41207 matches found
Navicat 12.0.27 - Oracle Connection Overflow
Navicat 12.0.27 - Oracle Connection Overflow !/usr/bin/python Title: Navicat Create new Oracle Connection paste contents of "navicatPOC.txt" into host field and test connection to trigger overflow. filename="navicatPOC.txt" junk = "A" 1502 nseh = "\x4C\x4C\x77\x04" seh= "\x75\x2a\x01\x10" nseh =...
WordPress Plugin Form Maker 1.12.20 - CSV Injection
WordPress Plugin Form Maker 1.12.20 - CSV Injection Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version:...
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code (Metasploit)
Drupal 7.58 - Drupalgeddon3 Authenticated Remote Code Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote cod...
Linux Kernel 4.17-rc1 - AF_LLC Double Free
Linux Kernel 4.17-rc1 - AFLLC Double Free define GNUSOURCE include include include include include include include include include include include include include include include include include include include struct sockaddrllc short sllcfamily; short sllcarphrd; unsigned char sllctest; unsigne...
Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
Apple macOS 10.13.2 - Double machportdeallocate in kextd due to Failure to Comply with MIG Ownership Rules Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if...
Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules
Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would...
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root
Nagios XI 5.2.6 5.2.9 5.3 5.4 - Chained Remote Root Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
Frog CMS 0.9.5 - Persistent Cross-Site Scripting
Frog CMS 0.9.5 - Persistent Cross-Site Scripting Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings Date: 2018-04-23 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/philippe/FrogCMS Software Link:...
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion Exploit Title: WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion Date: 2018-04-25 Exploit Author: Wadeek Software Link: https://downloads.wordpress.org/plugin/wp-with-spritz.zip Software Version: 1.0 Google Dork: intitle:"Sprit...
Jfrog Artifactory 4.16 - Arbitrary File Upload Remote Command Execution
Jfrog Artifactory 4.16 - Arbitrary File Upload Remote Command Execution Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept:...
SickRage v2018.03.09 - Clear-Text Credentials HTTP Response
SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Date: 2018-04-01 Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version:...
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link:...
GitList 0.6 - Remote Code Execution
GitList 0.6 - Remote Code Execution ''' Exploit Title: GitList 0.6 Unauthenticated RCE Date: 25-04-2018 Software Link: https://github.com/klaussilveira/gitlist Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3...
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow SEH Exploit Title: Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow SEH Date: 25.04.2018 Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokavi2dvd.exe Category:Local...
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1...
Chrome V8 JIT - AwaitedPromise Update Bug
Chrome V8 JIT - AwaitedPromise Update Bug / Here's a snippet of AsyncGeneratorReturn. https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650 Node const context = ParameterDescriptor::kContext; Node const outerpromise...
HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting Exploit Title: HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross Site Scripting Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10259 Vendor Homepage: https://codecanyon.net/ Software Link:...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion Exploit Title: HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10260 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/216656...
Shopy Point of Sale 1.0 - CSV Injection
Shopy Point of Sale 1.0 - CSV Injection Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Ka...
Blog Master Pro 1.0 - CSV Injection
Blog Master Pro 1.0 - CSV Injection Exploit Title: Blog Master Pro v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10255 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/blog-master-pro/21689781 Version: 1.0 Tested on: Kali Linux 2.0 ...
HRSALE The Ultimate HRM 1.0.2 - award_id SQL Injection
HRSALE The Ultimate HRM 1.0.2 - awardid SQL Injection Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link:...
HRSALE The Ultimate HRM 1.0.2 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - CSV Injection Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0...
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code Execution (PoC)
Drupal 7.58 - Drupalgeddon3 Authenticated Remote Code Execution PoC This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in...
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow SEH Exploit Title: Buffer OverflowSEH on Allok Video to DVD Burner2.6.1217 Date: 23.04.2018 Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokdvdburner.exe Category:Local...
Microsoft Windows - Local Privilege Escalation
Microsoft Windows - Local Privilege Escalation include "stdafx.h" define PML4BASE 0xFFFFF6FB7DBED000 define PDPBASE 0xFFFFF6FB7DA00000 define PDBASE 0xFFFFF6FB40000000 define PTBASE 0xFFFFF68000000000 typedef LARGEINTEGER PHYSICALADDRESS, PPHYSICALADDRESS; pragma packpush,4 typedef struct...
Adobe Flash - Overflow when Playing Sound
Adobe Flash - Overflow when Playing Sound The attached fuzzed swf file causes heap overflow when playing a sound. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...
Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass
Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass ''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery Date: 2018-04-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE:...
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion...
Adobe Flash - Overflow in Slab Rendering
Adobe Flash - Overflow in Slab Rendering The attached fuzzed swf file causes heap or stack corruption depending on platform when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...
Open-AudIT 2.1 - CSV Macro Injection
Open-AudIT 2.1 - CSV Macro Injection Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link:...
UK Cookie Consent - Persistent Cross-Site Scripting
UK Cookie Consent - Persistent Cross-Site Scripting Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting Date: 2018-04-22 Exploit Author: B0UG Vendor Homepage: https://catapultthemes.com/ Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/description Version...
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
Microsoft Internet Explorer 11.371.16299.0 Windows 10 - Denial Of Service ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-Win-10-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =======...
Chrome V8 JIT - NodeProperties::InferReceiverMaps Type Confusion
Chrome V8 JIT - NodeProperties::InferReceiverMaps Type Confusion / https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect...
RGui 3.4.4 - Local Buffer Overflow
RGui 3.4.4 - Local Buffer Overflow !/usr/bin/python Exploit Author: bzyo CVE: CVE-2018-9060 Twitter: @bzyo Exploit Title: R 3.4.4 - Local Buffer Overflow Date: 03-27-2018 Vulnerable Software: R 3.4.4 Vendor Homepage: https://www.r-project.org/ Version: 3.4.4 Software Link:...
WSO2 Carbon WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
WSO2 Carbon WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable...
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Monstra CMS 3.0.4 - Arbitrary Folder Deletion Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra...
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure -- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoks...
Adobe Flash - Info Leak in Image Inflation
Adobe Flash - Info Leak in Image Inflation The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png. Proof...
Kaspersky KSN for Linux 5.2 - Memory Corruption
Kaspersky KSN for Linux 5.2 - Memory Corruption ''' Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux CVE: NotYet Exploit description: Kaspersky KSN v5.2 is prone to a remote memory corruption because it fails to properly filter the input on the remote subscribers...
VLC Media PlayerKodiPopcornTime Red Chimera 2.2.5 - Memory Corruption (PoC)
VLC Media PlayerKodiPopcornTime Red Chimera 2.2.5 - Memory Corruption PoC """ VLC Media Player/Kodi/PopcornTime 'Red Chimera' 2.2.5 Memory Corruption PoC Author: SivertPL [email protected] CVE: CVE-2017-8311 Infamous VLC/Kodi/PopcornTime subtitle attack in libsubtitleplugin.dll. This is the...
Adobe Flash - Out-of-Bounds Write in blur Filtering
Adobe Flash - Out-of-Bounds Write in blur Filtering The attached swf file causes and out-of-bounds write in blur filtering. This PoC crashes reliably in Firefox for Linux. Proof of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44529.zip...
Easy File Sharing Web Server 7.2 - UserID Remote Buffer Overflow (DEP Bypass)
Easy File Sharing Web Server 7.2 - UserID Remote Buffer Overflow DEP Bypass !/usr/bin/env python --------------------------------------------------------------------------------------------------- Exploit Title : Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow DEP Bypass Date :...
gif2apng 1.9 - .gif Stack Buffer Overflow
gif2apng 1.9 - .gif Stack Buffer Overflow Exploit Title: gif2apng 1.9 '.gif' Stack-Buffer Overflow Date: 20 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: http://gif2apng.sourceforge.net/ Version: 1.9 Tested on: Ubuntu 16.04 CVE : gif2apng is vulnerable to a stack based buffer overflow whe...
PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)
PRTG Network Monitor 18.1.39.1648 - Stack Overflow Denial of Service Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version:...
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor:...
Apache CouchDB 1.7.0 2.x 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 2.x 2.1.1 - Remote Privilege Escalation !/usr/bin/env python ''' @author: r4wd3r @license: MIT License @contact: [email protected] ''' import argparse import re import sys import requests parser = argparse.ArgumentParser description='Exploits the Apache CouchDB JSON Remote...
phpMyAdmin 4.8.0 4.8.0-1 - Cross-Site Request Forgery
phpMyAdmin 4.8.0 4.8.0-1 - Cross-Site Request Forgery Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...