-Free
Mozilla Firefox - table Use-After-Free body display: table function freememory try fuzzPriv.forceGC; catcherr alert'Please install domFuzzLite3'; function go var s = document.getSelection; window.find"1",true,false,true,false; s.modify"extend","forward","line";...
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds ReadWrite in USP10!AssignGlyphTypes (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds ReadWrite in USP10!AssignGlyphTypes MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1023 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!AssignGlyphTypes function, whil...
phplist 3.2.6 - SQL Injection
phplist 3.2.6 - SQL Injection 1. Introduction Affected Product: phplist 3.2.6 Fixed in: 3.3.1 Fixed Version Link: https://sourceforge.net/projects/phplist/files/phplist/3.3.1/phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability Type: SQL Injection Remote Exploitable:...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!MergeLigRecords (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!MergeLigRecords MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1026&desc=2 We have encountered a crash in the Windows Uniscribe user-mode library, in the memcpy function called by...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around USP10!BuildFSM (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around USP10!BuildFSM MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1029 We have encountered a number of crashes in the Windows Uniscribe user-mode library, while trying to display text using a...
Microsoft Color Management Module icm32.dll - icm32!Fill_ushort_ELUTs_from_lut16Tag Out-of-Bounds Read (MS17-013)
Microsoft Color Management Module icm32.dll - icm32!FillushortELUTsfromlut16Tag Out-of-Bounds Read MS17-013 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1052 We have encountered a crash in the Windows Color Management library icm32.dll, in the icm32!FillushortELUTsfromlut16Ta...
Microsoft Internet Explorer 11 - textarea.defaultValue Memory Disclosure (MS17-006)
Microsoft Internet Explorer 11 - textarea.defaultValue Memory Disclosure MS17-006 function run var textarea = document.getElementById"textarea"; var frame = document.createElement"iframe"; textarea.appendChildframe; frame.contentDocument.onreadystatechange = eventhandler; form.reset; function...
Microsoft GDI+ - gdiplus!GetRECTSForPlayback Out-of-Bounds Read (MS17-013)
Microsoft GDI+ - gdiplus!GetRECTSForPlayback Out-of-Bounds Read MS17-013 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1042 We have encountered a crash in the Windows GDI+ library, in the gdiplus!GetRECTSForPlayback function, while trying to display a malformed EMF+ image file...
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc nt!ExpFindAndRemoveTagBigPages MS17-017 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=993 We have encountered Windows kernel crashes in the internal nt!nt!HvpGetBinMemAlloc and...
Google Nest Cam 5.2.1 - Buffer Overflow Conditions Over Bluetooth LE
Google Nest Cam 5.2.1 - Buffer Overflow Conditions Over Bluetooth LE Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage:...
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in USP10!ttoGetTableData (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in USP10!ttoGetTableData MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1027 We have encountered a crash in the Windows Uniscribe user-mode library, in an unnamed function called by USP10!ttoGetTableDat...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!otlCacheManager::GlyphsSubstituted (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in USP10!otlCacheManager::GlyphsSubstituted MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1025 We have encountered a crash in the Windows Uniscribe user-mode library, in the memset function called by...
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1019 We have encountered a crash in the Windows Uniscribe user-mode library, in the usp10!otlChainRuleSetTable::rule...
Microsoft Color Management Module icm32.dll - icm32!LHCalc3toX_Di16_Do16_Lut8_G32 Out-of-Bounds Read (MS17-013)
Microsoft Color Management Module icm32.dll - icm32!LHCalc3toXDi16Do16Lut8G32 Out-of-Bounds Read MS17-013 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1054 We have encountered a crash in the Windows Color Management library icm32.dll, in the icm32!LHCalc3toXDi16Do16Lut8G32...
D-Link DGS-1510 - Multiple Vulnerabilities
D-Link DGS-1510 - Multiple Vulnerabilities ================ get-user-info.py ================ import re import os.path import urllib2 import base64 import gzip import zlib from StringIO import StringIO from io import BytesIO def makerequests: """Calls request functions sequentially.""" response =...
Microsoft Windows - USP10!otlList::insertAt Uniscribe Font Processing Heap Buffer Overflow (MS17-011)
Microsoft Windows - USP10!otlList::insertAt Uniscribe Font Processing Heap Buffer Overflow MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1022 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by...
Joomla! Component jCart for OpenCart 2.0 - product_id SQL Injection
Joomla! Component jCart for OpenCart 2.0 - productid SQL Injection Exploit Title: Joomla! Component jCart for OpenCart v2.0 - SQL Injection Google Dork: N/A Date: 20.03.2017 Vendor Homepage: http://soft-php.com Software:...
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in USP10!UpdateGlyphFlags (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in USP10!UpdateGlyphFlags MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1028 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!UpdateGlyphFlags function, while...
ExtraPuTTY 0.29-RC2 - Denial of Service
ExtraPuTTY 0.29-RC2 - Denial of Service + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================== www.extraputty.com Product:...
FTPShell Server 6.56 - ChangePassword Buffer Overflow
FTPShell Server 6.56 - ChangePassword Buffer Overflow print ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: FTPShell Server 6.56 ChangePassword DEP off BufferOverflow 0Day Date: 2017.03.19 Exploit Author: Greg Priest Version: FTPShell Server 6.56...
Secure Download Links - dc SQL Injection
Secure Download Links - dc SQL Injection Exploit Title: Secure Download Links - SQL Injection Google Dork: N/A Date: 19.03.2017 Vendor Homepage: http://sixthlife.net/ Software: http://sixthlife.net/product/secure-download-links/ Demo: http://www.satyamtechnologies.net/secdown/example.php Version:...
HttpServer 1.0 - Directory Traversal
HttpServer 1.0 - Directory Traversal Exploit Title: HttpServer 1.0 DolinaySoft Directory Traversal Date: 2017-03-19 Exploit Author: malwrforensics Software Link: http://www.softpedia.com/get/Internet/Servers/WEB-Servers/HttpServer.shtmldownload Version: 1.0 Tested on: Windows Exploiting this issu...
iFdate Social Dating Script 2.0 - SQL Injection
iFdate Social Dating Script 2.0 - SQL Injection Exploit Title: iFdate Social Dating Script v2.0 - SQL Injection Google Dork: N/A Date: 18.03.2017 Vendor Homepage: http://turnkeycentral.com/ Software: http://turnkeycentral.com/scripts/social-dating-script/ Demo:...
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation Title: ====== Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router. CVE Details: ============ CVE-2017-6896 Reference: ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896...
Omegle Clone - SQL Injection
Omegle Clone - SQL Injection Exploit Title: Omegle Clone - SQL Injection Google Dork: N/A Date: 18.03.2017 Vendor Homepage: http://turnkeycentral.com/ Software: http://www.turnkeycentral.com/scripts/omegle-clone/ Demo: http://demo.turnkeycentral.com/omegleclone/ Version: N/A Tested on: Win7 x64,...
SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)
SolarWinds LEM 6.3.1 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SolarWind LEM Default SSH Password Remote Code Execution", 'Description' = %q This module...
AXIS Communications - Cross-Site Scripting Content Injection
AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...
FTPShell Client 6.53 - Session name Local Buffer Overflow
FTPShell Client 6.53 - Session name Local Buffer Overflow print ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: FTPShell Client 6.53 Session name BufferOverflow Date: 2017.03.17 Exploit Author: Greg Priest Version: FTPShell Client 6.53 Tested on:...
Cisco IOS 12.2 12.4 15.0 15.6 - Security Association Negotiation Request Device Memory
Cisco IOS 12.2 12.4 15.0 15.6 - Security Association Negotiation Request Device Memory !/usr/bin/python -- coding: utf8 -- import socket from scapy.all import --------------------------- Requirements: $ sudo pip install scapy --------------------------- conf.verb = 0 RCVSIZE = 2548 TIMEOUT = 6...
Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution
Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By...
AXIS (Multiple Products) - Cross-Site Request Forgery
AXIS Multiple Products - Cross-Site Request Forgery 0RWELLL4BS security advisory olsa-CVE-2015-8255 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management...
Departmental Store Management System 1.2 - SQL Injection
Departmental Store Management System 1.2 - SQL Injection Exploit Title: Pasal - Departmental Store Management System v1.2 - SQL Injection Google Dork: N/A Date: 17.03.2017 Vendor Homepage: http://webstarslab.com Software : http://webstarslab.com/products/pasal-departmental-store-management-system...