41207 matches found
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try...
WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free
WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free htmlvar00002, htmlvar00006 column-span: all; :root 1px; position: fixed; -webkit-column-width: 1px; .class2 text-indent: -webkit-shape-margin: 0px; -webkit-writing-mode: vertical-rl; '.' defselement, .class8 display:...
Super Cms Blog Pro 1.0 - SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
yahoo.com
Pentest notes for: google.com Exploit Pack Nmap 7.70 scan initiated Mon Sep 24 23:08:15 2018 as: C:\Program Files x86\Nmap\nmap.exe -sV -A -oA log/google.com google.com Nmap scan report for google.com 172.217.19.206 Host is up 0.027s latency. rDNS record for 172.217.19.206:...
Navigate CMS 2.8 - Cross-Site Scripting
Navigate CMS 2.8 - Cross-Site Scripting Title: Navigate CMS 2.8 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-09-19 Vendor: https://www.navigatecms.com/en/home Software: Navigate CMS 2.8 CVE: CVE-2018-17255 Technical Details & Description: A Reflected Cross-Site Scripting web...
LG SuperSign EZ CMS 2.5 - Remote Code Execution
LG SuperSign EZ CMS 2.5 - Remote Code Execution Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution Date: 2018-09-18 Exploit Author: Alejandro Fanjul Vendor Homepage:https://www.lg.com Software Link: https://www.lg.com/ar/software-lg-supersign Version: SuperSignEZ 1.3 Tested on: LG Web...
udisks2 2.8.0 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service PoC Exploit: udisks2 2.8.0 - Denial of Service PoC Author: oxagast Date: 2018-09-22 Vendor Homepage: http://storaged.org/ Software Link: https://github.com/storaged-project/udisks Version: =udisks2 2.8.0 Tested on: Ubuntu x64 / / / \ / / / O / / \ \ /\//\//...
Joomla! Component AMGallery 1.2.3 - filter_category_id SQL Injection
Joomla! Component AMGallery 1.2.3 - filtercategoryid SQL Injection Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-18 Vendor Homepage: http://arenam.ru/ Software Link:...
Joomla! Component Auction Factory 4.5.5 - filter_order SQL Injection
Joomla! Component Auction Factory 4.5.5 - filterorder SQL Injection Exploit Title: Joomla! Component Auction Factory 4.5.5 - 'filterorder' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
Beyond Remote 2.2.5.3 - Denial of Service PoC Exploit Title: Beyond Remote 2.2.5.3 - Denial of Service PoC Author: Erenay Gencay Discovey Date: 2018-09-24 Vendor notified : 2018-09-24 Software Link: https://beyond-remote-client-and-server.jaleco.com/ Tested Version: 2.2.5.3 Tested on OS: Windows ...
RICOH MP C6003 Printer - Cross-Site Scripting
RICOH MP C6003 Printer - Cross-Site Scripting Exploit Title: RICOH MP C6003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
RICOH Aficio MP 301 Printer - Cross-Site Scripting
RICOH Aficio MP 301 Printer - Cross-Site Scripting Exploit Title: RICOH Aficio MP 301 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joomla! Component Micro Deal Factory 2.4.0 - id SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - id SQL Injection Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection Dork: N/A Date: 2018-09-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://thephpfactory.com/ Software Link:...
Termite 3.4 - Denial of Service (PoC)
Termite 3.4 - Denial of Service PoC Exploit Title: Termite 3.4 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-09-23 Vendor notified : 2018-09-24 Homepage: https://www.compuphase.com Software Link: https://www.compuphase.com/softwaretermite.htm Tested Version: 3.4 Tested on OS:...
SoftX FTP Client 3.3 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service PoC Exploit Title: SoftX FTP Client 3.3 - Denial of Service PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-09-24 Tested Version: 3.3 Vulnerability Type: DOS Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: www.softx.org...
Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection
Joomla! Component CW Article Attachments 1.0.6 - id SQL Injection Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE :...
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
MyBB Visual Editor 1.8.18 - Cross-Site Scripting Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE:...
WebRTC - FEC Out-of-Bounds Read
WebRTC - FEC Out-of-Bounds Read There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer. This bug causes the following ASAN crash: ==109993==ERROR: AddressSanitizer:...
WebRTC - VP9 Processing Use-After-Free
WebRTC - VP9 Processing Use-After-Free There is a use-after-free in VP9 processing in WebRTC. In the method RtpFrameReferenceFinder::ManageFrameVp9 the following code occurs: auto gofinfoit = gofinfo.findcodecheader.temporalidx == 0 ? codecheader.tl0picidx - 1 : codecheader.tl0picidx; ... // snip...
Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection
Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Teste...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)
NICO-FTP 3.0.1.19 - Buffer Overflow SEH...
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug w...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found...
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against...
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correct...
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Date: 2018-09-09 Exploit Author: Fahimeh Rezaei Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters Software Link:...
LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion Exploit Title: LG SuperSign EZ CMS 2.5 - Local File Inclusion Date: 2018-09-13 Exploit Author: Alejandro Fanjul Vendor Homepage: https://www.lg.com/ar/software-lg-supersign Version: SuperSign EZ CMS Tested on: Web OS 4.0 CVE : CVE-2018-16288 More inf...
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Date: 2018-09-01 Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software...
Microsoft Edge Chakra JIT - localeCompare Type Confusion
Microsoft Edge Chakra JIT - localeCompare Type Confusion / A call to the String.prototype.localeCompare method can be inlineed when it only takes one argument. There are two versions of String.prototype.localeCompare, one 1 is written in JavaScript and the other 2 is written in C++ which just cal...
NUUO NVRMini2 3.8 - cgi_system Buffer Overflow (Enable Telnet)
NUUO NVRMini2 3.8 - cgisystem Buffer Overflow Enable Telnet Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2...
Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion
Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion / Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength propertyIndex...
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested...
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service PoC Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service PoC Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested...
Notebook Pro 2.0 - Denial Of Service (PoC)
Notebook Pro 2.0 - Denial Of Service PoC Exploit Title : Notebook Pro 2.0 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : http://Alipour.it Date: 2018-09-14 Vendor Homepage : http://www.stokedonit.com/apps/notebook-pro/ Software Link Download :...
Oracle VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319 - Name Attribute Denial of Service PoC Exploit Title: Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service PoC Discovery by: Jose Eduardo Castro Discovery Date: 2018-09-14 Vendor Homepage: https://www.virtualbox.org/ Software Link:...
CA Release Automation NiMi 6.5 - Remote Command Execution
CA Release Automation NiMi 6.5 - Remote Command Execution Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Date: 2016-06-23 Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link:...
Joomla Component JCK Editor 6.4.4 - parent SQL Injection
Joomla Component JCK Editor 6.4.4 - parent SQL Injection Title: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Date: 2018-09-14 Exploit Author: Hamza Megahed Vendor Homepage:https://www.joomla.org/ Download: https://arkextensions.com/products/jck-editor Version: 6.4.4 Tested on: Ubunt...
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation 2 / 3y3t3m th!s - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team clone of https://www.exploit-db.com/exploits/45401 deb yaaaa win7 narrrr fails ch@ng3 p@yl0@d!!!!!!!!!!!!! / include include include include pragma...
Faleemi Plus 1.0.2 - Denial of Service (PoC)
Faleemi Plus 1.0.2 - Denial of Service PoC Exploit Title: Faleemi Plus 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-14 Software Link: http://support.faleemi.com/fsc776/FaleemiPlusv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: R...
Wordpress Plugin Survey Poll 1.5.7.3 - sss_params SQL Injection
Wordpress Plugin Survey Poll 1.5.7.3 - sssparams SQL Injection Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Date: 2018-09-09 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link:...
InfraRecorder 0.53 - .txt Denial of Service (PoC)
InfraRecorder 0.53 - .txt Denial of Service PoC Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service PoC Date: 2018-09-14 Exploit Author: Gionathan "John" Reale Version: version 0.53 Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested...
Free MP3 CD Ripper 2.6 - .wma Local Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - .wma Local Buffer Overflow SEH...
CdBurnerXP 4.5.8.6795 - File Name Denial of Service (PoC)
CdBurnerXP 4.5.8.6795 - File Name Denial of Service PoC Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service PoC Discovery by: Alan Baeza Discovery Date: 2018-09-13 Vendor Homepage: https://cdburnerxp.se/ Software Link: https://cdburnerxp.se/downloadsetup.exe Tested Version:...
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a...
Apache Portals Pluto 3.0.0 - Remote Code Execution
Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested...
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception;...
Free MP3 CD Ripper 2.6 - .mp3 Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - .mp3 Buffer Overflow SEH...
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Author: ZwX Exploit Date: 2018-09-11 Vendor Homepage : http://www.clone2go.com/ Software Link: http://www.clone2go.com/down/video-to-ipod-setup.exe...