41207 matches found
WordPress Core 5.0 - Remote Code Execution
WordPress Core 5.0 - Remote Code Execution var wpnonce = ''; var ajaxnonce = ''; var wpattachedfile = ''; var imgurl = ''; var postajaxdata = ''; var postid = 0; var cmd = '?php phpinfo;/'; var cmdlen = cmd.length var payload = '\xff\xd8\xff\xed\x004Photoshop...
Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the...
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected agains...
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...
FTP Server 1.32 - Denial of Service
FTP Server 1.32 - Denial of Service !/usr/bin/env python coding: utf-8 Author: Marcelo Vázquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo Vázquez aka s4vitar Vendor: The Olive Tree...
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
Alcatel-Lucent Nokia GPON I-240W-Q - Buffer Overflow !/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm...
Usermin 1.750 - Remote Command Execution (Metasploit)
Usermin 1.750 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' = %q...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage:...
TransMac 12.3 - Denial of Service (PoC)
TransMac 12.3 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service PoC Date: 27/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.acutesystems.com/ Software Link: https://www.acutesystems.com/tmac/tmsetup.exe Version: 12.3 Tested...
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
Feng Office 3.7.0.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - SQL Injection Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage:...
WebKitGTK 2.23.90 WebKitGTK+ 2.22.6 - Denial of Service
WebKitGTK 2.23.90 WebKitGTK+ 2.22.6 - Denial of Service Exploit Title: Buffer overflow Date: 27-02-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375...
Joomla! Component J2Store 3.3.7 - SQL Injection
Joomla! Component J2Store 3.3.7 - SQL Injection Exploit Title: J2Store Plugin for Joomla! 3.3.6 - SQL Injection Date: 19/02/2019 Author: Andrei Conache Twitter: @andreiconache Contact: andrei.conacheatprotonmail.com Software Link: https://www.j2store.org Version: 3.x-3.3.6 Tested on: Linux CVE:...
PHP 7.2 - imagecolormatch() Out of Band Heap Write
PHP 7.2 - imagecolormatch Out of Band Heap Write &c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rg...
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...
zzzphp CMS 1.6.1 - Remote Code Execution
zzzphp CMS 1.6.1 - Remote Code Execution Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version:...
News Website Script 2.0.5 - SQL Injection
News Website Script 2.0.5 - SQL Injection Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)
Xlight FTP Server 3.9.1 - Buffer Overflow PoC Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Google Dork: N/A Date: 2019-02-24 Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1...
Advance Gift Shop Pro Script 2.0.3 - SQL Injection
Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 21, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting SQL Injection
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting SQL Injection Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/...
Drupal 8.6.9 - REST Module Remote Code Execution
Drupal 8.6.9 - REST Module Remote Code Execution !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...
Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution
Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short...
Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution
Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding...
Teracue ENC-400 - Command Injection Missing Authentication
Teracue ENC-400 - Command Injection Missing Authentication Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they...
WinRAR 5.61 - Path Traversal
WinRAR 5.61 - Path Traversal !/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below targetfilename =...
Micro Focus Filr 3.4.0.217 - Path Traversal Local Privilege Escalation
Micro Focus Filr 3.4.0.217 - Path Traversal Local Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter / https://github.com/WebKit/webkit/blob/3fff8c40c665a09de5e3ede46fc35908f69353c3/Source/JavaScriptCore/runtime/Lookup.hL392 if value.attributes & PropertyAttribute::PropertyCallback...
RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow (SEH)
RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow SEH Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...
Memu Play 6.0.7 - Privilege Escalation
Memu Play 6.0.7 - Privilege Escalation Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7...
ScreenStream 3.0.15 - Denial of Service
ScreenStream 3.0.15 - Denial of Service !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ScreenStream 3.0.15 Remote Denial of Service DoS Exploit Title: ScreenStream 3.0.15 Remote Denial of Service DoS Date: 2019-02-21 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage:...
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection
C4G Basic Laboratory Information System BLIS 3.4 - SQL Injection Exploit Title: C4G Basic Laboratory Information System BLIS 3.4 - Multiples SQL Injection Date: 01/31/2019 Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php Version: C4G Basic Laboratory...
Virtual VCR Max .0a - .vcr Buffer Overflow (PoC)
Virtual VCR Max .0a - .vcr Buffer Overflow PoC !/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max...
AirDrop 2.0 - Denial of Service (DoS)
AirDrop 2.0 - Denial of Service DoS include include include include include include include include include include include // // Author: Marcelo Vázquez aka s4vitar // AirDrop 2.0 Remote Denial of Service DoS // // Exploit Title: AirDrop 2.0 Remote Denial of Service DoS // Date: 2019-02-21 //...
Valentina Studio 9.0.5 Linux - Host Buffer Overflow (PoC)
Valentina Studio 9.0.5 Linux - Host Buffer Overflow PoC -- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link:...
EI-Tube 3 - SQL Injection
EI-Tube 3 - SQL Injection Exploit Title: PHP EI-Tube Script - Sql Injection Date: 2019-02-21 Exploit Author: Meisam Monsef - [email protected] Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks : Alireza...
MikroTik RouterOS 6.43.12 (stable) 6.42.12 (long-term) - Firewall and NAT Bypass
MikroTik RouterOS 6.43.12 stable 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can ...
FTPShell Server 6.83 - Account name to ban Denial of Service (PoC)
FTPShell Server 6.83 - Account name to ban Denial of Service PoC Exploit Title: FTPShell Server 6.83 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-20 Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/downloadserver.htm Teste...
FaceTime - Texture Processing Memory Corruption
FaceTime - Texture Processing Memory Corruption There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. thread 7, stop reason = EXCBADACCESS code=EXCI386GPFLT frame 0: 0x00007fff56baaa92...
Android Kernel 4.8 - ptrace seccomp Filter Bypass
Android Kernel 4.8 - ptrace seccomp Filter Bypass / The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not...
HotelDruid 2.3 - Cross-Site Scripting
HotelDruid 2.3 - Cross-Site Scripting =========================================================================================== Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection CVE: CVE-2019-8937 Date: 18-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate...
WinRAR 5.61 - .lng Denial of Service
WinRAR 5.61 - .lng Denial of Service Exploit Title: WinRAR 5.61 - Denial of Service Author: Kağan Çapar Discovery Date: 2019-02-20 Software Link: https://win-rar.com/predownload.html?spV=true&subD=true&f=wrar561tr.exe Vendor Homepage : https://www.win-rar.com Tested Version: 5.61 32 Bit Tested on...
Zuz Music 2.1 - zuzconsole___contact Persistent Cross-Site Scripting
Zuz Music 2.1 - zuzconsolecontact Persistent Cross-Site Scripting Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...
Find a Place CMS Directory 1.5 - assetsexternaldata_2.php cate SQL Injection
Find a Place CMS Directory 1.5 - assetsexternaldata2.php cate SQL Injection Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa....
Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution (PoC)
Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution PoC In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...
Valentina Studio 9.0.4 - Host Denial of Service (PoC)
Valentina Studio 9.0.4 - Host Denial of Service PoC Exploit Title: Valentina Studio 9.0.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: https://valentina-db.com/en/ Software Link:...
Ask Expert Script 3.0.5 - Cross Site Scripting SQL Injection
Ask Expert Script 3.0.5 - Cross Site Scripting SQL Injection Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 19, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software...
NetSetMan 4.7.1 - Workgroup Denial of Service (PoC)
NetSetMan 4.7.1 - Workgroup Denial of Service PoC Exploit Title: NetSetMan 4.7.1 'Workgroup' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-17 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1...
Listing Hub CMS 1.0 - pages.php id SQL Injection
Listing Hub CMS 1.0 - pages.php id SQL Injection Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...