41207 matches found
CherryTree 0.36.9 - Memory Corruption (PoC)
CherryTree 0.36.9 - Memory Corruption PoC !/usr/bin/python CherryTree 0.36.9 - Memory Corruption PoC by n30m1nd Date: 2016-10-27 PoC Author: n30m1nd Vendor Homepage: http://www.giuspen.com/cherrytree/ Software Link: http://www.giuspen.com/software/cherrytree0.36.9setup.exe Version: Affects all...
Baby FTP server 1.24 - Denial of Service (2)
Baby FTP server 1.24 - Denial of Service 2 !/usr/bin/python Baby FTP 1.24 - Denial of Service by n30m1nd Date: 2016-10-27 PoC Author: n30m1nd Vendor Homepage: http://www.pablosoftwaresolutions.com/ Software Link: http://www.pablosoftwaresolutions.com/download.php?id=1 Version: 1.24 Tested on: Win...
uSQLite 1.0.0 - Denial of Service
uSQLite 1.0.0 - Denial of Service !/usr/bin/python Exploit Title: Remote buffer overflow vulnerability in uSQLite 1.0.0 PoC Date: 27/10/1016 Exploit Author: Peter Baris Software Link: https://sourceforge.net/projects/usqlite/?source=directory Version: 1.0.0 Tested on: windows 7 and XP SP3 Longer...
HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation
HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HP-TOUCHSMART-CALENDAR-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: ==========...
Joomla! 3.4.4 3.6.4 - Account Creation Privilege Escalation
Joomla! 3.4.4 3.6.4 - Account Creation Privilege Escalation Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandle...
Boonex Dolphin 7.3.2 - Authentication Bypass
Boonex Dolphin 7.3.2 - Authentication Bypass Exploit Title : Boonex Dolphin all versoin array This will allow the attacker to bypass the authentication and can also enter in admin panel. Independent Pakistani Security Researcher...
Linux Kernel 2.6.22 3.9 - Dirty COW PTRACE_POKEDATA Race Condition (Write Access Method)
Linux Kernel 2.6.22 3.9 - Dirty COW PTRACEPOKEDATA Race Condition Write Access Method // $ echo pikachu|sudo tee pokeball;ls -l pokeball;gcc -pthread pokemon.c -o d;./d pokeball miltank;cat pokeball include //// pikachu include //// -rw-r--r-- 1 root root 8 Apr 4 12:34 pokeball include ////...
SmallFTPd 1.0.3 - mkd Denial of Service
SmallFTPd 1.0.3 - mkd Denial of Service from ftplib import FTP print ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: smallftpmkdcommandDoSExploit Date: 2016.10.26 Exploit Author: Greg Priest Version: smallftpd 1.0.3 Tested on: Windows XP, Windows ...
Komfy Switch with Camera DKZ-201SW - WiFi Password Disclosure
Komfy Switch with Camera DKZ-201SW - WiFi Password Disclosure !/usr/bin/python Exploit Title: Komfy Switch with Camera Wifi Password Disclosure via Bluetooth BLE Date: Oct 13, 2016 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage:...
Network Scanner 4.0.0 - Local Buffer Overflow (SEH)
Network Scanner 4.0.0 - Local Buffer Overflow SEH !/usr/bin/python -- coding: utf-8 -- Network Scanner Version 4.0.0.0 - SEH Overflow Exploit by n30m1nd Date: 2016-10-21 Exploit Author: n30m1nd Exploit Title: Network Scanner Version 4.0.0.0 SEH Based Exploit Vendor Homepage: http://www.mitec.cz/...
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery Exploit Title: Orange Inventel LiveBox CSRF Google Dork: N/A Date: 10-24-2016 Exploit Author: BlackMamba TEAM BM1 Vendor Homepage: N/A Version: Inventel - v5.08.3-sp Tested on: Windows 7 64bit CVE : N/A Category: Hardware 1. Descripti...
Industrial Secure Routers EDR-810 EDR-G902 EDR-G903 - Insecure Configuration Management
Industrial Secure Routers EDR-810 EDR-G902 EDR-G903 - Insecure Configuration Management Title: Industrial Secure Routers - Insecure Configuration Management Type: Local/Remote Author: Nassim Asrir Author Company: HenceForth Impact: Insecure Configuration Management Risk: 4/5 Release Date:...
Microsoft Windows (x86) - NDISTAPI Local Privilege Escalation (MS11-062)
Microsoft Windows x86 - NDISTAPI Local Privilege Escalation MS11-062...
EC-CUBE 2.12.6 - Server-Side Request Forgery
EC-CUBE 2.12.6 - Server-Side Request Forgery Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery Date: 22/10/16 Exploit Author: Wad Deek Vendor Homepage: http://en.ec-cube.net/ Software Link: http://en.ec-cube.net/download/ Version: 2.12.6en-p1 Tested on: Xampp on Windows7 Fuzzing tool:...
Zenbership 107 - Multiple Vulnerabilities
Zenbership 107 - Multiple Vulnerabilities 1. ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST...
Just Dial Clone Script - srch SQL Injection
Just Dial Clone Script - srch SQL Injection Exploit Title: SQL Injection in Just Dial Clone Script Date: 20 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Vendor: http://www.i-netsolution.com/...
Oracle VM VirtualBox 4.3.28 - .ovf Crash (PoC)
Oracle VM VirtualBox 4.3.28 - .ovf Crash PoC Exploit Title: Oracle VM VirtualBox 4.3.28 Crash Author: sultan albalawi Tested on:win7 open viryualbox --ctrl+i--choose file --double+double+double next ban= '\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x2d\x20\x20'...
FreePBX 13 - Remote Command Execution Privilege Escalation
FreePBX 13 - Remote Command Execution Privilege Escalation !/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions:...
TrendMicro InterScan Web Security Virtual Appliance - Shellshock Remote Command Injection
TrendMicro InterScan Web Security Virtual Appliance - Shellshock Remote Command Injection !/usr/bin/env python TrendMicro InterScan Web Security Virtul Appliance ================================================== InterScan Web Security is a software virtual appliance that dynamically protects...
Linux Kernel 2.6.22 3.9 (x86x64) - Dirty COW procselfmem Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 3.9 x86x64 - Dirty COW procselfmem Race Condition Privilege Escalation SUID Method / EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot...
RealPlayer 18.1.5.705 - .QCP Crash (PoC)
RealPlayer 18.1.5.705 - .QCP Crash PoC Tested on: Win7 / Win10 x64 Date: October 20th 2016 Vendor homepage: http://www.real.com Software link: http://realplayer-download.real.com/free/windows/installer/stubinst/stub/rt1/T10EUDRP/RealTimes-RealPlayer.exe File version both realplay.exe and...
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=871 Windows: NtLoadKeyEx Read Only Hive Arbitrary File Write EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7...
Microsoft Edge - Function.apply Information Leak (MS16-119)
Microsoft Edge - Function.apply Information Leak MS16-119 var t = new Array1,2,3; function f var h = ; var a = ...arguments foritem in a var n = new Numberaitem; if n 0 n = n + 0x100000000; h.pushn.toString16; alerth; var q = f; t.length = 20; var o =...
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation MS16-118 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=878 Windows: Edge/IE Isolated Private Namespace Insecure Boundary Descriptor EoP Platform: Windows 10...
SPIP 3.1.13.1.2 - File Enumeration Path Traversal
SPIP 3.1.13.1.2 - File Enumeration Path Traversal SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...
Microsoft Edge - Spread Operator Stack Overflow (MS16-119)
Microsoft Edge - Spread Operator Stack Overflow MS16-119 GetLength destArgs.Info.Count AssertMsgfalse, "The array length has changed since we allocated the destArgs buffer?"; Throw::FatalInternalError; for uint32 j = 0; j GetLength; j++ Var element; if !arr-DirectGetItemAtFullj, &element element ...
SPIP 3.1.2 - Cross-Site Request Forgery
SPIP 3.1.2 - Cross-Site Request Forgery SPIP 3.1.2 Exec Code Cross-Site Request Forgery CVE-2016-7980 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under...
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free...
Oracle BI Publisher 11.1.1.6.011.1.1.7.011.1.1.9.012.2.1.0.0 - XML External Entity Injection
Oracle BI Publisher 11.1.1.6.011.1.1.7.011.1.1.9.012.2.1.0.0 - XML External Entity Injection Exploit Title: Oracle BI Publisher formerly XML Publisher - XML External Entity Injection w/o authentication Date: 20\10\2016 Exploit Author: Jakub Palaczynski CVE : CVE-2016-3473 Vendor Homepage:...
Microsoft Windows - win32k.sys TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120)
Microsoft Windows - win32k.sys TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read MS16-120 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=864 We have encountered a number of Windows kernel crashes in the win32k!itrpGetCVTEntryFast function called by the handler...
Microsoft Edge - Array.join Infomation Leak (MS16-119)
Microsoft Edge - Array.join Infomation Leak MS16-119 var y = 0; var t = new Array1,2,3; t.length = 100; var o = ; Object.definePropertyo, '3', get: function alert'get!'; t0 = ; var j = ; forvar i = 0; i 100; i++ ti = a : i;...
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)
Microsoft Windows EdgeInternet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation MS16-118 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=879 Windows: Edge/IE Isolated Private Namespace Insecure DACL EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not...
Microsoft Edge - Array.map Heap Overflow (MS16-119)
Microsoft Edge - Array.map Heap Overflow MS16-119 var b = new Array1,2,3; var d = new Array1,2,3; class dummy constructor alert"in constructor"; return d; var handler = get: functiontarget, name ifname == "length" return 0x100; return Symbol.species : dummy; , has: functiontarget, name alert"has ...
Microsoft Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124)
Microsoft Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList MS16-124 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=873 We have encountered Windows kernel crashes in the memmove function called by nt!CmpCheckValueList while loading...
SAP NetWeaver KERNEL 7.0 7.5 - Denial of Service
SAP NetWeaver KERNEL 7.0 7.5 - Denial of Service ''' Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference...
SAP Adaptive Server Enterprise 16 - Denial of Service
SAP Adaptive Server Enterprise 16 - Denial of Service ''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory:...
Event Calendar PHP 1.5 - SQL Injection
Event Calendar PHP 1.5 - SQL Injection ===================================================== Event Calendar PHP 1.5 - SQL Injection ===================================================== Vendor Homepage: http://eventcalendarphp.com/ Date: 21 Oct 2016 Version : 1.5 Platform : WebApp - PHP Author:...
Microsoft Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123)
Microsoft Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor MS16-123 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=876 We have encountered a Windows kernel crash in the nt!RtlValidRelativeSecurityDescriptor function invoked...
MiCasaVerde VeraLite - Remote Code Execution
MiCasaVerde VeraLite - Remote Code Execution Exploit Title: MiCasa VeraLite Remote Code Execution Date: 10-20-2016 Software Link: http://getvera.com/controllers/veralite/ Exploit Author: Jacob Baines Contact: https://twitter.com/JuniorBaines CVE: CVE-2013-4863 & CVE-2016-6255 Platform: Hardware 1...
Oracle Netbeans IDE 8.1 - Directory Traversal
Oracle Netbeans IDE 8.1 - Directory Traversal + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: =============== www.oracle.com Product:...
Microsoft Windows - win32k.sys TTF Processing win32k!sbit_Embolden win32k!ttfdCloseFontContext Use-After-Free (MS16-120)
Microsoft Windows - win32k.sys TTF Processing win32k!sbitEmbolden win32k!ttfdCloseFontContext Use-After-Free MS16-120 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=868 We have encountered Windows kernel crashes in the win32k!sbitEmbolden and win32k!ttfdCloseFontContext functio...
Classifieds Rental Script - SQL Injection
Classifieds Rental Script - SQL Injection Exploit Title: SQL Injection in Classifieds Rental Script Date: 19 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Vendor: www.i-netsolution.com...
Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation
IntelR Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation Exploit Title: IntelR Management Engine Components - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 8.0.1.1399 Tested on: Windows 7 Professional The IntelR...
Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation
Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation Exploit Title: Lenovo RapidBoot HDD Accelerator - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.00.0802 Tested on: Windows 7 Professional The Lenovo RapidBoot...
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation Exploit Title: PDF Complete Corporate Edition - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Software Link: http://www.pdfcomplete.com/cms/Downloads.aspx Version: 4.1.12...
Intel(R) PROSetWireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation
IntelR PROSetWireless for BluetoothR + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation Exploit Title: IntelR PROSet/Wireless for BluetoothR + High Speed - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 15.1.0.0096 Tested on:...
Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation
Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation Exploit Title: Realtek High Definition Audio Driver - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 6.0.1.6730 Tested on: Windows 7 Professional The Realte...
Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation
Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation Exploit Title: Lenovo ThinkVantage Communications Utility - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 3.0.42.0 Tested on: Windows 7 Professional Th...
HikVision Security Systems - Activex Buffer Overflow
HikVision Security Systems - Activex Buffer Overflow !/usr/bin/env python The exploit is a part of EAST Framework - use only under the license agreement specified in LICENSE.txt in your EAST Framework distribution visit eastfw.com eastexploits.com for more info import sys import re import os impo...
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor:...