41207 matches found
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 170109) - Access Control Bypass
Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds 140721 170109 - Access Control Bypass Exploit Title: Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds: 140721 - 170109 Backdoor Date: 15-03-2018 Vendor Homepage: http://www.hikvision.com/en/ Exploit Author: Matamorphosis Category: Web Apps...
MyBB Plugin Last Users Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
MyBB Plugin Last Users Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS Date: 3/19/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link:...
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow SWAMI KARUPASAMI THUNAI Exploit Title: Allok Video Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions...
WM Recorder 16.8.1 - Denial of Service
WM Recorder 16.8.1 - Denial of Service !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: WM Recorder 16.8.1 - Denial of Service Date: 03-20-2018 Vulnerable Software: WM Recorder 16.8.1 Vendor Homepage: http://wmrecorder.com/home/ Version: 16.8.1 Software Link:...
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : Easy CD DVD Copy v1.3.24 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.divxtodvd.net/index.htm Vulnerable...
Dell EMC NetWorker - Denial of Service
Dell EMC NetWorker - Denial of Service ''' Exploit Title: Dell EMC NetWorker DoS PoC Date: 18.03.2018 Exploit Author: Marek Cybul Vendor Homepage: https://www.emc.com/data-protection/networker.htm Versions: Dell EMC NetWorker versions prior to 9.2.1.1 Dell EMC NetWorker versions prior to 9.1.1.6...
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery / Exploit Title: TL-WR720N 150Mbps Wireless N Router - CSRF Date: 21-3-2018 Exploit Author: Mans van Someren Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/resources/software/TL-WR720NV1130719.zi...
Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)
Crashmail 1.6 - Stack-Based Buffer Overflow ROP Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could exploit...
Linux Kernel 4.15.4 - show_floppy KASLR Address Leak
Linux Kernel 4.15.4 - showfloppy KASLR Address Leak include include include include include include include include include include static int driveselectorint head return head 2; void fdrecalibrateint fd struct floppyrawcmd rawcmd; int tmp; rawcmd.flags = FDRAWINTR; rawcmd.cmdcount = 2; // set u...
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File ReadWrite Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File ReadWrite Privilege Escalation Windows: Windows: Desktop Bridge Virtual Registry Arbitrary File Read/Write EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual...
Microsoft Windows - Desktop Bridge VFS Privilege Escalation
Microsoft Windows - Desktop Bridge VFS Privilege Escalation Windows: Windows: Desktop Bridge VFS EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the VFS for desktop bridge applications can allow an application to create virtual files in...
Internet Explorer - RegExp.lastMatch Memory Disclosure
Internet Explorer - RegExp.lastMatch Memory Disclosure / There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: ========================================= / functio...
Microsoft Windows Kernel - nt!KiDispatchException 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - nt!KiDispatchException 64-bit Stack Memory Disclosure / We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a EXCEPTIONRECORD structure to user-mode memory while passing execution to a user-mode exception handler. The...
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File ReadWrite Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File ReadWrite Privilege Escalation Windows: Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write EoP Platform: Windows 1703 version 1709 seems to have fixed this bug Class: Elevation of Privilege Summary: The...
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory Disclosure
Microsoft Windows Kernel - NtQueryVirtualMemoryMemoryMappedFilenameInformation 64-bit Pool Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memor...
Cisco node-jos 0.11.0 - Re-sign Tokens
Cisco node-jos 0.11.0 - Re-sign Tokens !/usr/bin/env python3 import base64 from urllib.parse import quoteplus import rsa import sys zi0Black ''' EDB Note: This has been updated https://github.com/offensive-security/exploitdb/pull/139 POC of CVE-2018-0114 Cisco node-jose = 8 return b::-1 def...
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...
Microsoft Windows Kernel - NtQueryInformationThread(ThreadBasicInformation) 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - NtQueryInformationThreadThreadBasicInformation 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to...
OpenSSH 6.6 SFTP - Command Execution
OpenSSH 6.6 SFTP - Command Execution OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16 print "+ Stack mapped @ -".formataddr0, ad...
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Intelbras Telefone IP TIP200 LITE - Local File Disclosure Exploit Title: INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include Google Dork: Date: 16/03/2018 Exploit Author: Matheus Goncalves - anhax0r Vendor Homepage: https://www.facebook.com/anhaxteam/ Software Link: Version: 60.0.75.29...
Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure / We have discovered that the nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients, on 64-bit versions of Windows 7 to Windows 10. The output buffer, and the...
Coship RT3052 Wireless Router - Persistent Cross-Site Scripting
Coship RT3052 Wireless Router - Persistent Cross-Site Scripting Exploit Title: Coship RT3052 Wireless Router - Persistent Cross Site Scripting XSS Date: 2018-03-18 Exploit Author: Sayan Chatterjee Vendor Homepage: http://en.coship.com/ Category: Hardware Wifi Router Version: 4.0.0.48 Tested on:...
Vehicle Sales Management System - Multiple Vulnerabilities
Vehicle Sales Management System - Multiple Vulnerabilities Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link:...
Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow
Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow ''' Off-by-one heap overflow in Kamailio - Authors: - Alfred Farrugia - Sandro Gauci - Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7 - References: no CVE assigned yet - Enable Security Advisory: - Tested vulnerable versions: 5.1.1, 5.1.0,...
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of...
Contec Smart Home 4.15 - Unauthorized Password Reset
Contec Smart Home 4.15 - Unauthorized Password Reset Title : Contec smart home 4.15 Unauthorized Password Reset Shodan Dork : "content/smarthome.php" Vendor Homepage : http://contec.co.il Tested on : Google Chrome Tested version : 4.15 Date : 2018-03-14 Author : Z3ro0ne Contact :...
Linux Kernel 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
Linux Kernel 4.4.0-116 Ubuntu 16.04.4 - Local Privilege Escalation / Ubuntu 16.04.4 kernel priv esc all credits to @bleidl - vnik / // Tested on: // 4.4.0-116-generic 140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x8664 // if different kernel adjust CRED offset + check kernel stack size include...
Unitrends UEB 10.0 - Root Remote Code Execution
Unitrends UEB 10.0 - Root Remote Code Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution 46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x20200000 / target...
WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting
WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting Exploit Title : Duplicator Wordpress Migration Plugin Reflected Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://snapcreek.com/ Software Link:...
Android DRM Services - Buffer Overflow
Android DRM Services - Buffer Overflow include include include include include include include include include include using namespace android; static sp getCrypto sp sm = defaultServiceManager; sp binder = sm-getServiceString16"media.drm"; sp service = interfacecastbinder; if service == NULL...
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017)
Microsoft Windows Kernel 7 x86 - Local Privilege Escalation MS17-017...
MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow
MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php will...
Spring Data REST 2.6.9 (Ingalls SR9) 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST 2.6.9 Ingalls SR9 3.0.1 Kay SR1 - PATCH Request Remote Code Execution // Exploit Title: RCE in PATCH requests in Spring Data REST // Date: 2018-03-10 // Exploit Author: Antonio Francesco Sardella // Vendor Homepage: https://pivotal.io/ // Software Link:...
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution !/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning...
Tuleap 9.17.99.189 - Blind SQL Injection
Tuleap 9.17.99.189 - Blind SQL Injection =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found: 2018-02-24 by:...
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...
Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials
Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web...
MikroTik RouterOS 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution
MikroTik RouterOS 6.38.4 x86 - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import...
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow Exploit Title: Allok Video Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Video...
DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 64-bit - Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt + ISR: Apparition Security Vendor: ============= www.dewesoft.com Product:...
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
ManageEngine Applications Manager 13.5 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' ...
MikroTik RouterOS 6.38.4 (MIPSBE) - Chimay Red Stack Clash Remote Code Execution
MikroTik RouterOS 6.38.4 MIPSBE - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python3 Mikrotik Chimay Red Stack Clash Exploit by BigNerd95 Tested on RouterOS 6.38.4 mipsbe using a CRS109 Used tools: pwndbg, rasm2, mipsrop for IDA I used ropper only to automatically find gadgets ASL...
Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution
Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.3 webvrpcs Directory Traversal RCE Vulnerability Date: 03-11-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
SC 7.16 - Stack-Based Buffer Overflow
SC 7.16 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://www.exploitpack.com Bug found using Exploit Pack - Local fuzzer feature. Tested on: GNU/Linux - Kali Linux Filename: pool/main/s/sc/sc7.16-4+b2i386.deb Description: SC v7.16 is prone to a basic stack-based buffer overflow...
TextPattern 4.6.2 - qty SQL Injection
TextPattern 4.6.2 - qty SQL Injection ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
Sony Playstation 4 (PS4) 4.55 5.50 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 4.55 5.50 - WebKit Code Execution PoC window.didload = 0; window.didpost = 0; window.onload = function window.didload = 1; if window.didpost == 1 window.stage2; window.postExpl = function window.didpost = 1; if window.didload == 1 window.stage2; function makeid var text = "...
WebLog Expert Enterprise 9.4 - Authentication Bypass
WebLog Expert Enterprise 9.4 - Authentication Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-AUTHENTICATION-BYPASS.txt + ISR: Apparition Security Vendor: ========...
Bacula-Web 8.0.0-rc2 - SQL Injection
Bacula-Web 8.0.0-rc2 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Bacula-Web Date: 2018-03-07 Software Link: http://bacula-web.org/ Exploit Author: Gustavo Sorondo Contact: http://twitter.com/iampuky Website: http://cintainfinita.com/ CVE: CVE-2017-15367 Category:...