Результаты поиска

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file video_coding/rtp_frame_reference_finder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a pic_idx...

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file video_coding/rtp_frame_reference_finder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following...

SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution # Exploit Title: SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution # Date: 29.01.2021 # Exploit Author: LiquidWorm # Vendor Homepage: https://www.smartfoxserver.com Vendor: gotoAndPlay() Product web page...

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1) # Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) # Date: 26/1/2021 # Exploit Author: cmOs - SunCSR # Vendor Homepage: https://openlitespeed.org/ # Software Link...

Google Chrome - Integer Overflow when Processing WebAssembly Locals /* When v8 decodes the locals of a function, it performs a check: if ((count + type_list->size()) > kV8MaxWasmFunctionLocals) { decoder->error(decoder->pc() - 1, "local count too large"); return false; }...

WebKit - Use-After-Free when Resuming Generator <!-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state =...

Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt [+] ISR: Apparition...

WebKit - WebAssembly Compilation Info Leak <!-- There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. When a source buffer is compiled, it is first copied into a read-only buffer by the functuion getWasmBufferFromValue. This function returns the code buffer as...

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver /* nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls task_deallocate without locking. Two threads can race calling this external method to drop two task references...

Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist /* getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: /* * Allocate...

XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP mptcp_usr_connectx is the handler for the connectx syscall for the AP_MULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AF_INET or AF_INET6: // verify...

Netsia SEBA+ 0.16.1 - Add Root User (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info...

PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: php_stream_url_wrap_http_ex...

Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report...

Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) # Exploit Title: Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) # Date: 1.12.2021 # Exploit Author: Enesdex # Vendor Homepage: https://gilacms.com/ # Software Link: https://github.com/GilaCMS/gila/releases/tag/2.0.0 # Version...

WebKit - not_number defineProperties UAF (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell'...

WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS) # Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS) # Google Dork: NA # Date: 09/01/2021 # Exploit Author: Swapnil Subhash Bodekar # Vendor...

MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting # Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting # Date: 6/2/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=842 # Version: 1.0 #...

Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated) # Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated) # Exploit Author: 1F98D # Original Author: Alvaro Muñoz # Date: 27 May 2020 # Vendor Hompage: https://www.sonatype.com/ # CVE: CVE-2020-10199 # Tested...

Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient...

WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation # Exploit Title: PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation # Exploit Author: 1F98D # Original Author: securifera # Date: 12 May 2020 # Vendor Hompage...