Joomla! Component JBuildozer 1.4.1 - appid SQL Injection

Joomla! Component JBuildozer 1.4.1 - appid SQL Injection Exploit Title: Joomla! Component JBuildozer 1.4.1 - SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://jbuildozer.com/ Software Link:...

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to ind...

Vivotek IP Cameras - Remote Stack Overflow (PoC)

Vivotek IP Cameras - Remote Stack Overflow PoC STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials...

Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms

Apple XNU Kernel - Memory Corruption due to Integer Overflow in offsetof Usage in posixspawn on 32-bit Platforms posixspawn is a complex syscall which takes a lot of arguments from userspace. The third argument is a pointer to a further arguments descriptor in userspace with the following structu...

Apple macOSiOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling

Apple macOSiOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct...

Apple macOSiOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient

Apple macOSiOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the...

Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload

Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/...

Muslim Matrimonial Script 3.02 - succid SQL Injection

Muslim Matrimonial Script 3.02 - succid SQL Injection Exploit Title: Muslim Matrimonial Script 3.02 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/matrimonial-script/ Version: 3.02 Category: Webapps...

Multiplex Movie Theater Booking Script 3.1.5 - moid eid SQL Injection

Multiplex Movie Theater Booking Script 3.1.5 - moid eid SQL Injection Exploit Title: Multiplex Movie Theater Booking Script 3.1.5 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

Freelance Website Script 2.0.6 - pr_id catid SQL Injection

Freelance Website Script 2.0.6 - prid catid SQL Injection Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6...

Lawyer Search Script 1.1 - lawyer-list?city SQL Injection

Lawyer Search Script 1.1 - lawyer-list?city SQL Injection Exploit Title: Lawyer Search Script 1.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/lawyer-script/ Version: 1.1 Category: Webapps Tested...

Vanguard 1.4 - Arbitrary File Upload

Vanguard 1.4 - Arbitrary File Upload Exploit Title: Vanguard - Marketplace Digital Products PHP 1.4 - Arbitrary File Upload Dork: N/A Date: 11.12.2017 Vendor Homepage: https://www.codegrape.com/user/Vanguard/portfolio Software Link:...

Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (2)

Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page 2 / The code is modified from https://www.exploit-db.com/exploits/43199/ / define GNUSOURCE include include include include include include include include include include include include define TRIESPERPAGE 20000000 define PAGESIZE...

Apple macOS - necp_get_socket_attributes so_pcb Type Confusion

Apple macOS - necpgetsocketattributes sopcb Type Confusion / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes i...

Facebook Clone Script 1.0 - id send SQL Injection

Facebook Clone Script 1.0 - id send SQL Injection Exploit Title: Facebook Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/facebook-clone/ Demo:...

Hot Scripts Clone 3.1 - subctid mctid SQL Injection

Hot Scripts Clone 3.1 - subctid mctid SQL Injection Exploit Title: Hot Scripts Clone 3.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/ Version: 3.1 Category:...

Advanced Real Estate Script 4.0.7 - SQL Injection

Advanced Real Estate Script 4.0.7 - SQL Injection Exploit Title: Advanced Real Estate Script 4.0.7 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-real-estate-script/ Version: 4.0.7 Category...

Responsive Events Movie Ticket Booking Script 3.2.1 - findcity.php?q SQL Injection

Responsive Events Movie Ticket Booking Script 3.2.1 - findcity.php?q SQL Injection Exploit Title: Responsive Events & Movie Ticket Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

Professional Service Script 1.0 - service-list?city SQL Injection

Professional Service Script 1.0 - service-list?city SQL Injection Exploit Title: Professional Service Script 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/professional-service-script/ Version:...

Multireligion Responsive Matrimonial 4.7.2 - succid SQL Injection

Multireligion Responsive Matrimonial 4.7.2 - succid SQL Injection Exploit Title: Multireligion Responsive Matrimonial 4.7.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

Single Theater Booking Script 3.2.1 - findcity.php?q SQL Injection

Single Theater Booking Script 3.2.1 - findcity.php?q SQL Injection Exploit Title: Single Theater Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/single-theater-booking-script/...

MLM Forex Market Plan Script 2.0.4 - newid eventid SQL Injection

MLM Forex Market Plan Script 2.0.4 - newid eventid SQL Injection Exploit Title: MLM Forex Market Plan Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/ Versio...

Entrepreneur Bus Booking Script 3.0.4 - sourcebus SQL Injection

Entrepreneur Bus Booking Script 3.0.4 - sourcebus SQL Injection Exploit Title: Entrepreneur Bus Booking Script 3.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/...

Online Exam Test Application Script 1.6 - exams.php?sort SQL Injection

Online Exam Test Application Script 1.6 - exams.php?sort SQL Injection Exploit Title: Online Exam Test Application Script 1.6 - 'Exams.php 'sort' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

Opensource Classified Ads Script 3.2 - SQL Injection

Opensource Classified Ads Script 3.2 - SQL Injection...

Yoga Class Script 1.0 - list?city SQL Injection

Yoga Class Script 1.0 - list?city SQL Injection Exploit Title: Yoga Class Script 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/yoga-class-script/ Version: 1.0 Category: Webapps Tested on:...

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential...

Food Order Script 1.0 - list?city SQL Injection

Food Order Script 1.0 - list?city SQL Injection Exploit Title: Food Order Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/food-order-script-2/ Demo:...

Kickstarter Clone Acript 2.0 - projid SQL Injection

Kickstarter Clone Acript 2.0 - projid SQL Injection Exploit Title: Kickstarter Clone Acript 2.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/kickstarter-clone-script/ Version: 2.0 Category: Webapp...

PHP Multivendor Ecommerce 1.0 - sid searchcat chid1 SQL Injection

PHP Multivendor Ecommerce 1.0 - sid searchcat chid1 SQL Injection Exploit Title: PHP Multivendor Ecommerce 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-multivendor-ecommerce/ Version: 1.0...

MLM Forced Matrix 2.0.9 - newid SQL Injection

MLM Forced Matrix 2.0.9 - newid SQL Injection Exploit Title: MLM Forced Matrix 2.0.9 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forced-matrix/ Version: 2.0.9 Category: Webapps Tested on:...

Groupon Clone Script 3.01 - state_id search SQL Injection

Groupon Clone Script 3.01 - stateid search SQL Injection Exploit Title: Groupon Clone Script 3.01 - 'stateid' 's' SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Version: 3.01...

Readymade Video Sharing Script 3.2 - SQL Injection

Readymade Video Sharing Script 3.2 - SQL Injection Exploit Title: Readymade Video Sharing Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Category:...

Responsive Realestate Script 3.2 - property-list?tbud SQL Injection

Responsive Realestate Script 3.2 - property-list?tbud SQL Injection Exploit Title: Responsive Realestate Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-realestate-script/...

Vanguard 1.4 - SQL Injection

Vanguard 1.4 - SQL Injection Exploit Title: Vanguard - Marketplace Digital Products PHP 1.4 - SQL Injection Dork: N/A Date: 11.12.2017 Vendor Homepage: https://www.codegrape.com/user/Vanguard/portfolio Software Link: https://www.codegrape.com/item/vanguard-marketplace-digital-products-php/15825...

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...

Resume Clone Script 2.0.5 - SQL Injection

Resume Clone Script 2.0.5 - SQL Injection Exploit Title: Resume Clone Script 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/resume-builder-script/ Version: 2.0.5 Category: Webapps Tested on:...

LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow

LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow Source: http://bugzilla.maptools.org/showbug.cgi?id=2750 The vulnerability is triggered by ./tools/pal2rgb $FILE /dev/null The asan debug information is below: TIFFFetchNormalTag: Warning, IO error during reading of "XResolution"; tag ignored...

Readymade PHP Classified Script 3.3 - subctid mctid SQL Injection

Readymade PHP Classified Script 3.3 - subctid mctid SQL Injection Exploit Title: Readymade PHP Classified Script 3.3 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advance-olx-clone/ Version: 3.3...

Laundry Booking Script 1.0 - list?city SQL Injection

Laundry Booking Script 1.0 - list?city SQL Injection Exploit Title: Laundry Booking Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/laundry-booking-script/ Version: 1.0 Category: Webapps...

Secure E-commerce Script 2.0.1 - searchcat searchmain SQL Injection

Secure E-commerce Script 2.0.1 - searchcat searchmain SQL Injection Exploit Title: Secure E-commerce Script 2.0.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/secure-e-commerce-script/ Version:...

Multivendor Penny Auction Clone Script 1.0 - SQL Injection

Multivendor Penny Auction Clone Script 1.0 - SQL Injection Exploit Title: Multivendor Penny Auction Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/penny-auction-script/ Version: 1.0...

Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation

Linux Kernel 4.13 Debian 9 - Local Privilege Escalation / disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define...

Foodspotting Clone Script 1.0 - quicksearch.php?q SQL Injection

Foodspotting Clone Script 1.0 - quicksearch.php?q SQL Injection Exploit Title: Foodspotting Clone Script 1.0 - 'q' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0...

Car Rental Script 2.0.4 - val SQL Injection

Car Rental Script 2.0.4 - val SQL Injection Exploit Title: Car Rental Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/car-rental-script/ Version: 2.0.4 Category: Webapps Tested on:...

MikroTik 6.40.5 ICMP - Denial of Service

MikroTik 6.40.5 ICMP - Denial of Service include include include include include include include include define handlei htonsi define cicmp 32 define aicmp aflags & cicmp define sendingp if sendtorawsock,&packet,sizeof packet,0,struct sockaddr &victim,sizeof victim srcep || dstsp != 0...

Basic Job Site Script 2.0.5 - SQL Injection

Basic Job Site Script 2.0.5 - SQL Injection Ver Ayari...

Apple macOS - getrusage Stack Leak Through struct Padding

Apple macOS - getrusage Stack Leak Through struct Padding / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to...

Advanced World Database 2.0.5 - SQL Injection

Advanced World Database 2.0.5 - SQL Injection Exploit Title: Advanced World Database 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-world-database/ Version: 2.0.5 Category: Webapps...

Linux Kernel - mincore() Heap Page Disclosure (PoC)

Linux Kernel - mincore Heap Page Disclosure PoC / The source is modified from https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I try to find out infomation useful from the infoleak The kernel address can be easily found out from the uninitialized memory leaked from kernel, which can...