Apple macOS 10.13.5 - Local Privilege Escalation

Apple macOS 10.13.5 - Local Privilege Escalation import import import import import import import "offsets.h" //utils define ENFORCEa, label \ do \ if builtinexpect!a, 0 \ \ timedlog"! %s is false l.%d\n", a, LINE; \ goto label; \ \ while 0 // from...

snapd 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (1)

snapd 2.37 Ubuntu - dirtysock Local Privilege Escalation 1 !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository...

LayerBB 1.1.2 - Cross-Site Scripting

LayerBB 1.1.2 - Cross-Site Scripting Exploit Title: LayerBB 1.1.2 - Cross-Site Scripting Date: 11/19/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=28 Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2019-7688 1...

runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (1)

runc 1.0-rc6 Docker 18.09.2 - Container Breakout 1 Usage Edit HOST inside payload.c, compile with make. Start nc and run pwn.sh inside the container. Notes - This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload. It'll also overwrite /bin/sh inside...

Android - binder Use-After-Free via fdget() Optimization

Android - binder Use-After-Free via fdget Optimization This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the wahoo...

Android - binder Use-After-Free of VMA via race Between reclaim and munmap

Android - binder Use-After-Free of VMA via race Between reclaim and munmap The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is ...

BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link:...

Jenkins 2.150.2 - Remote Command Execution (Metasploit)

Jenkins 2.150.2 - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins user...

OPNsense 19.1.1 - Cross-Site Scripting

OPNsense 19.1.1 - Cross-Site Scripting Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19...

Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow

Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow ''' ======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ========...

NordVPN 6.19.6 - Denial of Service (PoC)

NordVPN 6.19.6 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: NordVPN 6.19.6 - Denial of Service PoC Date: 07/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://nordvpn.com/ Software Link: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Version:...

Webiness Inventory 2.3 - email SQL Injection

Webiness Inventory 2.3 - email SQL Injection =========================================================================================== Exploit Title: Webiness Inventory 2.3 - 'email' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)

River Past Video Cleaner 7.6.3 - Local Buffer Overflow SEH Exploit Title: River Past Video Cleaner Buffer Overflow SEH Date: 9-2-2019 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Software Link: https://river-past-video-cleaner.softonic.com/ Version: 7.6.3 Tested on: Windows 10...

FutureDj Pro 1.7.2.0 - Denial of Service

FutureDj Pro 1.7.2.0 - Denial of Service Exploit Title: FutureDj Pro Local Dos Exploit Date: 07.02.2019 Vendor Homepage: https://www.xylio.com Software Link: https://www.xylio.com/future-dj-pro-a-new-level-of-mixing-perfection/ Exploit Author: Achilles Tested Version: 1.7.2.0 32bit Tested on:...

Indusoft Web Studio 8.1 SP2 - Remote Code Execution

Indusoft Web Studio 8.1 SP2 - Remote Code Execution Exploit Title: Indusoft Web Studio Unauthenticated RCE Date: 02/04/2019 Exploit Author: Jacob Baines Vendor Homepage: http://www.indusoft.com/ Software http://www.indusoft.com/Products-Downloads/Download-Library Version: 8.1 SP2 and below Tested...

MyBB Bans List 1.0 - Cross-Site Scripting

MyBB Bans List 1.0 - Cross-Site Scripting Exploit Title: MyBB Bans List - Cross Site Scripting Date: 7/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=423 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14724 1...

Avast Anti-Virus 19.1.2360 - Local Credentials Disclosure

Avast Anti-Virus 19.1.2360 - Local Credentials Disclosure Exploit Title: Avast Anti-Virus Local Credentials Disclosure 19.1.2360 Date: 01/18/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Version: before 19.1.2360 build 19.1.4142.0 Tested on: Windows 10 x64 CVE: CVE-2018-12572...

Smoothwall Express 3.1-SP4 - Cross-Site Scripting

Smoothwall Express 3.1-SP4 - Cross-Site Scripting Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link:...

IP-Tools 2.5 - Log to file Local Buffer Overflow (SEH) (Egghunter)

IP-Tools 2.5 - Log to file Local Buffer Overflow SEH Egghunter !/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: IP-Tools 2.5 - Local Buffer OverflowEggHunter Date: 2019-02-06 Author:...

VA MAX 8.3.4 - (Authenticated) Remote Code Execution

VA MAX 8.3.4 - Authenticated Remote Code Execution root@nippur:/home/c/src/nippur cat vamax3.py !/usr/bin/env python quick poc for postauth rce bug in va max 8.3.4 more: https://code610.blogspot.com 10.02.2019 p.s. listening on any 4444 ... 192.168.1.126: inverse host lookup failed: Unknown host...

IPFire 2.21 - Cross-Site Scripting

IPFire 2.21 - Cross-Site Scripting Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.is...

River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)

River Past Cam Do 3.7.6 - Local Buffer Overflow SEH Exploit Title: River Past CamDo SEH Local Exploit Date: 07.02.2019 Vendor Homepage:www.riverpast.com Software Link: https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1 Exploit Author: Achilles Tested Version: 3.7.6 Test...

CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting

CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting Exploit Title: CentOS Web Panel 0.9.8.763 - Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 10 - January - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com...

Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset

Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 -...

AirDroid 4.2.1.6 - Denial of Service

AirDroid 4.2.1.6 - Denial of Service !/bin/bash Author: Marcelo Vázquez aka s4vitar AirDroid Denial of Service DoS & System Crash + Forced Reboot Exploit Title: AirDroid Remote Denial of Service DoS & System Crash + Forced Reboot Date: 2019-02-13 Exploit Author: Marcelo Vázquez aka s4vitar...

River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)

River Past Audio Converter 7.7.16 - Buffer Overflow SEH Exploit Title: RiverPastAudioConverter - Buffer Overflow SEH Date: 06.02.2019 Vendor Homepage: www.riverpast.com Software Link: https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Matteo...

osCommerce 2.3.4.1 - currency SQL Injection

osCommerce 2.3.4.1 - currency SQL Injection Exploit Title: osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webap...

osCommerce 2.3.4.1 - products_id SQL Injection

osCommerce 2.3.4.1 - productsid SQL Injection Exploit Title: osCommerce 2.3.4.1 - 'productsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category:...

osCommerce 2.3.4.1 - reviews_id SQL Injection

osCommerce 2.3.4.1 - reviewsid SQL Injection Exploit Title: osCommerce 2.3.4.1 - 'reviewsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category:...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with...

devolo dLAN 550 duo+ Starter Kit - Remote Code Execution

devolo dLAN 550 duo+ Starter Kit - Remote Code Execution devolo dLAN 550 duo+ Starter Kit Remote Code Execution Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a...

OpenMRS Platform 2.24.0 - Insecure Object Deserialization

OpenMRS Platform 2.24.0 - Insecure Object Deserialization Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...

devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery

devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter...

River Past Audio Converter 7.7.16 - Denial of Service (PoC)

River Past Audio Converter 7.7.16 - Denial of Service PoC Exploit Title: RiverPastAudioConverterDoS Date: 05.02.2019 Vendor Homepage:www.riverpast.com Software Link :https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Achilles Tested Version:...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a mor...

Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)

Device Monitoring Studio 8.10.00.8925 - Denial of Service PoC Exploit Title: Device Monitoring Studio 8.10.00.8925 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-04 Tested Version: 8.10.00.8925 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.-...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery Add Admin BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support f...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support...

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit Version: Zyxel VMG3312-B10B Tested on : Parrot Os Author: Yusuf Furkan Twitter: h1yusuf CVE: CVE-2019-7391 model name: DSL-491HNU-B1B v2...

ResourceSpace 8.6 - watched_searches.php SQL Injection

ResourceSpace 8.6 - watchedsearches.php SQL Injection Exploit Title: ResourceSpace =8.6 'watchedsearches.php' SQL Injection Dork: intext:"Powered by ResourceSpace" Date: 2019-02-01 Exploit Author: dd [email protected] Vendor Homepage: https://www.resourcespace.com/ Software Link:...

River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)

River Past Ringtone Converter 2.7.6.1601 - Denial of Service PoC Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.riverpast.com/ Software Link : http://www.riverpast.com/ Tested...

MyVideoConverter Pro 3.14 - Denial of Service

MyVideoConverter Pro 3.14 - Denial of Service Exploit Title: MyVideoConverter Pro 3.14 Denial of Service Date: 03.02.2019 Vendor Homepage: http://www.ivideogo.com/ Software Link : http://www.ivideogo.com/ Exploit Author: Achilles Tested Version: 3.14 Tested on: Windows 7 x64 Vulnerability Type:...

pfSense 2.4.4-p1 - Cross-Site Scripting

pfSense 2.4.4-p1 - Cross-Site Scripting Exploit Title: pfSense 2.4.4-p1 | Cross-Site Scripting Date: 28.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.pfsense.org Software Link: https://frafiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso.gz Version: 2.4.4-...

TaskInfo 8.2.0.280 - Denial of Service (PoC)

TaskInfo 8.2.0.280 - Denial of Service PoC Exploit Title: TaskInfo v8.2.0.280 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.iarsn.com/ Software Link : http://www.iarsn.com/ Tested Version: v8.2.0.280 Tested on: Windows XP SP3...

SuiteCRM 7.10.7 - record SQL Injection

SuiteCRM 7.10.7 - record SQL Injection Exploit Title: SuiteCRM 7.10.7 - 'record' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp...

Nessus 8.2.1 - Cross-Site Scripting

Nessus 8.2.1 - Cross-Site Scripting Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting Date: 29.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.tenable.com Software Link: https://www.tenable.com/downloads/nessus Version: 8.2.1 Introduction Nessus is 1 For Vulnerability...

SuiteCRM 7.10.7 - parentTab SQL Injection

SuiteCRM 7.10.7 - parentTab SQL Injection Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on:...

SpotAuditor 3.6.7 - Base64 Encrypted Password Denial of Service (PoC)

SpotAuditor 3.6.7 - Base64 Encrypted Password Denial of Service PoC Exploit Title: SpotAuditor v3.6.7 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.nsauditor.com/order.html Software Link : http://www.nsauditor.com/order.html Tested...

PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit

PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit Exploit Title: PassFab Excel Password Recovery SEH Local Exploit Date: 31.01.19 Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html Software Link:...