39001 matches found
Chrome V8 - Runtime_RegExpReplace Integer Overflow Exploit
Exploit for multiple platform in category dos / poc / Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc ...
Pdfium - Pattern Shading Integer Overflows Exploit
Exploit for multiple platform in category dos / poc This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in...
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace Exploit
Exploit for multiple platform in category dos / poc Related to issue 1490 . When parsing ShadingPatterns; according to the specification they shouldn't be permitted to have a pattern colorspace as their base colorspace, but this is not validated, leading to out-of-bounds reads when rendering usin...
Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly (2)
Exploit for windows platform in category dos / poc It seems this is the patch for the bug. https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a The following two cases will bypass the fix. 1: function opt let obj = new Number2.3023e-320; for let i = 0...
Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion Exploit
Exploit for windows platform in category dos / poc / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructions to perform it...
Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion Exploit
Exploit for windows platform in category dos / poc / This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call flow:...
Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions Exploit
Exploit for windows platform in category dos / poc / If a native array is used as a prototype, it is converted to a Var array by the Js::JavascriptNativeFloatArray::SetIsPrototype method. In the JIT compiler, it uses InitProto instructions to set object literals' prototype. But when optimizing...
userSpice 4.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Application UserSpice PHP user management Vulnerability userSpice alert"1"&csrf=8b1339546d6af1e7536da0a705302e9c&updatebio= Vulnerable code: id?" class="nounderline"id? 0day.today 2018-02-21...
SOA School Management - access_login SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SOA - School Management Software with Integrated Parents/Students Portal & Mobile App - 'accesslogin' SQL Injection Dork: N/A Date: 2018-02-14 Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage:...
TrendNet AUTHORIZED_GROUP Information Disclosure Vulnerability
Exploit for hardware platform in category web applications TrendNet AUTHORIZEDGROUP Information Disclosure Full report: https://blogs.securiteam.com/index.php/archives/3627 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes an information disclosur...
Social Oauth Login PHP - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Social Oauth Login PHP - Authentication Bypass Dork: N/A Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://www.codester.com/items/4554/social-oauth-login-php Version: All version Category: Webapps...
NAT32 2.2 Build 22284 - Remote Command Execution Vulnerability
Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CVE...
NAT32 2.2 Build 22284 - Cross-Site Request Forgery Vulnerability
Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CSRF CVE...
GNU binutils 2.26.1 - Integer Overflow (POC) Exploit
Exploit for windows platform in category dos / poc Exploit Title: Objdump - Integer Overflow Crash POC Exploit Author: r4xis Tested Version: 2.26.1 Vuln Version: \nint mainprintf"HelloWorld!\n"; return 0;" f = open"helloWorld.c", 'w' f.writehello f.close os.system"gcc -c helloWorld.c -o test"...
News Website Script 2.0.4 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title:News Website Script - SQL Injection Error Based Google Dork: NA Date: 12.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://under24usd.com/demo/newstoday/index.php Version...
Ciesto Solutions ERP System SQL Injection Vulnerability
Ciesto Solutions ERP System suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Ciesto Solutions ERP System - Authentication Bypass Dork: N/A Date: 11.02.2018 Vendor Homepage: https://ciestosolutions.com/ Software Link:...
TypeSetter CMS 5.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com...
Advantech WebAccess 8.3.0 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: email protected / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...
TypeSetter CMS 5.1 - Host Header Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: TypeSetter CMS 5.1 Host Header Injection Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : N...
Readymade Video Sharing Script 3.2 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Readymade Video Sharing Script - SQL Injection Error Based Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3...
LogicalDOC Enterprise 7.7.4 - Directory Traversal Vulnerability
Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...
Juju-run Agent Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software "units" without setting...
LogicalDOC Enterprise 7.7.4 - User Enumeration Vulnerability
Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document...
SoapUI 5.3.0 Code Execution Exploit
Exploit for java platform in category remote exploits Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced...
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution Vulnerability
Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalD...
Paypal Clone Script 1.0.9 - id / acctype SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection Dork: N/A Date: 2018-02-10 Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://www.phpscriptsmall.com/product/paypal-money-transfer-clone/...
LibreOffice < 6.0.1 - =WEBSERVICE Remote Arbitrary File Disclosure Vulnerability
Exploit for linux platform in category remote exploits Vulnerability description CVE-2018-6871 First part LibreOffice supports COM.MICROSOFT.WEBSERVICE function: https://support.office.com/en-us/article/webservice-function-0546a35a-ecc6-4739-aed7-c0b7ce1562c4 The function is required to obtain da...
CloudMe Sync 1.10.9 Remote Buffer Overflow Vulnerability
Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ============= www.cloudme.com Product: =========== CloudMe Sync MOV DWORD PTR SS:ESP+4,22B8 00564DF9 . 890424 MOV DWORD PTR SS:ESP,EAX 00564DFC . FF15 B8738100 CALL DWORD PTR DS:;...
WordPress Bookly Lite 13.2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications In January I found a stored XSS in Bookly WP Plugin 10,000+ download for Lite version on official WordPress plugin site and 18,000+ for Pro version on CodeCanyon. Link of Bookly stored XSS proof-of-concept:...
NetEx HyperIP 6.1.0 Local File Inclusion Vulnerability
NetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability. Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability...
macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNo
Exploit for macOS platform in category dos / poc / AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort method: text:0000000000002DE4 ;...
Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Vulneravility
Exploit for php platform in category web applications Exploit Title: Bitcoin MLM Software 1.0.2 - Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/bitcoin-mlm/ Category: Web Application Exploit Author: Prasenjit Kanti Paul Web:...
Facebook Clone Script 1.0.5 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/ Category: Web Application Exploit Author: Prasenjit Kanti Paul...
NetEx HyperIP 6.1.0 Privilege Escalation Vulnerability
Exploit for multiple platform in category web applications Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details Affected Vendor...
Naukri Clone Script 3.0.3 - indus SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Naukri Clone Script 3.0.3 - 'indus' SQL Injection Dork: N/A Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://www.phpscriptsmall.com/product/naukri-clone-script/ Version: 3.0.3 Category: Webapps...
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...
glibc $ORIGIN Expansion Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...
Select Your College Script 2.0.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/ Category: Web Application Exploit Autho...
NetEx HyperIP 6.1.0 Post-Auth Command Execution Vulnerability
Exploit for multiple platform in category web applications Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected Vendor: NetEx...
Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/ Category: W...
Schools Alert Management Script 2.0.2 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...
Trend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass Exploit
Trend Micro IMSVA Management Portal version 9.1.0.1600 suffers from an authentication bypass vulnerability. Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL:...
NetEx HyperIP 6.1.0 Authentication Bypass Vulnerability
Exploit for multiple platform in category web applications Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx...
Lawyer Search Script 1.0.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/lawyer-script/ Category: Web Application Exploit Author: Prasenjit Kanti Paul Web:...
JBoss 4.2.x/4.3.x - Information Disclosure Exploit
Exploit for multiple platform in category remote exploits Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X Exploit Author: JameelNabbo Vendor Homepage: http://www.jboss.org Software Link: http://jbossas.jboss.org/downloads Version: 4.2X. & 4.3.X Tested on: Linux Ubuntu CVE :...
OLX Multi Language Clone Script - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Multi Language Olx Clone Script - Stored XSS Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web Application...
iBall iB-WRA150N Multiple Vulnerabilities
Exploit for hardware platform in category web applications Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and wor...
IBM Tivoli Monitoring Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits IBM Tivoli Monitoring CVE-2017-1635 Remote Code Execution Vulnerability CVEID: CVE-2017-1635 CVSS Base Score: 8 Affected Products and Versions The KDH component of IBM Tivoli Monitoring Basic Services KGL,KAX for Version 6.2.2 through 6.2....
Sonatype Nexus Repository Manager OSS/Pro Multiple Cross-Site Scripting Vulnerabilities
Exploit for multiple platform in category web applications ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: =2.14.5, =3.7.1 fixed version: 2.14.6, 3.8...
OpenNMS Java Object Deserialization Remote Code Execution Exploit
Exploit for java platform in category remote exploits ! /usr/bin/env python3 Credits: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/opennms nessus/plugins/opennmsjavaserialize.nasl cobbled together by...