41207 matches found
Iopsys Router - dhcp Remote Code Execution
Iopsys Router - dhcp Remote Code Execution !/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol:...
Vitek - Remote Command Execution Information Disclosure (PoC)
Vitek - Remote Command Execution Information Disclosure PoC STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22,...
Ability Mail Server 3.3.2 - Cross-Site Scripting
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...
Conarc iChannel - Improper Access Restrictions
Conarc iChannel - Improper Access Restrictions Exploit Title: Conarc iChannel - Unauthenticated Access/Default Webserver Misconfiguration allows for compromise of server Date: 2017-12-19 Exploit Author: Information Paradox CVE : CVE-2017-17759 https://affectedserver/wc.dll?wwMaintEditConfig The...
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) Double-Write Ring-0 Address Leak
Microsoft Windows Kernel - NtQueryVirtualMemoryMemoryMappedFilenameInformation Double-Write Ring-0 Address Leak / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE :...
Samsung Internet Browser - SOP Bypass (Metasploit)
Samsung Internet Browser - SOP Bypass Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a...
Microsoft Internet Explorer 11 - jscript!JSONStringifyObject Use-After-Free
Microsoft Internet Explorer 11 - jscript!JSONStringifyObject Use-After-Free var o1 = toJSON:function alert'o1'; return o2; var o2 = toJSON:function alert'o2'; CollectGarbage; return 'x'; JSON.stringifyo1; g df8.e48: Access violation - code c0000005 first chance First chance exceptions are reporte...
Microsoft Windows - jscript!NameTbl::GetValDef Use-After-Free
Microsoft Windows - jscript!NameTbl::GetValDef Use-After-Free var vars = new Array100; forvar i=0;i !-- ============================================ PoC for WPAD might require page heap to trigger the crash: ============================================ function...
Microsoft Windows - jscript.dll Array.sort Heap Overflow
Microsoft Windows - jscript.dll Array.sort Heap Overflow var vars = new Array100; var arr = new Array1000; forvar i=1;i !-- ========================================= Technical details: Array.sort is implemented in JsArraySort which, depending if a comparison function was specified or not, calls...
Joomla! Component NextGen Editor 2.1.0 - plname SQL Injection
Joomla! Component NextGen Editor 2.1.0 - plname SQL Injection Exploit Title: Joomla! Component NextGen Editor 2.1.0 - SQL Injection Dork: N/A Date: 19.12.2017 Vendor Homepage: hhttp://nextgeneditor.com/ Software Link: https://extensions.joomla.org/extension/nextgen-editor/ Software Download:...
Intel Content Protection HECI Service - Type Confusion Privilege Escalation
Intel Content Protection HECI Service - Type Confusion Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege...
Microsoft Windows - jscript!JsArraySlice Uninitialized Variable
Microsoft Windows - jscript!JsArraySlice Uninitialized Variable var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issu...
BrightSign Digital Signage - Multiple Vulnerablities
BrightSign Digital Signage - Multiple Vulnerablities Exploit Title: BrightSign Digital Signage Multiple Vulnerabilities Date: 12/15/17 Exploit Author: [email protected] Vectors: XSS, Directory Traversal, File Modification, Information Leakage The BrightSign Digital Signage 4k242 device...
Ichano AtHome IP Cameras - Multiple Vulnerabilities
Ichano AtHome IP Cameras - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into...
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control Trend Micro Smart Protection Server Multiple Vulnerabilities 1. Advisory Information Title:: Trend Micro...
Microsoft Windows - jscript!RegExpFncObj::LastParen Out-of-Bounds Read
Microsoft Windows - jscript!RegExpFncObj::LastParen Out-of-Bounds Read function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; r rax=0000000000000063 rbx=000000000476fd90 rcx=0000000000000063 rdx=0000000000000064 rsi=000000000476fd90 rdi=000007fef23d37d0...
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD var s = 'a'; forvar i=0;i...
Ciuis CRM 1.0.7 - SQL Injection
Ciuis CRM 1.0.7 - SQL Injection Exploit Title: Ciuis CRM v 1.0.7 Sql Injection Google Dork: if applicable Date: 12/15/2017 Exploit Author: Zahid Abbasi Contact: http://twitter.com/zahidsec Website: http://zahidabbasi.com Vendor Homepage: http://ciuis.com/ Software Link:...
Joomla! Component Guru Pro - promocode SQL Injection
Joomla! Component Guru Pro - promocode SQL Injection Exploit Title: Joomla! Component Guru Pro 'promocode'- SQL Injection Dork: N/A Date: 17.12.2017 Vendor Homepage: https://www.ijoomla.com/ Software Link:...
Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload Remote Code Execution
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Remote Code Execution Exploit Title: Monstra CMS - 3.0.4 RCE Vendor Homepage: http://monstra.org/ Software Link: https://bitbucket.org/Awilum/monstra/downloads/monstra-3.0.4.zip Discovered by: Ishaq Mohammed Contact:...
GoAhead Web Server 2.5 3.6.5 - HTTPd LD_PRELOAD Remote Code Execution
GoAhead Web Server 2.5 3.6.5 - HTTPd LDPRELOAD Remote Code Execution !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...
Joomla! Component JB Visa 1.0 - visatype SQL Injection
Joomla! Component JB Visa 1.0 - visatype SQL Injection Exploit Title: Joomla! Component JB Visa 1.0 - SQL Injection Dork: N/A Date: 17.12.2017 Vendor Homepage: http://joombooking.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-visa...
Joomla! Component My Projects 2.0 - SQL Injection
Joomla! Component My Projects 2.0 - SQL Injection Exploit Title: Joomla! Component My Projects 2.0 - SQL Injection Dork: N/A Date: 18.12.2017 Vendor Homepage: http://www.gegabyte.org/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/portfolio/my-projects...
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow PoC CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected...
CDex 1.96 - Buffer Overflow (PoC)
CDex 1.96 - Buffer Overflow PoC !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: CDex 1.96 - Local Stack Buffer Overflow Date: 17-12-2017 Vulnerable Software: CDex 1.96 Unicode Build Vendor Homepage: http://cdex.mu/ Version: v1.96 Software Link: http://cdex.mu/?q=download Teste...
Cells Blog 3.5 - bgid fmid fnid SQL Injection
Cells Blog 3.5 - bgid fmid fnid SQL Injection Exploit Title: Cells Blog 3.5 - SQL Injection Dork: N/A Date: 16.12.2017 Vendor Homepage: http://www.cells.tw/ Software Link: http://www.cells.tw/cells/ Version: 3.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Senc...
Joomla! Component User Bench 1.0 - userid SQL Injection
Joomla! Component User Bench 1.0 - userid SQL Injection Exploit Title: Joomla! Component User Bench 1.0 - SQL Injection Dork: N/A Date: 18.12.2017 Vendor Homepage: http://www.gegabyte.org/ Software Link:...
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...
Outlook for Android - Attachment Download Directory Traversal
Outlook for Android - Attachment Download Directory Traversal ''' There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the...
Sync Breeze 10.2.12 - Denial of Service
Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...
ITGuard-Manager 0.0.0.1 - Remote Code Execution
ITGuard-Manager 0.0.0.1 - Remote Code Execution Vulnerability Title: ITGuard-Manager V0.0.0.1 PreAuth Remote Code Execution Author: Nassim Asrir Contact: [email protected] / @asrirnassim CVE: Waiting ... CVSS:...
Linux kernel 4.10.15 - Race Condition Privilege Escalation
Linux kernel 4.10.15 - Race Condition Privilege Escalation / PoC for CVE-2017-10661, triggers UAF with KASan enabled in kernel 4.10 / include include include include include include include include include include include include include include include include include define RACETIME 1000000 int...
Movie Guide 2.0 - SQL Injection
Movie Guide 2.0 - SQL Injection Exploit Title: Movie Guide 2.0 - SQL Injection Dork: N/A Date: 15.12.2017 Vendor Homepage: http://applebitemedia.com/ Software Link: http://applebitemedia.com/amwdl/AMMovieGuide.tar.gz Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Palo Alto Networks Firewalls - Root Remote Code Execution
Palo Alto Networks Firewalls - Root Remote Code Execution This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface...
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps...
Readymade Video Sharing Script 3.2 - HTML Injection
Readymade Video Sharing Script 3.2 - HTML Injection Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo:...
FS Lynda Clone 1.0 - SQL Injection
FS Lynda Clone 1.0 - SQL Injection...
Multiple OEM - nsd Remote Stack Format String (PoC)
Multiple OEM - nsd Remote Stack Format String PoC STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full...
Linksys WVBR0 - User-Agent Remote Command Injection
Linksys WVBR0 - User-Agent Remote Command Injection !/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ +...
Piwigo 2.9.1 - cat_true cat_false SQL Injection
Piwigo 2.9.1 - cattrue catfalse SQL Injection Exploit Title: Piwigo = 2.9.1 - 'cattrue'/'catfalse' SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://piwigo.org/ Software Link: http://piwigo.org/basics/downloads Version: = 2.9.1 Category: Webapps Tested on: WiN7x64/WIN10X64 CVE:...
Bus Booking Script 1.0 - txtname SQL Injection
Bus Booking Script 1.0 - txtname SQL Injection...
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserializatio...
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Exploit Title: Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability...
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection Exploit Title: Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
vBulletin 5.x - routestring Remote Code Execution
vBulletin 5.x - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that lead...
vBulletin 5 - routestring Remote Code Execution
vBulletin 5 - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads ...
vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion
vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserialization...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memor...