41207 matches found
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product:...
Wireshark 2.2.6 - IPv6 Dissector Denial of Service
Wireshark 2.2.6 - IPv6 Dissector Denial of Service Build Information: TShark Wireshark 2.3.0 v2.3.0rc0-3369-g2e2ba64b72 Copyright 1998-2017 Gerald Combs and contributors. License GPLv2+: GNU GPL version 2 or later This is free software; see the source for copying conditions. There is NO warranty;...
Parallels Desktop - Virtual Machine Escape
Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...
Subsonic 6.1.1 - XML External Entity Injection
Subsonic 6.1.1 - XML External Entity Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: ===============...
WordPress Plugin Event List 0.7.8 - SQL Injection
WordPress Plugin Event List 0.7.8 - SQL Injection Exploit Title: WordPress Plugin Event List = 0.7.8 - SQL Injection Date: 04-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://wordpress.org/plugins/event-list/ Version: 0.7.8 CVE : CVE-2017-9429 Category: webapp...
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution !/usr/bin/env python coding: utf8 EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution Vendor: EnGenius Technologies Inc. Product web page: https://www.engeniustech.com Affected version: ESR300 1.4.9...
Joomla! Component Payage 2.05 - aid SQL Injection
Joomla! Component Payage 2.05 - aid SQL Injection Exploit Title: Joomla Payage 2.05 - SQL Injection Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Mojtaba Kazemi Vendor Home : https://extensions.joomla.org/extensions/extension/e-commerce/payment-systems/payage/ My Home :...
WordPress Plugin WP-Testimonials 3.4.1 - SQL Injection
WordPress Plugin WP-Testimonials 3.4.1 - SQL Injection Exploit Title: WP-Testimonials 3.4.1 Union Based SQL Injection Date: 03-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/ Vendor Homepage:...
reiserfstune 3.6.25 - Local Buffer Overflow
reiserfstune 3.6.25 - Local Buffer Overflow + Title: reiserfstune 3.6.25 – Local Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A - Download -...
Disk Sorter 9.7.14 - Input Directory Local Buffer Overflow (PoC)
Disk Sorter 9.7.14 - Input Directory Local Buffer Overflow PoC !/usr/bin/python Exploit Title: DiskSorter v9.7.14 - Input Directory Local Buffer Overflow - PoC Date: 25 May 2017 Exploit Author: n3ckD Vendor Homepage: http://www.disksorter.com/ Software Link:...
Sungard eTRAKiT3 3.2.1.17 - SQL Injection
Sungard eTRAKiT3 3.2.1.17 - SQL Injection Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticat...
HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution
HPE Intelligent Management Center iMC 7.2 E0403P10 - Code Execution Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 E0403P10 Enterprise, this vulnerability leads to an exploitable remote code...
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting tree.parent; Frame openerFrame = mframe-loader.opener; Frame ownerFrame = parentFrame; if !ownerFrame ownerFrame = openerFrame; if !ownerFrame didFailToInitializeSecurityOrigin; return;...
WebKit - Element::setAttributeNodeNS Use-After-Free
WebKit - Element::setAttributeNodeNS Use-After-Free Element::setAttributeNodeNSAttr& attrNode ... setAttributeInternalindex, attrNode.qualifiedName, attrNode.value, NotInSynchronizationOfLazyAttribute; attrNode.attachToElementthis; treeScope.adoptIfNeededattrNode;...
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read Exploit title : Arbitry file reading by authenticated users on Riverbed SteelHead VCX Vendor: Riverbed Author: Gregory DRAPERI Date: 03/2017 Software Link:...
WebKit - CachedFrameBase::restore Universal Cross-Site Scripting
WebKit - CachedFrameBase::restore Universal Cross-Site Scripting Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w =...
WebKit - Document::prepareForDestruction CachedFrame Universal Cross-Site Scripting
WebKit - Document::prepareForDestruction CachedFrame Universal Cross-Site Scripting Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function waitForcheck, cb let it = setInterval = if check clearIntervalit; cb; , 10; window.onclick = ...
CMS Web-Gooroo 1.141 - Multiple Vulnerabilities
CMS Web-Gooroo 1.141 - Multiple Vulnerabilities Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad...
WebKit JSC - JSObject::ensureLength ensureLengthSlow Check Failure
WebKit JSC - JSObject::ensureLength ensureLengthSlow Check Failure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1165 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength...
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if...
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - Remote Code Execution !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh...
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform...
OV3 Online Administration 3.0 - SQL Injection
OV3 Online Administration 3.0 - SQL Injection OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for...
Trend Micro Deep Security 6.5 - XML External Entity Injection Local Privilege Escalation Remote Code Execution
Trend Micro Deep Security 6.5 - XML External Entity Injection Local Privilege Escalation Remote Code Execution The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delive...
TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution
TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution Source: https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/ !/usr/bin/python coding: utf8 Exploit: Unauthenticated RCE as root. Vendor: TerraMaster Product: TOS import sys import requests def upload...
TiEmu 2.08 - Local Buffer Overflow
TiEmu 2.08 - Local Buffer Overflow !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: Windows 7 32 bits Description: TiEmu Texas Instrument Emulator 2.08 and prior is prone to a stack-based buffer...
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, lo...
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting Remote Code Execution Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster...
uc-http Daemon - Local File Inclusion Directory Traversal
uc-http Daemon - Local File Inclusion Directory Traversal ''' | \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | |...
Microsoft MsMpEng - Use-After-Free via Saved Callers
Microsoft MsMpEng - Use-After-Free via Saved Callers Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1259 In JsRuntimeState::setCaller, it saves the current caller in the JsRuntimeState objectrcx+158h in 64-bit. But the garbage collector doesn't mark this saved value. So it...
Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine
Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing t...
Piwigo Plugin Facetag 0.0.3 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - SQL Injection Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shai...
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL:...
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1261 A detailed introduction to MsMpEng can be found in issue 1252 , so I will skip the background story here. Through fuzzing, we have discovered a number of ways...
CERIO DT-100G-NDT-300NCW-300N - Multiple Vulnerabilities
CERIO DT-100G-NDT-300NCW-300N - Multiple Vulnerabilities CERIO 11nbg 2.4Ghz High Power Wireless Router pekcmd Rootshell Backdoors Vendor: CERIO Corporation Product web page: http://www.cerio.com.tw Affected version: DT-100G-N fw: Cen-WR-G2H5 v1.0.6 DT-300N fw: Cen-CPE-N2H10A v1.0.14 DT-300N fw:...
QWR-1104 Wireless-N Router - Cross-Site Scripting
QWR-1104 Wireless-N Router - Cross-Site Scripting Exploit Title: Aries QWR-1104 Wireless-N Router Execute JavaScript in Wireless Site Survey page. Date: 26-05-2017 Vendor Homepage : http://www.ariesnetworks.net/ Firmware Version: WRC.253.2.0913 Exploit Author: Touhid M.Shaikh Contact:...
Home Web Server 1.9.1 (build 164) - Remote Code Execution
Home Web Server 1.9.1 build 164 - Remote Code Execution Exploit Title: Home Web Server 1.9.1 build 164 - CGI Remote Code Execution Date: 26/05/2017 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor...
Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write
Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write // Source: https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/ // // v8 exploit for https://crbug.com/716044 var oobrw = null; var leak = null; var arbrw = null; var code = function return 1; code; class BuggyArray extend...
JAD Java Decompiler 1.5.8e - Local Buffer Overflow
JAD Java Decompiler 1.5.8e - Local Buffer Overflow !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prior is prone ...
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT...
Mozilla Firefox 53 - ConvolvePixel Memory Disclosure
Mozilla Firefox 53 - ConvolvePixel Memory Disclosure /home/worker/workspace/build/src/gfx/2d/FilterNodeSoftware.cpp:2358 2 0x7f8d3fcd397d in alreadyAddRefedmozilla::gfx::Data...
Sophos Cyberoam - Cross-site scripting
Sophos Cyberoam - Cross-site scripting Exploit Title: Sophos Cyberoam – Cross-site scripting XSS vulnerability Date: 25/05/2017 Exploit Author: Bhadresh Patel Version: = Firmware Version 10.6.4 CVE : CVE-2016-9834 This is an article with video tutorial for Sophos Cyberoam – Cross-site scripting X...
Mozilla Firefox 53 - gfxTextRun Out-of-Bounds Read
Mozilla Firefox 53 - gfxTextRun Out-of-Bounds Read .class1 float: left; white-space: pre-line; .class2 border-bottom-style: solid; font-face: Arial; font-size: 7ex; function go menuitem.appendChilddocument.body.firstChild; canvas.toBlobcallback; function callback var s = menu.style;...
Sandboxie 5.18 - Local Denial of Service
Sandboxie 5.18 - Local Denial of Service author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: Sandboxie version 5.18 local Dos Exploit Date: 2017.05.25 Exploit Author: Greg Priest Version: Sandboxie version 5.18 ... Released on 13 April 2017...
Apple Safari 10.0.3(12602.4.8) WebKit - HTMLObjectElement::updateWidget Universal Cross-Site Scripting
Apple Safari 10.0.312602.4.8 WebKit - HTMLObjectElement::updateWidget Universal Cross-Site Scripting url; ... if !allowedToLoadFrameURLurl return; ... bool beforeLoadAllowedLoad = guardedDispatchBeforeLoadEventurl; ... bool success = beforeLoadAllowedLoad && hasValidClassId; if success success =...
WebKit - FrameLoader::clear Stealing Variables via Page Navigation
WebKit - FrameLoader::clear Stealing Variables via Page Navigation pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html'...
Apple WebKit Safari 10.0.3(12602.4.8) - Editor::Command::execute Universal Cross-Site Scripting
Apple WebKit Safari 10.0.312602.4.8 - Editor::Command::execute Universal Cross-Site Scripting document-updateLayoutIgnorePendingStylesheets; return mcommand-executemframe, triggeringEvent, msource, parameter; This method is invoked under an |EventQueueScope|. But...
WebKit - enqueuePageshowEvent enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - enqueuePageshowEvent enqueuePopstateEvent Universal Cross-Site Scripting view-frame.page; frame.tree.appendChildchildFrame-view-frame; childFrame-open; enqueuePageshowEventPageshowEventPersisted; HistoryItem historyItem = frame.loader.history.currentItem; if historyItem &&...
WebKit - ContainerNode::parserInsertBefore Universal Cross-Site Scripting
WebKit - ContainerNode::parserInsertBefore Universal Cross-Site Scripting Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=1146 https://bugs.chromium.org/p/chromium/issues/detail?id=519558 VULNERABILITY DETAILS From /WebKit/Source/core/dom/ContainerNode.cpp: ---------------- voi...