41207 matches found
DeviceViewer 3.12.0.1 - user SEH Overflow
DeviceViewer 3.12.0.1 - user SEH Overflow Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow PoC Discovery Date: 25/04/2019 Exploit Author: Hayden Wright Vendor Homepage: www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on:...
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now...
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Intelbras IWR 3000N - Denial of Service Remote Reboot /bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a denial ...
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...
Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution
Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...
Hyvikk Fleet Manager - Shell Upload
Hyvikk Fleet Manager - Shell Upload ======================================================================================== | Fleet Manager hyvikk Shell Upload Date: 29-04-2019 Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage:...
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the...
NSauditor 3.1.2.0 - Name Denial of Service (PoC)
NSauditor 3.1.2.0 - Name Denial of Service PoC Exploit Title: NSauditor 3.1.2.0 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0...
NSauditor 3.1.2.0 - Community Denial of Service (PoC)
NSauditor 3.1.2.0 - Community Denial of Service PoC Exploit Title: NSauditor 3.1.2.0 - 'Community' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version...
Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting
Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE...
AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)
AnMing MP3 CD Burner 2.0 - Denial of Service PoC Exploit Title: AnMing MP3 CD Burner 2.0 Local Dos Exploit Date: 25.04.2019 Vendor Homepage:http://www.ddz1977.com/ Software Link:...
Backup Key Recovery 2.2.4 - Denial of Service (PoC)
Backup Key Recovery 2.2.4 - Denial of Service PoC Exploit Title: Backup Key Recovery 2.2.4 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested...
osTicket 1.11 - Cross-Site Scripting Local File Inclusion
osTicket 1.11 - Cross-Site Scripting Local File Inclusion Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link:...
HeidiSQL 10.1.0.5464 - Denial of Service (PoC)
HeidiSQL 10.1.0.5464 - Denial of Service PoC Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: https://www.heidisql.com/ Software Link:...
Lavavo CD Ripper 4.20 - License Activation Name Buffer Overflow (SEH)
Lavavo CD Ripper 4.20 - License Activation Name Buffer Overflow SEH Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Test...
JioFi 4G M2S 1.0.2 - Denial of Service
JioFi 4G M2S 1.0.2 - Denial of Service Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting
JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
Google Chrome 72.0.3626.121 74.0.3725.0 - NewFixedDoubleArray Integer Overflow
Google Chrome 72.0.3626.121 74.0.3725.0 - NewFixedDoubleArray Integer Overflow VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure DCHECKLE0,...
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t...
Linux - page-_refcount Overflow via FUSE
Linux - page-refcount Overflow via FUSE Linux: page-refcount overflow via FUSE with 140GiB RAM usage Tested on: Debian Buster distro kernel "4.19.0-1-amd64 1 SMP Debian 4.19.12-1 2018-12-22" KVM guest with 160000MiB RAM A while back, there was some discussion about possible overflows of the...
Ross Video DashBoard 8.5.1 - Insecure Permissions
Ross Video DashBoard 8.5.1 - Insecure Permissions Ross Video DashBoard 8.5.1 Insecure Permissions Vendor: Ross Video Ltd. Product web page: https://www.rossvideo.com Affected version: 8.5.1 Summary: DashBoard is a free and open platform from Ross Video for facility control and monitoring that...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition / The Siemens R3964 line discipline code in drivers/tty/nr3964.c has a few races around its ioctl handler; for example, the handler for R3964ENABLESIGNALS just allocates and deletes elements in a linked list with zero locking...
WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery Local File Inclusion
WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery Local File Inclusion Exploit Title: Contact Form Builder CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-build...
ManageEngine Applications Manager 14.0 - Authentication Bypass Remote Command Execution (Metasploit)
ManageEngine Applications Manager 14.0 - Authentication Bypass Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager %q This modul...
Ease Audio Converter 5.30 - .mp4 Denial of Service (PoC)
Ease Audio Converter 5.30 - .mp4 Denial of Service PoC Exploit Title: Ease Audio Converter 5.30 Audio Cutter Dos Exploit Date: 19.04.19 Vendor Homepage:http://www.audiotool.net/download.htm Software Link: http://www.audiotool.net/download/audioconverter.exe Exploit Author: Achilles Tested Version...
LabF nfsAxe 3.7 Ping Client - Host IP Buffer Overflow (Direct Ret)
LabF nfsAxe 3.7 Ping Client - Host IP Buffer Overflow Direct Ret !/usr/bin/python Exploit Title: LabF nfsAxe 3.7 Ping Client - Buffer Overflow Vanilla Date: 20-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.labf.com/nfsaxe Version: 3.7 Software Link :...
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service PoC var arr1 = 0,1; function ObjCreatemake this.make = make; var obj1 = new ObjCreate; function main arr1.reducef3; Object.getOwnPropertyDescriptorsArray99.joinobj1.make; function f3 obj1"make...
QNAP myQNAPcloud Connect 1.3.4.0317 - UsernamePassword Denial of Service
QNAP myQNAPcloud Connect 1.3.4.0317 - UsernamePassword Denial of Service !/usr/bin/python Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS Date: 19/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.qnap.com Version: 1.3.4.0317 and below are...
Msvod 10 - Cross-Site Request Forgery (Change User Information)
Msvod 10 - Cross-Site Request Forgery Change User Information Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375...
UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting
UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
74CMS 5.0.1 - Cross-Site Request Forgery Add New Admin User Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE :...
Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection
Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...
Oracle Business Intelligence 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - Directory Traversal
Oracle Business Intelligence 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - Directory Traversal Exploit Title: Directory traversal in Oracle Business Intelligence Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...
Evernote 7.9 - Code Execution via Path Traversal
Evernote 7.9 - Code Execution via Path Traversal Exploit Title: Code execution via path traversal Date: 17-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://evernote.com/ Software Link: https://evernote.com/download Version: 7.9 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-10038...
ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution (Metasploit)
ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module...
Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)
Netwide Assembler NASM 2.14rc15 - NULL Pointer Dereference PoC Exploit Title: Netwide Assembler NASM 2.14rc15 NULL Pointer Dereference PoC Date: 2018-09-05 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://www.nasm.us/ Software Link: https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D...
MailCarrier 2.51 - POP3 RETR SEH Buffer Overflow
MailCarrier 2.51 - POP3 RETR SEH Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "RETR" commandPOP3 Date: 16/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact...
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in scFindExtrema4 A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library...
DHCP Server 2.5.2 - Denial of Service (PoC)
DHCP Server 2.5.2 - Denial of Service PoC Exploit Title: DHCP Server 2.5.2 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-16 Vendor Homepage: http://www.dhcpserver.de/cms/ Software Link: http://www.dhcpserver.de/cms/wp-content/plugins/download-attachments Tested...
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself ...
ASUS HG100 - Denial of Service
ASUS HG100 - Denial of Service Exploit Title:ASUS HG100 devices denial of serviceDOS via IPv4 packets/SlowHTTPDOS Date: 2019-04-14 Exploit Author: YinT Wang; Vendor Homepage: www.asus.com Version: Hardware version: HG100 、Firmware version: 1.05.12 Tested on: Currnet 1.05.12 CVE : CVE-2018-11492 1...
AdminExpress 1.2.5 - Folder Path Denial of Service (PoC)
AdminExpress 1.2.5 - Folder Path Denial of Service PoC -- coding: utf-8 -- !/usr/bin/python Exploit Title: AdminExpress 1.2.5 - Denial of Service PoC Date: 2019-04-12 Exploit Author: Mücahit İsmail Aktaş Software Link: https://admin-express.en.softonic.com/ Version: 1.2.5.485 Tested on: Windows X...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Securi...
Microsoft Windows 10 1809 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
Microsoft Windows 10 1809 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest...
PCHelpWare V2 1.0.0.5 - SC Denial of Service (PoC)
PCHelpWare V2 1.0.0.5 - SC Denial of Service PoC -- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'SC' Denial of Service PoC Date: 15/04/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi Versio...
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass Windows: LUAFV NtSetCachedSigningLevel Device Guard Bypass Platform: Windows 10 1809 not tested earlier. Note I’ve not tested this on Windows 10 SMode. Class: Security Feature Bypass Summary: The NtSetCachedSigningLevel...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess Privilege Escalation Windows: LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteri...