41207 matches found
Iopsys Router - dhcp Remote Code Execution
Iopsys Router - dhcp Remote Code Execution !/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol:...
Vitek - Remote Command Execution Information Disclosure (PoC)
Vitek - Remote Command Execution Information Disclosure PoC STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22,...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE :...
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) Double-Write Ring-0 Address Leak
Microsoft Windows Kernel - NtQueryVirtualMemoryMemoryMappedFilenameInformation Double-Write Ring-0 Address Leak / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a...
Samsung Internet Browser - SOP Bypass (Metasploit)
Samsung Internet Browser - SOP Bypass Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a...
Conarc iChannel - Improper Access Restrictions
Conarc iChannel - Improper Access Restrictions Exploit Title: Conarc iChannel - Unauthenticated Access/Default Webserver Misconfiguration allows for compromise of server Date: 2017-12-19 Exploit Author: Information Paradox CVE : CVE-2017-17759 https://affectedserver/wc.dll?wwMaintEditConfig The...
Ability Mail Server 3.3.2 - Cross-Site Scripting
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...
Microsoft Windows - jscript!RegExpFncObj::LastParen Out-of-Bounds Read
Microsoft Windows - jscript!RegExpFncObj::LastParen Out-of-Bounds Read function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; r rax=0000000000000063 rbx=000000000476fd90 rcx=0000000000000063 rdx=0000000000000064 rsi=000000000476fd90 rdi=000007fef23d37d0...
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD var s = 'a'; forvar i=0;i...
Microsoft Windows - jscript!JsArraySlice Uninitialized Variable
Microsoft Windows - jscript!JsArraySlice Uninitialized Variable var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issu...
Microsoft Windows - jscript.dll Array.sort Heap Overflow
Microsoft Windows - jscript.dll Array.sort Heap Overflow var vars = new Array100; var arr = new Array1000; forvar i=1;i !-- ========================================= Technical details: Array.sort is implemented in JsArraySort which, depending if a comparison function was specified or not, calls...
Microsoft Windows - jscript!NameTbl::GetValDef Use-After-Free
Microsoft Windows - jscript!NameTbl::GetValDef Use-After-Free var vars = new Array100; forvar i=0;i !-- ============================================ PoC for WPAD might require page heap to trigger the crash: ============================================ function...
Ichano AtHome IP Cameras - Multiple Vulnerabilities
Ichano AtHome IP Cameras - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into...
Microsoft Internet Explorer 11 - jscript!JSONStringifyObject Use-After-Free
Microsoft Internet Explorer 11 - jscript!JSONStringifyObject Use-After-Free var o1 = toJSON:function alert'o1'; return o2; var o2 = toJSON:function alert'o2'; CollectGarbage; return 'x'; JSON.stringifyo1; g df8.e48: Access violation - code c0000005 first chance First chance exceptions are reporte...
Intel Content Protection HECI Service - Type Confusion Privilege Escalation
Intel Content Protection HECI Service - Type Confusion Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege...
Joomla! Component NextGen Editor 2.1.0 - plname SQL Injection
Joomla! Component NextGen Editor 2.1.0 - plname SQL Injection Exploit Title: Joomla! Component NextGen Editor 2.1.0 - SQL Injection Dork: N/A Date: 19.12.2017 Vendor Homepage: hhttp://nextgeneditor.com/ Software Link: https://extensions.joomla.org/extension/nextgen-editor/ Software Download:...
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control
Trend Micro Smart Protection Server - Session Hijacking Log File Disclosure Remote Command Execution Cron Job Injection Local File Inclusion Stored Cross-Site Scripting Improper Access Control Trend Micro Smart Protection Server Multiple Vulnerabilities 1. Advisory Information Title:: Trend Micro...
BrightSign Digital Signage - Multiple Vulnerablities
BrightSign Digital Signage - Multiple Vulnerablities Exploit Title: BrightSign Digital Signage Multiple Vulnerabilities Date: 12/15/17 Exploit Author: [email protected] Vectors: XSS, Directory Traversal, File Modification, Information Leakage The BrightSign Digital Signage 4k242 device...
CDex 1.96 - Buffer Overflow (PoC)
CDex 1.96 - Buffer Overflow PoC !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: CDex 1.96 - Local Stack Buffer Overflow Date: 17-12-2017 Vulnerable Software: CDex 1.96 Unicode Build Vendor Homepage: http://cdex.mu/ Version: v1.96 Software Link: http://cdex.mu/?q=download Teste...
Outlook for Android - Attachment Download Directory Traversal
Outlook for Android - Attachment Download Directory Traversal ''' There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the...
Joomla! Component Guru Pro - promocode SQL Injection
Joomla! Component Guru Pro - promocode SQL Injection Exploit Title: Joomla! Component Guru Pro 'promocode'- SQL Injection Dork: N/A Date: 17.12.2017 Vendor Homepage: https://www.ijoomla.com/ Software Link:...
Cells Blog 3.5 - bgid fmid fnid SQL Injection
Cells Blog 3.5 - bgid fmid fnid SQL Injection Exploit Title: Cells Blog 3.5 - SQL Injection Dork: N/A Date: 16.12.2017 Vendor Homepage: http://www.cells.tw/ Software Link: http://www.cells.tw/cells/ Version: 3.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Senc...
GoAhead Web Server 2.5 3.6.5 - HTTPd LD_PRELOAD Remote Code Execution
GoAhead Web Server 2.5 3.6.5 - HTTPd LDPRELOAD Remote Code Execution !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...
Joomla! Component JB Visa 1.0 - visatype SQL Injection
Joomla! Component JB Visa 1.0 - visatype SQL Injection Exploit Title: Joomla! Component JB Visa 1.0 - SQL Injection Dork: N/A Date: 17.12.2017 Vendor Homepage: http://joombooking.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-visa...
Joomla! Component User Bench 1.0 - userid SQL Injection
Joomla! Component User Bench 1.0 - userid SQL Injection Exploit Title: Joomla! Component User Bench 1.0 - SQL Injection Dork: N/A Date: 18.12.2017 Vendor Homepage: http://www.gegabyte.org/ Software Link:...
Joomla! Component My Projects 2.0 - SQL Injection
Joomla! Component My Projects 2.0 - SQL Injection Exploit Title: Joomla! Component My Projects 2.0 - SQL Injection Dork: N/A Date: 18.12.2017 Vendor Homepage: http://www.gegabyte.org/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/portfolio/my-projects...
Ciuis CRM 1.0.7 - SQL Injection
Ciuis CRM 1.0.7 - SQL Injection Exploit Title: Ciuis CRM v 1.0.7 Sql Injection Google Dork: if applicable Date: 12/15/2017 Exploit Author: Zahid Abbasi Contact: http://twitter.com/zahidsec Website: http://zahidabbasi.com Vendor Homepage: http://ciuis.com/ Software Link:...
Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload Remote Code Execution
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Remote Code Execution Exploit Title: Monstra CMS - 3.0.4 RCE Vendor Homepage: http://monstra.org/ Software Link: https://bitbucket.org/Awilum/monstra/downloads/monstra-3.0.4.zip Discovered by: Ishaq Mohammed Contact:...
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow PoC CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected...
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...
ITGuard-Manager 0.0.0.1 - Remote Code Execution
ITGuard-Manager 0.0.0.1 - Remote Code Execution Vulnerability Title: ITGuard-Manager V0.0.0.1 PreAuth Remote Code Execution Author: Nassim Asrir Contact: [email protected] / @asrirnassim CVE: Waiting ... CVSS:...
Movie Guide 2.0 - SQL Injection
Movie Guide 2.0 - SQL Injection Exploit Title: Movie Guide 2.0 - SQL Injection Dork: N/A Date: 15.12.2017 Vendor Homepage: http://applebitemedia.com/ Software Link: http://applebitemedia.com/amwdl/AMMovieGuide.tar.gz Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Sync Breeze 10.2.12 - Denial of Service
Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...
Linux kernel 4.10.15 - Race Condition Privilege Escalation
Linux kernel 4.10.15 - Race Condition Privilege Escalation / PoC for CVE-2017-10661, triggers UAF with KASan enabled in kernel 4.10 / include include include include include include include include include include include include include include include include include define RACETIME 1000000 int...
Linksys WVBR0 - User-Agent Remote Command Injection
Linksys WVBR0 - User-Agent Remote Command Injection !/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ +...
Palo Alto Networks Firewalls - Root Remote Code Execution
Palo Alto Networks Firewalls - Root Remote Code Execution This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface...
Multiple OEM - nsd Remote Stack Format String (PoC)
Multiple OEM - nsd Remote Stack Format String PoC STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full...
Readymade Video Sharing Script 3.2 - HTML Injection
Readymade Video Sharing Script 3.2 - HTML Injection Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo:...
Bus Booking Script 1.0 - txtname SQL Injection
Bus Booking Script 1.0 - txtname SQL Injection...
Piwigo 2.9.1 - cat_true cat_false SQL Injection
Piwigo 2.9.1 - cattrue catfalse SQL Injection Exploit Title: Piwigo = 2.9.1 - 'cattrue'/'catfalse' SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://piwigo.org/ Software Link: http://piwigo.org/basics/downloads Version: = 2.9.1 Category: Webapps Tested on: WiN7x64/WIN10X64 CVE:...
FS Lynda Clone 1.0 - SQL Injection
FS Lynda Clone 1.0 - SQL Injection...
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection
Paid To Read Script 2.0.5 - uid fnum fn SQL Injection Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps...
vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion
vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserialization...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memor...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability...
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Exploit Title: Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
vBulletin 5.x - routestring Remote Code Execution
vBulletin 5.x - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that lead...
vBulletin 5 - routestring Remote Code Execution
vBulletin 5 - routestring Remote Code Execution SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads ...
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserializatio...
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection Exploit Title: Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...