41207 matches found
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Add User Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE :...
DVD X Player Standard 5.5.3.9 - Buffer Overflow
DVD X Player Standard 5.5.3.9 - Buffer Overflow...
Google Chrome V8 JIT - LoadElimination::ReduceTransitionElementsKind Type Confusion
Google Chrome V8 JIT - LoadElimination::ReduceTransitionElementsKind Type Confusion / I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Add Admin Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add admin account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE :...
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting PoC Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Date: 06/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip...
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version...
WordPress Plugin Google Drive 2.2 - Remote Code Execution
WordPress Plugin Google Drive 2.2 - Remote Code Execution Exploit Title: Plugin Google Drive for WordPress 2.2 – RCE – Unlik Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-google-drive/ Software Link: https://wordpress.org/plugins/wp-google-drive/...
WolfCMS 0.8.3.1 - Cross-Site Request Forgery
WolfCMS 0.8.3.1 - Cross-Site Request Forgery Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category:...
WebKit - WebAssembly Parsing Does not Correctly Check Section Order
WebKit - WebAssembly Parsing Does not Correctly Check Section Order When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check...
WordPress Plugin Background Takeover 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover 4.1.4 - Directory Traversal Exploit Title: WP Background Takeover, Directory Traversal = 4.1.4 Google Dork: inurl:/plugins/wpsite-background-takeover Date: 2018-03-08 Exploit Author: Colette Chamberland, Defiant, Inc. Vendor Homepage: https://99robots.com...
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery Add Admin Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and...
H2 Database - Alias Arbitrary Code Execution
H2 Database - Alias Arbitrary Code Execution ''' Exploit Title: H2 Database Alias Abuse Date: 05/04/2018 Exploit Author: gambler Vendor Homepage:www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux, Mac OS ''' import sys import...
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting PoC Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows ...
CyberArk Password Vault 9.7 10 - Memory Disclosure
CyberArk Password Vault 9.7 10 - Memory Disclosure Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the...
WolfCMS 0.8.3.1 - Open Redirection
WolfCMS 0.8.3.1 - Open Redirection Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link:...
PMS 0.42 - Local Stack-Based Overflow (ROP)
PMS 0.42 - Local Stack-Based Overflow ROP Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the...
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link:...
CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution
CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens,...
Cobub Razor 0.7.2 - Add New Superuser Account
Cobub Razor 0.7.2 - Add New Superuser Account Exploit Title: Cobub Razor 0.7.2 Add New Superuser User Date: 2018-03-07 Exploit Author: ppb([email protected]) Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7745 There is a...
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution Exploit Title: Plugin Woocommerce CSV importer 3.3.6 – RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link:...
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network...
GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)
GoldWave 5.70 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GoldWave 5.70 - Local Buffer Overflow SEH Unicode Date: 04-05-2018 Vulnerable Software: GoldWave 5.70 Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Software Link:...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
Yahei PHP Prober 0.4.7 - Cross-Site Scripting Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version: 0.4.7...
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
MyBB Plugin Recent Threads On Index - Cross-Site Scripting Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads i...
WordPress Plugin Simple Fields 0.2 - 0.3.5 - LocalRemote File Inclusion Remote Code Execution
WordPress Plugin Simple Fields 0.2 - 0.3.5 - LocalRemote File Inclusion Remote Code Execution Exploit Title: Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE Date: 2018-04-08 Exploit Author: Graeme Robinson Contact: @Grasec Vendor Homepage: http://simple-fields.com Software Link:...
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard...
Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass
Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt + ISR: Apparition Security Vendor:...
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...
Cobub Razor 0.7.2 - Cross-Site Request Forgery
Cobub Razor 0.7.2 - Cross-Site Request Forgery Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery Date: 2018-03-07 Exploit Author: ppb Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7746 There is a vulnerabilit...
DotNetNuke DNNarticle Module 11 - Directory Traversal
DotNetNuke DNNarticle Module 11 - Directory Traversal 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information...
Adobe Flash 28.0.0.161 - Use-After-Free
Adobe Flash 28.0.0.161 - Use-After-Free !/usr/bin/env python coding: UTF-8 import BaseHTTPServer import sys from SimpleHTTPServer import SimpleHTTPRequestHandler print "@Syfi2k" print "+ CVE-2018-4878 poc " print "--------------------------------" print "Calc.exe Shellcode via Msfvenom" print...
LineageOS 14.1 Blueborne - Remote Code Execution
LineageOS 14.1 Blueborne - Remote Code Execution Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and...
GNU Beep 1.3 - HoleyBeep Local Privilege Escalation
GNU Beep 1.3 - HoleyBeep Local Privilege Escalation !/usr/bin/env python3 E-DB Note https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc E-DB Note https://sigint.sh//holeybeep This is an exploit for HoleyBeep. To use it, place any command you...
Z-Blog 1.5.1.1740 - Cross-Site Scripting
Z-Blog 1.5.1.1740 - Cross-Site Scripting Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS...
MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting
MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on:...
YzmCMS 3.6 - Cross-Site Scripting
YzmCMS 3.6 - Cross-Site Scripting Exploit Title: YzmCMS 3.6 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the users...
Microsoft Windows Defender - mpengine.dll Memory Corruption
Microsoft Windows Defender - mpengine.dll Memory Corruption Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unr...
Z-Blog 1.5.1.1740 - Full Path Disclosure
Z-Blog 1.5.1.1740 - Full Path Disclosure Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE :...
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://pojo.me Software Link:...
WebRTC - Private IP Leakage (Metasploit)
WebRTC - Private IP Leakage Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Private IP Leakage to WebPage using WebRTC Function.", 'Description' = %q This module exploits a...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting Exploit Title: Joomla! Component JS Jobs 1.2.0 - Cross Site Scripting Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com/products/js-jobs.html...
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods !-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, th...
GetSimple CMS 3.3.13 - Cross-Site Scripting
GetSimple CMS 3.3.13 - Cross-Site Scripting Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link:...
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2)
Microsoft Edge Chakra JIT - Stack-to-Heap Copy Incomplete Fix 2 / Here's a snippet of JavascriptArray::BoxStackInstance. template T JavascriptArray::BoxStackInstanceT instance, bool deepCopy AssertThreadContext::IsOnStackinstance; // On the stack, the we reserved a pointer before the object as to...
Google Chrome V8 - ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion
Google Chrome V8 - ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion / Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe CollectValuesOrEntriesImpl Isolate isolate, Handle object,...
Google Chrome V8 - Genesis::InitializeGlobal Out-of-Bounds ReadWrite
Google Chrome V8 - Genesis::InitializeGlobal Out-of-Bounds ReadWrite / Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize +...
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1)
Microsoft Edge Chakra JIT - Stack-to-Heap Copy Incomplete Fix 1 / Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that allocates...
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
VideoFlow Digital Video Protection DVP 2.10 - Hard-Coded Credentials VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the D...
Secutech RiS-11RiS-22RiS-33 - Remote DNS Change
Secutech RiS-11RiS-22RiS-33 - Remote DNS Change Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by...
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
VideoFlow Digital Video Protection DVP 2.10 - Directory Traversal VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is...