WinMPG iPod Convert 3.0 - Register Denial of Service

WinMPG iPod Convert 3.0 - Register Denial of Service Exploit Title: WinMPG iPod Convert 3.0 - 'Register' Denial of Service Date: 2019-07-16 Vendor Homepage:http://www.winmpg.com Software Link: https://www.techspot.com/downloads/downloadnow/6192/?evp=d62142990e9320a4e811b283fdcc4060&file= Exploit...

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel...

Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME

Linux - Broken Permission and Object Lifetime Handling for PTRACETRACEME == Summary == This bug report describes two issues introduced by commit 64b875f7ac8a "ptrace: Capture the ptracer's creds not PTPTRACECAP", introduced in v4.10 but also stable-backported to older versions. I will send a...

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Exploit Title: MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Author: hyp3rlinx Discovery Date: 2019-07-17 Vendor Homepage: www.computerlab.com Software Link:...

DameWare Remote Support 12.0.0.509 - Host Buffer Overflow (SEH)

DameWare Remote Support 12.0.0.509 - Host Buffer Overflow SEH !/usr/bin/env python Author: Xavi Beltran Date: 11/07/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.0.0.509 CVE-2018-12897 Contact: [email protected] Webpage: https://xavibel.com Tested on: Windows ...

R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEPASLR Bypass)

R 3.4.4 Windows 10 x64 - Buffer Overflow SEH DEPASLR Bypass !/usr/bin/python Exploit Title: R 3.4.4 Windows 10 x64 - Buffer Overflow SEHDEP/ASLR Bypass Date: 2019-07-15 Exploit Author: blackleitus Vendor Homepage: https://www.r-project.org/ Tested on: Windows 10 Home Single Language 64-bit Social...

CentOS Control Web Panel 0.9.8.838 - User Enumeration

CentOS Control Web Panel 0.9.8.838 - User Enumeration Exploit Title: CWP CentOS Control Web Panel 0.9.8.848 User Enumeration via HTTP Response Message Date: 15 July 2019 Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage:...

CentOS Control Web Panel 0.9.8.836 - Authentication Bypass

CentOS Control Web Panel 0.9.8.836 - Authentication Bypass Exploit Title: CWP CentOS Control Web Panel ||//...

Microsoft Compiled HTML Help Uncompiled .chm File - XML External Entity Injection

Microsoft Compiled HTML Help Uncompiled .chm File - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + ISR:...

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation //====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

CISCO Small Business 200 300 500 Switches - Multiple Vulnerabilities

CISCO Small Business 200 300 500 Switches - Multiple Vulnerabilities Exploit Title: CISCO Small Business 200, 300, 500 Switches Multiple Vulnerabilities. Shodan query: /config/logoffpage.html Discovered Date: 07/03/2014 Reported Date: 08/04/2019 Exploit Author: Ramikan Website:...

Android 7 - 9 VideoPlayer - ihevcd_parse_pps Out-of-Bounds Write

Android 7 - 9 VideoPlayer - ihevcdparsepps Out-of-Bounds Write CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video with tiles enabled - pspps-i1tilesenabledflag you can...

Streamripper 2.6 - Song Pattern Buffer Overflow

Streamripper 2.6 - Song Pattern Buffer Overflow !/usr/bin/python Exploit Title: StreamRipper32 Buffer Overflow Date: 07/2019 Exploit Author: Andrey Stoykov OSCP Tested On: Win7 SP1 x64 Software Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Version: 2.6 Steps To Reproduce:...

FlightPath 4.8.2 5.0-rc2 - Local File Inclusion

FlightPath 4.8.2 5.0-rc2 - Local File Inclusion Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Date: 07-07-2019 Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Teste...

NETGEAR WiFi Router JWNR2010v5 R6080 - Authentication Bypass

NETGEAR WiFi Router JWNR2010v5 R6080 - Authentication Bypass Exploit Title: NETGEAR WiFi Router R6080 - Security Questions Answers Disclosure Date: 13/07/2019 Exploit Author: Wadeek Hardware Version: R6080-100PES Firmware Version: 1.0.0.34 / 1.0.0.40 Vendor Homepage:...

Microsoft Windows Remote Desktop - BlueKeep Denial of Service (Metasploit)

Microsoft Windows Remote Desktop - BlueKeep Denial of Service Metasploit Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected...

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs...

Sahi Pro 8.0.0 - Remote Command Execution

Sahi Pro 8.0.0 - Remote Command Execution Exploit Title: Sahi Pro V8.0.0 - Unauthenticated Remote Command Execution Date: 2019-07-12 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sahipro.com Software Link:...

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting

MyT Project Management 1.5.1 - Userusername Persistent Cross-Site Scripting Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link:...

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass Remote Command Execution

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass Remote Command Execution Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link:...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage:...

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact:...

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combi...

SNMPc Enterprise Edition 910 - Mapping Filename Buffer Overflow

SNMPc Enterprise Edition 910 - Mapping Filename Buffer Overflow !/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendo...

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...

Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index

Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...

Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table

Microsoft DirectWrite AFDKO - Multiple Bugs in OpenType Font Handling Related to the post Table -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access / For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

Microsoft DirectWrite AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

Microsoft DirectWrite AFDKO - Stack-Based Buffer Overflow in dosetweightvectorcube for Large nAxes -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar

Microsoft DirectWrite AFDKO - Use of Uninitialized Memory While Freeing Resources in varloadavar -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts

Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specif...

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Unbounded iFD

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Unbounded iFD -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling libra...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth ----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW

Microsoft DirectWrite AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Empty ROS Strings

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Empty ROS Strings -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Microsoft DirectWrite AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays

Microsoft DirectWrite AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Firefox 67.0.4 - Denial of Service

Firefox 67.0.4 - Denial of Service Loading please wait function MyFun var text = ; forvar i=0 ;i"+ ""+ ""+ ""+ ""+ ""+ "\x70...

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

WordPress Plugin Like Button 1.6.0 - Authentication Bypass Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1...

Karenderia Multiple Restaurant System 5.3 - SQL Injection

Karenderia Multiple Restaurant System 5.3 - SQL Injection =========================================================================================== Exploit Title: Karenderia CMS 5.3 - Multiple SQL Vuln. Dork: N/A Date: 05-07-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Apache mod_ssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow (2)

Apache modssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow 2 / OF version r00t VERY PRIV8 spabam Version: v3.0.4 Requirements: libssl-dev apt-get install libssl-dev Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena...

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

Microsoft Exchange 2003 - base64-MIME Remote Code Execution Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott...