41207 matches found
WebKit - WebCore::InlineTextBox::paint Out-of-Bounds Read
WebKit - WebCore::InlineTextBox::paint Out-of-Bounds Read -webkit-logical-width: 1px; -webkit-perspective: 1px; function jsfuzzer var htmlvar00011 = document.getElementById"htmlvar00011"; var htmlvar00019 = document.getElementById"htmlvar00019"; var htmlvar00049 =...
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Exploit Title: Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection Exploit Title: Joomla! Component Article Factory Manager 4.3.9 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
yahoo.com
Pentest notes for: google.com Exploit Pack Nmap 7.70 scan initiated Mon Sep 24 23:08:15 2018 as: C:\Program Files x86\Nmap\nmap.exe -sV -A -oA log/google.com google.com Nmap scan report for google.com 172.217.19.206 Host is up 0.027s latency. rDNS record for 172.217.19.206:...
SoftX FTP Client 3.3 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service PoC Exploit Title: SoftX FTP Client 3.3 - Denial of Service PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-09-24 Tested Version: 3.3 Vulnerability Type: DOS Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: www.softx.org...
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
MyBB Visual Editor 1.8.18 - Cross-Site Scripting Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE:...
LG SuperSign EZ CMS 2.5 - Remote Code Execution
LG SuperSign EZ CMS 2.5 - Remote Code Execution Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution Date: 2018-09-18 Exploit Author: Alejandro Fanjul Vendor Homepage:https://www.lg.com Software Link: https://www.lg.com/ar/software-lg-supersign Version: SuperSignEZ 1.3 Tested on: LG Web...
Joomla! Component Micro Deal Factory 2.4.0 - id SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - id SQL Injection Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection Dork: N/A Date: 2018-09-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://thephpfactory.com/ Software Link:...
RICOH MP C6003 Printer - Cross-Site Scripting
RICOH MP C6003 Printer - Cross-Site Scripting Exploit Title: RICOH MP C6003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection
Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE :...
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
Beyond Remote 2.2.5.3 - Denial of Service PoC Exploit Title: Beyond Remote 2.2.5.3 - Denial of Service PoC Author: Erenay Gencay Discovey Date: 2018-09-24 Vendor notified : 2018-09-24 Software Link: https://beyond-remote-client-and-server.jaleco.com/ Tested Version: 2.2.5.3 Tested on OS: Windows ...
Termite 3.4 - Denial of Service (PoC)
Termite 3.4 - Denial of Service PoC Exploit Title: Termite 3.4 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-09-23 Vendor notified : 2018-09-24 Homepage: https://www.compuphase.com Software Link: https://www.compuphase.com/softwaretermite.htm Tested Version: 3.4 Tested on OS:...
Joomla! Component Auction Factory 4.5.5 - filter_order SQL Injection
Joomla! Component Auction Factory 4.5.5 - filterorder SQL Injection Exploit Title: Joomla! Component Auction Factory 4.5.5 - 'filterorder' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
udisks2 2.8.0 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service PoC Exploit: udisks2 2.8.0 - Denial of Service PoC Author: oxagast Date: 2018-09-22 Vendor Homepage: http://storaged.org/ Software Link: https://github.com/storaged-project/udisks Version: =udisks2 2.8.0 Tested on: Ubuntu x64 / / / \ / / / O / / \ \ /\//\//...
Navigate CMS 2.8 - Cross-Site Scripting
Navigate CMS 2.8 - Cross-Site Scripting Title: Navigate CMS 2.8 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-09-19 Vendor: https://www.navigatecms.com/en/home Software: Navigate CMS 2.8 CVE: CVE-2018-17255 Technical Details & Description: A Reflected Cross-Site Scripting web...
RICOH Aficio MP 301 Printer - Cross-Site Scripting
RICOH Aficio MP 301 Printer - Cross-Site Scripting Exploit Title: RICOH Aficio MP 301 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joomla! Component AMGallery 1.2.3 - filter_category_id SQL Injection
Joomla! Component AMGallery 1.2.3 - filtercategoryid SQL Injection Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-18 Vendor Homepage: http://arenam.ru/ Software Link:...
WebRTC - VP9 Processing Use-After-Free
WebRTC - VP9 Processing Use-After-Free There is a use-after-free in VP9 processing in WebRTC. In the method RtpFrameReferenceFinder::ManageFrameVp9 the following code occurs: auto gofinfoit = gofinfo.findcodecheader.temporalidx == 0 ? codecheader.tl0picidx - 1 : codecheader.tl0picidx; ... // snip...
WebRTC - FEC Out-of-Bounds Read
WebRTC - FEC Out-of-Bounds Read There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer. This bug causes the following ASAN crash: ==109993==ERROR: AddressSanitizer:...
Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection
Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Teste...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)
NICO-FTP 3.0.1.19 - Buffer Overflow SEH...
LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion Exploit Title: LG SuperSign EZ CMS 2.5 - Local File Inclusion Date: 2018-09-13 Exploit Author: Alejandro Fanjul Vendor Homepage: https://www.lg.com/ar/software-lg-supersign Version: SuperSign EZ CMS Tested on: Web OS 4.0 CVE : CVE-2018-16288 More inf...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found...
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug w...
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Date: 2018-09-09 Exploit Author: Fahimeh Rezaei Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters Software Link:...
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correct...
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against...
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion
Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion / Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength propertyIndex...
Microsoft Edge Chakra JIT - localeCompare Type Confusion
Microsoft Edge Chakra JIT - localeCompare Type Confusion / A call to the String.prototype.localeCompare method can be inlineed when it only takes one argument. There are two versions of String.prototype.localeCompare, one 1 is written in JavaScript and the other 2 is written in C++ which just cal...
NUUO NVRMini2 3.8 - cgi_system Buffer Overflow (Enable Telnet)
NUUO NVRMini2 3.8 - cgisystem Buffer Overflow Enable Telnet Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Date: 2018-09-01 Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software...
Oracle VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service PoC Exploit Title: Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service PoC Discovery by: Jose Eduardo Castro Discovery Date: 2018-09-14 Vendor Homepage: https://www.virtualbox.org/ Software Link:...
Joomla Component JCK Editor 6.4.4 - parent SQL Injection
Joomla Component JCK Editor 6.4.4 - parent SQL Injection Title: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Date: 2018-09-14 Exploit Author: Hamza Megahed Vendor Homepage:https://www.joomla.org/ Download: https://arkextensions.com/products/jck-editor Version: 6.4.4 Tested on: Ubunt...
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service PoC Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service PoC Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested...
CA Release Automation NiMi 6.5 - Remote Command Execution
CA Release Automation NiMi 6.5 - Remote Command Execution Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Date: 2016-06-23 Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link:...
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested...
Notebook Pro 2.0 - Denial Of Service (PoC)
Notebook Pro 2.0 - Denial Of Service PoC Exploit Title : Notebook Pro 2.0 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : http://Alipour.it Date: 2018-09-14 Vendor Homepage : http://www.stokedonit.com/apps/notebook-pro/ Software Link Download :...
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation 2 / 3y3t3m th!s - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team clone of https://www.exploit-db.com/exploits/45401 deb yaaaa win7 narrrr fails ch@ng3 p@yl0@d!!!!!!!!!!!!! / include include include include pragma...
CdBurnerXP 4.5.8.6795 - File Name Denial of Service (PoC)
CdBurnerXP 4.5.8.6795 - File Name Denial of Service PoC Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service PoC Discovery by: Alan Baeza Discovery Date: 2018-09-13 Vendor Homepage: https://cdburnerxp.se/ Software Link: https://cdburnerxp.se/downloadsetup.exe Tested Version:...
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a...
Wordpress Plugin Survey Poll 1.5.7.3 - sss_params SQL Injection
Wordpress Plugin Survey Poll 1.5.7.3 - sssparams SQL Injection Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Date: 2018-09-09 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link:...
InfraRecorder 0.53 - .txt Denial of Service (PoC)
InfraRecorder 0.53 - .txt Denial of Service PoC Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service PoC Date: 2018-09-14 Exploit Author: Gionathan "John" Reale Version: version 0.53 Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested...
Faleemi Plus 1.0.2 - Denial of Service (PoC)
Faleemi Plus 1.0.2 - Denial of Service PoC Exploit Title: Faleemi Plus 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-14 Software Link: http://support.faleemi.com/fsc776/FaleemiPlusv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: R...
Free MP3 CD Ripper 2.6 - .wma Local Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - .wma Local Buffer Overflow SEH...
Faleemi Desktop Software 1.8.2 - SavePath for ScreenShots Buffer Overflow (SEH)
Faleemi Desktop Software 1.8.2 - SavePath for ScreenShots Buffer Overflow SEH Exploit Title: Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe...
Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket
Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket ======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889...
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Author: ZwX Exploit Date: 2018-09-11 Vendor Homepage : http://www.clone2go.com/ Software Link: http://www.clone2go.com/down/video-to-ipod-setup.exe...
Apache Syncope 2.0.7 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory:...