41207 matches found
WebLog Expert Enterprise 9.4 - Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: ======= www.weblogexpert.c...
Memcached 1.5.5 - Memcrashed Insufficient Control of Network Message Volume Denial of Service With Shodan API
Memcached 1.5.5 - Memcrashed Insufficient Control of Network Message Volume Denial of Service With Shodan API -- coding: utf8 -- !/usr/bin/python Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44265.zip import sys, os, time, shodan from pathlib import...
antMan 0.9.0c - Authentication Bypass
antMan 0.9.0c - Authentication Bypass Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POS...
Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection
Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection Exploit Title: Redaxo CMS Addon MyEvents SQL Injection Backend Date: 01.03.2018 Exploit Author: h0n1gsp3cht Vendor Homepage: http://www.github.com/wende60/myevents Version: 2.2.1 Last Version Tested on: LinuxMint More: Login Required GET Vuln Code +...
Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_
Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is null / I think this commit has introduced the bug. https://chromium.googlesource.com/v8/v8/+/ff7063c7d5d8ad8eafcce3da59e65d7fe2b4f915%5E%21/F2 According to the description, Object.create is supposed to be...
Bravo Tejari Web Portal - Cross-Site Request Forgery
Bravo Tejari Web Portal - Cross-Site Request Forgery Exploit Title: Bravo Tejari Web Portal-CSRF CVE-ID: CVE-2018-7216 Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type...
Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read
Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read / In the current implementation, the bytecode generator also emits empty jump tables. https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-writer.cc?rcl=111e990462823c9faeee06b67c0dcf05749d4da8&l=89 So the bytecode for t...
Softros Network Time System Server 2.3.4 - Denial of Service
Softros Network Time System Server 2.3.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOFTROS-NETWORK-TIME-SYSTEM-SERVER-v2.3.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============...
Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField_ IrOpcode::kStoreElement Optimization Bug
Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField IrOpcode::kStoreElement Optimization Bug / I think this commit has introduced the bugs: https://chromium.googlesource.com/v8/v8/+/c22ca7f73ba92f22d0cd29b06bb2944a545a8d3e%5E%21/F0 Here's a snippet. case IrOpcode::kStoreField: FieldAccess...
Chrome V8 JIT - GetSpecializationContext Type Confusion
Chrome V8 JIT - GetSpecializationContext Type Confusion PoC: function optarg = = arg let tmp = opt.x; // LdaNamedProperty for ;; arg; yield; function inner tmp; break; for let i = 0; i arg; this; , opt let tmp = arg.x; for ;; arg; yield; tmp = inner tmp; ; for let i = 0; i 10000; i++ opt; What...
Sophos UTM 9.410 - loginuser confd Service Privilege Escalation
Sophos UTM 9.410 - loginuser confd Service Privilege Escalation KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL:...
Dup Scout Enterprise 10.5.12 - Share Username Local Buffer Overflow
Dup Scout Enterprise 10.5.12 - Share Username Local Buffer Overflow !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Dup Scout Enterprise 10.5.12 - Local Buffer Overflow Date: 02-22-2018 Vulnerable Software: Dup Scout Enterprise v10.5.12 Vendor Homepage: http://www.dupscout.com...
Memcached 1.5.5 - Memcrashed Insufficient Control Network Message Volume Denial of Service (1)
Memcached 1.5.5 - Memcrashed Insufficient Control Network Message Volume Denial of Service 1 / memcached-PoC memcached Proof of Concept Amplification via spoofed source UDP packets. Repo includes source code for PoC and approximately 17,000 AMP hosts. memcached.c - Source code...
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original...
Memcached 1.5.5 - Memcrashed Insufficient Control Network Message Volume Denial of Service (2)
Memcached 1.5.5 - Memcrashed Insufficient Control Network Message Volume Denial of Service 2 Written by Alex Conrey Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44254.zip This program is free software: you can redistribute it and/or modify it under...
ClipBucket 4.0.0 - Release 4902 - Command Injection File Upload SQL Injection
ClipBucket 4.0.0 - Release 4902 - Command Injection File Upload SQL Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable...
ActivePDF Toolkit 8.1.0.19023 - Multiple Memory Corruptions
ActivePDF Toolkit 8.1.0.19023 - Multiple Memory Corruptions ActivePDF Toolkit 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native...
Suricata 4.0.4 - IDS Detection Bypass
Suricata 4.0.4 - IDS Detection Bypass ----------------------------------------------------- Vulnerability Type: Detection Bypass Affected Product: Suricata Vulnerable version: SYN Seq=0 Ack= 0 - Evil Server Client ACK Seq=1 Ack= 84 - Evil Server Client - PSH, ACK Seq=1 Ack= 84 - Evil Server IDS...
DualDesk 20 - Proxy.exe Denial of Service
DualDesk 20 - Proxy.exe Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DUALDESK-v20-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============== www.dualdesk.com Product: =========== DualDes...
iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title:iSumsoft Local Buffer Overflow Vuln. 0daySEH Date: 2018.03.02 Exploit Author: Greg Priest Version: iSumsoft ZIP Password Refixer Version...
D-Link DIR-600M Wireless - Cross-Site Scripting
D-Link DIR-600M Wireless - Cross-Site Scripting Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting Date: 11.02.2018 Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M Category: Hardware Exploit Author: Prasenjit Kanti Paul...
SEGGER embOSIP FTP Server 3.22 - Denial of Service
SEGGER embOSIP FTP Server 3.22 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SEGGER-embOS-FTP-SERVER-v3.22-FTP-COMMANDS-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============...
TestLink Open Source Test Management 1.9.16 - Remote Code Execution
TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...
IrfanView 4.44 Email Plugin - Buffer Overflow (SEH)
IrfanView 4.44 Email Plugin - Buffer Overflow SEH !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: IrfanView 4.44 Email PlugIn - Local Buffer Overflow SEH Date: 02-07-2018 Vulnerable Software: IrfanView 4.44 Email PlugIn Vendor Homepage: http://www.irfanview.com/ Version: 4.44...
IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode)
IrfanView 4.50 Email Plugin - Buffer Overflow SEH Unicode !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: IrfanView 4.50 Email PlugIn - Local Buffer Overflow SEH Unicode Date: 02-07-2018 Vulnerable Software: IrfanView 4.50 Email PlugIn Vendor Homepage: http://www.irfanview.com...
antMan 0.9.1a - Authentication Bypass
antMan 0.9.1a - Authentication Bypass Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POS...
uWSGI 2.0.17 - Directory Traversal
uWSGI 2.0.17 - Directory Traversal Exploit Title: uWSGI PHP Plugin Directory Traversal Date: 01-03-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin...
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039)
Microsoft Windows Kernel 7 x86 - Local Privilege Escalation MS16-039...
Routers2 2.24 - Cross-Site Scripting
Routers2 2.24 - Cross-Site Scripting Exploit Title: Routers2 2.24 - Reflected Cross-Site Scripting Date: 18-01-18 Vendor Homepage: http://www.steveshipway.org/software/ Software Link: https://github.com/sshipway/routers2 Version: 2.24 CVE: CVE-2018-6193 Platform: Perl Category: webapps Exploit...
Apple iOS 11.2.5 watchOS 4.2.2 tvOS 11.2.5 - bluetoothd Memory Corruption
Apple iOS 11.2.5 watchOS 4.2.2 tvOS 11.2.5 - bluetoothd Memory Corruption // // main.m // bluetoothdPoC // // Created by Rani Idan. // Copyright © 2018 zLabs. All rights reserved. // import "AppDelegate.h" include extern kernreturnt bootstraplookupmachportt bs, const char servicename, machportt...
Chrome V8 - TranslatedState::MaterializeCapturedObjectAt Type Confusion
Chrome V8 - TranslatedState::MaterializeCapturedObjectAt Type Confusion / Here'a snippet of TranslatedState::MaterializeCapturedObjectAt. case JSSETKEYVALUEITERATORTYPE: case JSSETVALUEITERATORTYPE: Handle object = Handle::cast isolate-factory-NewJSObjectFromMapmap, NOTTENURED; Handle properties ...
netek 0.8.2 - Denial of Service
netek 0.8.2 - Denial of Service Exploit Title : netek 0.8.2 FTP Denial of Service Test on : windowsXPs3 + windows 7 software Link :https://sourceforge.net/projects/netek.berlios/ version : 0.8.2 author : Lawrence Amer site : lawrenceamer.me affected product uses default port 30817 , it can be...
Sony Playstation 4 (PS4) 4.55 - Jailbreak setAttributeNodeNS WebKit 5.02 bpf Kernel Loader 4.55
Sony Playstation 4 PS4 4.55 - Jailbreak setAttributeNodeNS WebKit 5.02 bpf Kernel Loader 4.55 PS4 4.55 Kernel Exploit --- Summary In this project you will find a full implementation of the "bpf" kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to...
CMS Made Simple 2.1.6 - Remote Code Execution
CMS Made Simple 2.1.6 - Remote Code Execution Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2. 1.6-install.zip Version: 2.1....
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting Exploit Title: MyBB My Arcade Plugin v1.3 - Persistent XSS Date: 2/21/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=411 Version: 1.3 Tested on: Ubuntu...
Transmission - Integer Overflows Parsing Torrent Files
Transmission - Integer Overflows Parsing Torrent Files I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtype trmalloc sizeof structtype...
Asterisk chan_pjsip 15.2.0 - SDP Denial of Service
Asterisk chanpjsip 15.2.0 - SDP Denial of Service ''' Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory...
Asterisk chan_pjsip 15.2.0 - SDP fmtp Denial of Service
Asterisk chanpjsip 15.2.0 - SDP fmtp Denial of Service ''' Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-003 - Enable Security Advisory: -...
Asterisk chan_pjsip 15.2.0 - SUBSCRIBE Stack Corruption
Asterisk chanpjsip 15.2.0 - SUBSCRIBE Stack Corruption ''' SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.5, 13.11.2 ...
Sony Playstation 4 (PS4) 5.01 5.05 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 5.01 5.05 - WebKit Code Execution PoC PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install...
Asterisk chan_pjsip 15.2.0 - INVITE Denial of Service
Asterisk chanpjsip 15.2.0 - INVITE Denial of Service ''' Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip installed with --with-pjproject-bundled -...
Concrete5 8.3.0 - Username Comments Enumeration
Concrete5 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate impo...
School Management Script 3.0.4 - Authentication Bypass
School Management Script 3.0.4 - Authentication Bypass Exploit Title: SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4. Date: 26/02/2018 Exploit Author: Samiran Santra Vendor Homepage: https://www.phpscriptsmall.com Software Link:...
GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH)
GetGo Download Manager 5.3.0.2712 - Buffer Overflow SEH !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GetGo Download Manager 5.3.0.2712 - Remote Buffer Overflow SEH Date: 02-24-2018 Vulnerable Software: GetGo Download Manager 5.3.0.2712 Vendor Homepage:...
Chrome V8 - PropertyArray Integer Overflow
Chrome V8 - PropertyArray Integer Overflow / Here's a snippet of the MigrateFastToFast function which is used to create a new PropertyArray object. int numberoffields = newmap-NumberOfFields; int inobject = newmap-GetInObjectProperties; int unused = newmap-UnusedPropertyFields; ... int totalsize ...
Microsoft Windows 8.12012 R2 - SMBv3 Null Pointer Dereference Denial of Service
Microsoft Windows 8.12012 R2 - SMBv3 Null Pointer Dereference Denial of Service Exploit Title: Microsoft Windows SMB Client Null Pointer Dereference Denial of Service Date: 26/02/2018 Exploit Author: Nabeel Ahmed Version: SMBv3 Tested on: Windows 8.1 x86, Windows Server 2012 R2 x64 CVE :...
Concrete5 CMS 8.3.0 - Username Comments Enumeration
Concrete5 CMS 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate...
Sony Playstation 4 (PS4) 4.07 4.55 - bpf Local Kernel Code Execution (PoC)
Sony Playstation 4 PS4 4.07 4.55 - bpf Local Kernel Code Execution PoC function stage4 function mallocsz var backing = new Uint8Array1000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new...
Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record
Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite the free version of WiFi Baby Monitor. Although the premium version offered users the...
Joomla! Component Alexandria Book Library 3.1.2 - letter SQL Injection
Joomla! Component Alexandria Book Library 3.1.2 - letter SQL Injection Exploit Title: Joomla! Component Alexandria Book Library 3.1.2 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://alexandriabooklibrary.org/ Software Link:...