Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection

Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection Exploit Title: Joomla! Component Google Map Landkarten = 4.2.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomla-24.de/ Software Link:...

Joomla! Component File Download Tracker 3.0 - SQL Injection

Joomla! Component File Download Tracker 3.0 - SQL Injection Exploit Title: Joomla! Component File Download Tracker 3.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techsolsystem.com/ Software Link:...

Joomla! Component Saxum Astro 4.0.14 - SQL Injection

Joomla! Component Saxum Astro 4.0.14 - SQL Injection Exploit Title: Joomla! Component Saxum Astro 4.0.14 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/living/astrology-a-horoscope/saxumastro/...

Joomla! Component jGive 2.0.9 - SQL Injection

Joomla! Component jGive 2.0.9 - SQL Injection Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/ Version: 2.0.9 Category:...

Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting

Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis -...

Joomla! Component NeoRecruit 4.1 - SQL Injection

Joomla! Component NeoRecruit 4.1 - SQL Injection Exploit Title: Joomla! Component NeoRecruit 4.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://neojoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/neorecruit/...

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - alias SQL Injection

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - alias SQL Injection Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://quanticalabs.com/joomla/ Software Link:...

Joomla! Component Solidres 2.5.1 - SQL Injection

Joomla! Component Solidres 2.5.1 - SQL Injection Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/...

Joomla! Component Saxum Picker 3.2.10 - SQL Injection

Joomla! Component Saxum Picker 3.2.10 - SQL Injection Exploit Title: Joomla! Component Saxum Picker 3.2.10 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/games/saxumpicker/...

Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection

Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link:...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage:...

Joomla! Component JS Jobs 1.1.9 - SQL Injection

Joomla! Component JS Jobs 1.1.9 - SQL Injection Exploit Title: Joomla! Component JS Jobs 1.1.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/js-jobs/ Softwar...

Microsoft Edge - UnmapViewOfFile ACG Bypass

Microsoft Edge - UnmapViewOfFile ACG Bypass Background: To implement ACG https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/VM4y5oTSGCRde3sk.97, Edge uses a separate process for JIT compiling. This JIT Process is also responsible for mapping native code into...

UserSpice 4.3 - Blind SQL Injection

UserSpice 4.3 - Blind SQL Injection !/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User...

PSNews Website 1.0.0 - Keywords SQL Injection

PSNews Website 1.0.0 - Keywords SQL Injection Exploit Title: PSNews Website Same Backend with Mobile Apps 1.0.0 - 'Keywords' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

Joomla! Component Staff Master 1.0 RC 1 - SQL Injection

Joomla! Component Staff Master 1.0 RC 1 - SQL Injection Exploit Title: Joomla! Component Staff Master = 1.0 RC 1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.systemsunited.net/ Software Link: http://www.systemsunited.net/ Version: = 1.0 RC 1 Category: Webapps Tested on:...

Joomla! Component JB Bus 2.3 - order_number SQL Injection

Joomla! Component JB Bus 2.3 - ordernumber SQL Injection Exploit Title: Joomla! Component JB Bus 2.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://joombooking.com/ Software Link:...

Joomla Component ccNewsletter 2.x.x id - SQL Injection

Joomla Component ccNewsletter 2.x.x id - SQL Injection Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.chillcreations.com/ Software Link: https://extensions.joomla.org/extension/ccnewsletter/ Version: 2.x Stable...

Joomla! Component SquadManagement 1.0.3 - SQL Injection

Joomla! Component SquadManagement 1.0.3 - SQL Injection Exploit Title: Joomla! Component SquadManagement 1.0.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.larshildebrandt.de/ Software Link:...

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion / This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call...

Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace

Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace Related to issue 1490 . When parsing ShadingPatterns; according to the specification they shouldn't be permitted to have a pattern colorspace as their base colorspace, but this is not validated, leading to out-of-bounds...

Pdfium - Pattern Shading Integer Overflows

Pdfium - Pattern Shading Integer Overflows This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp re...

Microsoft Edge Chakra JIT - LdThis Type Confusion

Microsoft Edge Chakra JIT - LdThis Type Confusion / LdThis instructions' value type is assumed to be "Object". Since "this" can be other objects like an array, it has to be assumed to be "LikelyObject", otherwise, operations to "this" will not be checked properly. PoC: / function optarr arr0 = 1....

Chrome V8 - Runtime_RegExpReplace Integer Overflow

Chrome V8 - RuntimeRegExpReplace Integer Overflow / Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc =...

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly (2)

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly 2 It seems this is the patch for the bug. https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a The following two cases will bypass the fix. 1: function opt let obj ...

Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass

Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass / Here's a snippet of ExecuteImplicitCall which is responsible for updating the ImplicitCallFlags flag. template inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall...

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions / If a native array is used as a prototype, it is converted to a Var array by the Js::JavascriptNativeFloatArray::SetIsPrototype method. In the JIT compiler, it uses InitProto instructions to set object literals' prototyp...

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructio...

Microsoft Edge Chakra JIT - Memory Corruption

Microsoft Edge Chakra JIT - Memory Corruption / Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall // For...

T9uSX62CBPeacuH

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

f3KOTJ0fqueVFEI

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

g6LJ13AJmUiI3LV

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

dwUjN2s6BF1pLOo

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

Br6Q8A5La1vHEXc

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

LZiu47KuvVGGiya

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

1dr3WheuN0QMcPU

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

dzQhdsmL3yNgUKJ

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

imjlGlBKdX7OY6y

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2Lulc8bMIZt16Pt

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

SOA School Management - access_login SQL Injection

SOA School Management - accesslogin SQL Injection Exploit Title: SOA - School Management Software with Integrated Parents/Students Portal & Mobile App - 'accesslogin' SQL Injection Dork: N/A Date: 2018-02-14 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

userSpice 4.3 - Cross-Site Scripting

userSpice 4.3 - Cross-Site Scripting Application UserSpice PHP user management Vulnerability userSpice alert"1"&csrf=8b1339546d6af1e7536da0a705302e9c&updatebio= Vulnerable code: id?" class="nounderline"id?...

Tenda AC15 Router - Remote Code Execution

Tenda AC15 Router - Remote Code Execution !/usr/bin/env python EDB Note Source: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ import urllib2 import struct import time import socket from optparse import import SimpleHTTPServer import SocketServer import threading import sys...

Social Oauth Login PHP - Authentication Bypass

Social Oauth Login PHP - Authentication Bypass Exploit Title: Social Oauth Login PHP - Authentication Bypass Dork: N/A Date: 2018-02-12 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.codester.com/items/4554/social-oauth-login-php Version: All...

Dell EMC Isilon OneFS - Multiple Vulnerabilities

Dell EMC Isilon OneFS - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

NAT32 2.2 Build 22284 - Cross-Site Request Forgery

NAT32 2.2 Build 22284 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Produc...

NAT32 2.2 Build 22284 - Remote Command Execution

NAT32 2.2 Build 22284 - Remote Command Execution + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product:...

GNU binutils 2.26.1 - Integer Overflow (PoC)

GNU binutils 2.26.1 - Integer Overflow PoC Exploit Title: Objdump - Integer Overflow Crash POC Date: 12.02.2018 Exploit Author: r4xis Tested Version: 2.26.1 Vuln Version: \nint mainprintf"HelloWorld!\n"; return 0;" f = open"helloWorld.c", 'w' f.writehello f.close os.system"gcc -c helloWorld.c -o...

News Website Script 2.0.4 - search SQL Injection

News Website Script 2.0.4 - search SQL Injection Exploit Title:News Website Script - SQL Injection Error Based Google Dork: NA Date: 12.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://under24usd.com/demo/newstoday/index.php Version: 2.0...

CloudMe Sync 1.11.0 - Buffer Overflow

CloudMe Sync 1.11.0 - Buffer Overflow + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt + ISR: Apparition Security + SSD Beyond Security Submission:...

Advantech WebAccess 8.3.0 - Remote Code Execution

Advantech WebAccess 8.3.0 - Remote Code Execution Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...