Microsoft Edge 38.14393.1066.0 - COptionsCollectionCacheItem::GetAt Out-of-Bounds Read

Microsoft Edge 38.14393.1066.0 - COptionsCollectionCacheItem::GetAt Out-of-Bounds Read function go select1.multiple = false; var optgroup = document.createElement"optgroup"; select1.addoptgroup; var options = select1.options; select2 = document.createElement"select";...

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is...

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath (Denial of Service)

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the win32k.sys...

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed glyf Table win32k!fsc_CalcGrayRow (Denial of Service)

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed glyf Table win32k!fscCalcGrayRow Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1274 We have encountered a number of Windows kernel crashes in the win32k.sys driver...

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to...

iBall ADSL2+ Home Router - Authentication Bypass

iBall ADSL2+ Home Router - Authentication Bypass Exploit Title: iBall ADSL2+ Home Router Authentication Bypass Vulnerability CVE: CVE-2017-14244 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: iBall ADSL2+ Home Router WRA150N...

Microsoft Windows Kernel - win32k!NtGdiGetPhysicalMonitorDescription Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetPhysicalMonitorDescription Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1268 We have discovered that the nt!NtGdiGetPhysicalMonitorDescription system call discloses portions of uninitialized kernel stack memo...

Digirez 3.4 - Cross-Site Request Forgery (Update Admin)

Digirez 3.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo:...

Apache 2.2.34 2.4.27 - OPTIONS Memory Leak

Apache 2.2.34 2.4.27 - OPTIONS Memory Leak !/usr/bin/env python3 Optionsbleed proof of concept test by Hanno Böck import argparse import urllib3 import re def testbleedurl, args: r = pool.request'OPTIONS', url try: allow = strr.headers"Allow" except KeyError: return False if allow in dup: return...

Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1304 We have discovered that the win32k!NtGdiDoBanding system call discloses portions of uninitialized kernel stack memory to user-mode clients. More...

Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure

Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mo...

Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1275 We have discovered that the nt!NtGdiGetFontResourceInfoInternalW system call discloses portions of uninitialized kernel stack memory...

DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)

DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digiaffiliate.asp?id=7 Demo:...

Microsoft Windows Kernel - win32k!NtQueryCompositionSurfaceBinding Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtQueryCompositionSurfaceBinding Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1307 We have discovered that the win32k!NtQueryCompositionSurfaceBinding system call discloses portions of uninitialized kernel stack memo...

Microsoft Windows Kernel - win32k!NtGdiEngCreatePalette Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiEngCreatePalette Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1276&desc=2 We have discovered that the nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to user-mo...

Digileave 1.2 - Cross-Site Request Forgery (Update Admin)

Digileave 1.2 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digileave 1.2 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digileave.asp?id=1 Demo:...

Netdecision 5.8.2 - Local Privilege Escalation

Netdecision 5.8.2 - Local Privilege Escalation // Netdecision.cpp : Defines the entry point for the console application. / Exploit Title: Netdecision 5.8.2 - Local Privilege Escalation - Winring0x32.sys Date: 2017.09.17 Exploit Author: Peter Baris Vendor Homepage: www.netmechanica.com Software...

WordPress Plugin Content Timeline - SQL Injection

WordPress Plugin Content Timeline - SQL Injection Exploit Title: Multiple Blind SQL Injections Wordpress Plugin: Content Timeline Google Dork: - Date: September 16, 2017 Exploit Author: Jeroen - ITNerdbox Vendor Homepage: http://www.shindiristudio.com/ Software Link:...

Contact Manager 1.0 - femail SQL Injection

Contact Manager 1.0 - femail SQL Injection Exploit Title: Contact Manager 1.0 - SQL Injection Dork: N/A Date: 15.09.2017 Vendor Homepage: http://savsofteproducts.com/ Software Link: http://www.contactmanagerscript.com/download/contactmanager1380185909.zip Demo: http://contactmanagerscript.com/dem...

iTech Gigs Script 1.20 - cat SQL Injection

iTech Gigs Script 1.20 - cat SQL Injection Exploit Title: iTech Gigs Script v1.20 - SQL Injection Date: 2017-09-15 Exploit Author: 8bitsec Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Version: 1.20 Tested on: Kali Linux 2.0 | Mac OS 10.12.6...

PTCEvolution 5.50 - SQL Injection

PTCEvolution 5.50 - SQL Injection Exploit Title: PTCEvolution 5.50 - SQL Injection Dork: N/A Date: 15.09.2017 Vendor Homepage: http://ptcevolution.com/ Software Link: http://www.ptcevolution.com/demoo/ Demo: http://demo.ptcevolution.com/ Version: 5.50 Category: Webapps Tested on:...

UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass

UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability CVE: CVE-2017-14243 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: UTStar...

Adserver Script 5.6 - SQL Injection

Adserver Script 5.6 - SQL Injection Exploit Title: Adserver Script 5.6 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/adserverscript.php Demo: http://adserverscript.gvmhosting.com/ Version: 5.6 Category: Webapp...

Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)

Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'Lockstep Backup for Workgroups %q This module exploits a stack buffer overflow found in Lockstep Backup for Workgroups 'james fitts' , 'License' = MSFLICENSE, 'Version' = '$Revision...

Justdial Clone Script - fid SQL Injection

Justdial Clone Script - fid SQL Injection Exploit Title: Justdial Clone Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/z1mt4303451/php-scripts/justdial-clone-script Demo:...

PTC KSV1 Script 1.7 - type SQL Injection

PTC KSV1 Script 1.7 - type SQL Injection Exploit Title: PTC KSV1 Script 1.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/ptc-ksv1.php Demo: http://www.ksv1demo.gvmhosting.com/ Version: 1.7 Category: Webapps...

EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)

EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'EMC AlphaStor Device Manager Opcode 0x72', 'Description' = %q This module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is...

haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit)

haneWIN DNS Server 1.5.3 - Remote Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'haneWIN DNS Server Buffer Overflow', 'Description' = %q This module exploits a buffer overflow vulnerability found in haneWIN DNS Server 'james fitts' , 'License' = MSFLICENSE, 'References' =...

Theater Management Script - SQL Injection

Theater Management Script - SQL Injection Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo:...

KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow (Metasploit)

KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'KingScada AlarmServer Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in KingScada 'James Fitts' , 'License' = MSFLICENSE,...

EMC AlphaStor Library Manager 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)

EMC AlphaStor Library Manager 4.0 build 910 - Opcode 0x4f Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'EMC AlphaStor Library Manager Opcode 0x4f', 'Description' = %q This module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version 'james...

Enterprise Edition Payment Processor Script 3.7 - SQL Injection

Enterprise Edition Payment Processor Script 3.7 - SQL Injection Exploit Title: Enterprise Edition Payment Processor Script 3.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/payment-processor-script.php Demo:...

Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass

Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass coding: utf-8 Exploit Title: Humax HG100R- Authentication Bypass Date: 14/09/2017 Exploit Author: Kivson Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-11435 The Humax Wi-Fi Router model HG100...

Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)

Cloudview NMS 2.00b - Writable Directory Traversal Execution Metasploit require 'msf/core' class MetasploitModule "Cloudview NMS 2.00b Writable Directory Traversal Execution", 'Description' = %q This module exploits a vulnerability found in Cloudview NMS server. The software contains a directory...

ICHelpDesk 1.1 - pk SQL Injection

ICHelpDesk 1.1 - pk SQL Injection Exploit Title: Support Tickets Helpdesk PHP Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/support-tickets-helpdesk-script.htm Demo:...

Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)

Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' =...

Cloudview NMS 2.00b - Arbitrary File Upload (Metasploit)

Cloudview NMS 2.00b - Arbitrary File Upload Metasploit require 'msf/core' class MetasploitModule 'Cloudview NMS File Upload', 'Description' = %q This module exploits a file upload vulnerability found within Cloudview NMS 'james fitts' , 'License' = MSFLICENSE, 'References' = 'URL', '0day' ,...

Alienvault OSSIM av-centerd 4.7.0 - get_log_line Command Injection (Metasploit)

Alienvault OSSIM av-centerd 4.7.0 - getlogline Command Injection Metasploit require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline...

Motorola Netopia Netoctopus SDCS - Remote Stack Buffer Overflow (Metasploit)

Motorola Netopia Netoctopus SDCS - Remote Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'Motorola Netopia Netoctopus SDCS Stack Buffer Overflow', 'Description' = %q This module exploits a vulnerability within the code responsible for parsing client requests. When...

ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)

ZScada Modbus Buffer 2.0 - Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'ZScada Net Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Z-Scada Net 2.0. The vulnerability is triggered when parsing the response to a Modbus...

Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)

Indusoft Web Studio - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Indusoft Web Studio Directory Traversal', 'Description' = %q This module exploits a flaw found in Indusoft Web Studio 'James Fitts' , 'License' = MSFLICENSE, 'Version' =...

ICMLM 2.1 - key SQL Injection

ICMLM 2.1 - key SQL Injection Exploit Title: MLM Software Script 2.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/mlm-script.htm Demo: http://www.icloudcenter.net/demos/icmlm/ Version: 2.1 Category: Webapps...

ICLowBidAuction 3.3 - SQL Injection

ICLowBidAuction 3.3 - SQL Injection Exploit Title: Unique Low Bid Auction Script 3.3 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/unique-low-bid-auction-script.htm Demo:...

Mako Web Server 2.5 - Multiple Vulnerabilities

Mako Web Server 2.5 - Multiple Vulnerabilities + SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

ICSiteBuilder 1.1 - SQL Injection

ICSiteBuilder 1.1 - SQL Injection Exploit Title: Website Builder Script With e-Commerce 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/site-builder-script.htm Demo: http://icloudcenter.net/demos/icsitebuilder...

ICCallLimousine 1.1 - key SQL Injection

ICCallLimousine 1.1 - key SQL Injection Exploit Title: Car Rental Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/limousine-car-hire-script.html Demo: http://icloudcenter.net/demos/iccalllimousine/...

ICStudents 1.2 - key SQL Injection

ICStudents 1.2 - key SQL Injection Exploit Title: Students Course Assessment Test Script 1.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/student-course-assessment-test-script.htm Demo:...

ICClassifieds 1.1 - SQL Injection

ICClassifieds 1.1 - SQL Injection Exploit Title: Classifieds Software Script Like Craigslist 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/craigslist-like-classifieds-script.htm Demo:...

ICProductConfigurator 1.1 - key SQL Injection

ICProductConfigurator 1.1 - key SQL Injection Exploit Title: Customized Products Shopping Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/bpProductConfigurator.htm Demo:...

ICProjectBidding 1.1 - SQL Injection

ICProjectBidding 1.1 - SQL Injection Exploit Title: Project Bidding Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/projectbiddingscript.htm Demo: http://www.icloudcenter.net/demos/icprojectbidding/...