41207 matches found
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free Pwn2Own 2017 PoC char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char...
Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)
Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Exploit Title: Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Date: 2018-04-23 Exploit Author: Marwan Shamel Software Link: https://filehippo.com/downloadfreedownloadmanager/925/ Version: v2.0 Built 417 Tested on:...
Ncomputing vSpace Pro 1011 - Directory Traversal
Ncomputing vSpace Pro 1011 - Directory Traversal Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability Date: 2018-04-20 Software Vendor: NComputing Software Link: Author: Javier Bernardo Contact: [email protected] Website: http://www.kwell.net CVE: CVE-2018-10201...
Monstra cms 3.0.4 - Persitent Cross-Site Scripting
Monstra cms 3.0.4 - Persitent Cross-Site Scripting Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested o...
Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution
Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution -- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational ...
Cobub Razor 0.8.0 - Physical Path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage:...
Match Clone Script 1.0.4 - Cross-Site Scripting
Match Clone Script 1.0.4 - Cross-Site Scripting Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho...
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Date: 03/24/2018 Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure ''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link:...
Kodi 17.6 - Persistent Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831...
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...
Rvsitebuilder CMS - Database Backup Download
Rvsitebuilder CMS - Database Backup Download Exploit Title: Rvsitebuilder CMS Database Backup Download Exploit Author: Hesam Bazvand Contact: [email protected] Software Link: http://www.rvsitebuilder.com Version: All Version Tested on: Windows 7 / Kali Linux Category: WebApps Dork :...
PDFunite 0.41.0 - .pdf Local Buffer Overflow
PDFunite 0.41.0 - .pdf Local Buffer Overflow Exploit Title: PDFunite Malformed pdf buffer overflow Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/artful/+package/poppler-utils Software Link: https://launchpad.net/ubuntu/+source/poppler/0.57.0-2ubuntu4....
MySQL Squid Access Report 2.1.4 - SQL Injection Cross-Site Scripting
MySQL Squid Access Report 2.1.4 - SQL Injection Cross-Site Scripting Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL...
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...
VX Search 10.6.18 - directory Local Buffer Overflow
VX Search 10.6.18 - directory Local Buffer Overflow !/usr/bin/python Title: VX Search 10.6.18 Local Buffer Overflow Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.vxsearch.com Version: 10.6.18 Date: 18/04/2018 Tested on: Windows 7...
Ultra MiniHTTPd 1.2 - GET Remote Stack Buffer Overflow PoC
Ultra MiniHTTPd 1.2 - GET Remote Stack Buffer Overflow PoC...
Brave Browser 0.13.0 - window.close(self) Denial of Service
Brave Browser 0.13.0 - window.closeself Denial of Service Exploit Title:Brave Browser Brave Window Object Remote Denial of Service. Brave Window Object Remote Denial of Service Proof of Concept Click the below link to Trigger the Vulnerability.. Brave Window Object DoS Test POC...
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (Metasploit)
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002...
Reaper 5.78 - Local Buffer Overflow
Reaper 5.78 - Local Buffer Overflow Exploit Title: Reaper 5.78 - Local Buffer Overflow Exploit Author: bzyo CVE: CVE-2018-9131 Date: 2018-03-30 Vulnerable Software: Reaper 5.78 Vendor Homepage: https://www.reaper.fm/ Version: 5.78 Software Link: https://www.reaper.fm/download.php Tested On: Windo...
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Date: 14.04.2018 Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678...
Brave Browser 0.13.0 - long alert() argument Denial of Service
Brave Browser 0.13.0 - long alert argument Denial of Service Exploit Title:Brave Browser...
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Google Dork: N/A Date: 14-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...
Microsoft Windows - nt!NtQueryVirtualMemory (MemoryImageInformation) Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - nt!NtQueryVirtualMemory MemoryImageInformation Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation 0x6 information class discloses uninitialized kernel stack memory to user-mode clients...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference...
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached...
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH)
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow SEH !/usr/bin/python Title: Zortam Mp3 Media Studio Local Buffer Overflow SEH Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.zortam.com/ Version: 23.45 Tested on: Windows 7 32 b...
CloudMe Sync 1.11.0 - Local Buffer Overflow
CloudMe Sync 1.11.0 - Local Buffer Overflow Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0 Date: 08.03.2018 Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1110.exe Category: Local Exploit Discovery: Prasenjit Kanti Paul Web:...
Microsoft Edge - OpenProcess() ACG Bypass
Microsoft Edge - OpenProcess ACG Bypass Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...
Microsoft Windows - nt!NtQuerySystemInformation (SystemPageFileInformation(Ex)) Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - nt!NtQuerySystemInformation SystemPageFileInformationEx Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes disclose...
Barco ClickShare CSE-200 - Remote Denial of Service
Barco ClickShare CSE-200 - Remote Denial of Service !/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT...
Cobub Razor 0.8.0 - SQL injection
Cobub Razor 0.8.0 - SQL injection Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-80...
Microsoft Windows - nt!NtQueryInformationProcess (ProcessImageFileName) Kernel 64-bit PoolStack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationProcess ProcessImageFileName Kernel 64-bit PoolStack Memory Disclosure / We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode...
Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryVolumeInformationFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 1...
Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryInformationTransactionManager TransactionManagerRecoveryInformation Kernel Pool Memory Disclosure / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose...
Microsoft Windows - nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation) Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - nt!NtQueryVirtualMemory MemoryPrivilegedBasicInformation Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation 0x0 and MemoryPrivilegedBasicInformation 0x8 information classes discloses...
SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)
SysGauge Pro 4.6.12 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : SysGauge Pro v4.6.12 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software :...
Microsoft Windows - nt!NtQueryFullAttributesFile Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryFullAttributesFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7...
Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryAttributesFile Kernel Stack Memory Disclosure / We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10,...
AMD Plays.tv 1.27.5.0 - plays_service.exe Arbitrary File Execution
AMD Plays.tv 1.27.5.0 - playsservice.exe Arbitrary File Execution http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege:...
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
MikroTik 6.41.4 - FTP daemon Denial of Service PoC Title: MikroTik 6.41.4 Denial of service FTP daemon crash CVE: CVE-2018-10070 CWE: CWE-400 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Version : 6.41.4 Released 2018-Apr-05 | All Version Date: 13-05-2018...
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (PoC)
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution PoC !/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print '...
Microsoft Credential Security Support Provider - Remote Code Execution
Microsoft Credential Security Support Provider - Remote Code Execution credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal...
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla Convert Forms version 2.0.3 - Formula Injection CSV Injection Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link:...
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vend...
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Exploit Title: iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/easycreate/demo/ Version: 3.2.1 Tested on:...
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS Date: 31/03/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip...