Результаты поиска

Gitea 1.7.5 - Remote Code Execution # Exploit Title: Gitea 1.7.5 - Remote Code Execution # Date: 2020-05-11 # Exploit Author: 1F98D # Original Author: LoRexxar # Software Link: https://gitea.io/en-us/ # Version: Gitea before 1.7.6 and 1.8.x before 1.8-RC3 # Tested on: Debian 9.11 (x64) # CVE...

H2 Database 1.4.199 - JNI Code Execution # Exploit Title: H2 Database 1.4.199 - JNI Code Execution # Exploit Author: 1F98D # Original Author: Markus Wulftange # Date: 28 April 2020 # Vendor Hompage: https://www.h2database.com/ # Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 # References...

sar2html 3.2.1 - 'plot' Remote Code Execution # Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution # Date: 27-12-2020 # Exploit Author: Musyoka Ian # Vendor Homepage:https://github.com/cemtan/sar2html # Software Link: https://sourceforge.net/projects/sar2html/ # Version: 3.2.1 #...

Klog Server 2.4.1 - Command Injection (Unauthenticated) # Exploit Title: Klog Server 2.4.1 - Command Injection (Unauthenticated) # Date: 22.12.2020 # Exploit Author: b3kc4t (Mustafa GUNDOGDU) # Vendor Homepage: https://www.klogserver.com/ # Version: 2.4.1 # Tested On: Ubuntu 18.04 # CVE...

Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion /* function opt(w, arr) { arr[0] = 1.1; let res = w.event; arr[0] = 2.3023e-320; return res; } let arr = [1.1]; for (let i = 0; i < 10000; i++) { opt(window, arr); } The above code will be compiled as...

Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter...

Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection # [CVE-2018-10094] Dolibarr SQL Injection vulnerability ## Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through [GitHub](https://github.com/Dolibarr/dolibarr) or as...

Symfony 2.7.0 < 4.0.10 - Denial of Service The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations (see below) and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An...

Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include...

WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework # ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report...

Microsoft Edge Chakra - Cross Context Use-After-Free <!-- 1. Background The CrossSite class is used for passing JavaScript variables across different contexts. Chakra is basically trying to wrap every variable being passed from a context to another context. The way it wraps an object is, first...

Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write <!-- Skia bug report: https://bugs.chromium.org/p/skia/issues/detail?id=7674 Mozilla bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1441941 In Skia, SkTDArray stores length (fCount) and capacity...

D-Link DSL-2750B - OS Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include...

Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning...

Online Matrimonial Project 1.0 - Authenticated Remote Code Execution # Exploit Title: Online Matrimonial Project 1.0 - Authenticated Remote Code Execution # Exploit Author: Valerio Alessandroni # Date: 2020-10-07 # Vendor Homepage: https://projectworlds.in/ # Software Link...

Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting # Exploit Title: Multiple XSS Oracle WebCenter Sites (FatWire Content Server) 7.x < 11gR1 # Dork: inurl:Satellite?c # Date: 18.12.201 # Exploit Author: Richard Alviarez # Vendor Homepage: http://oracle.com # Version: 7.x < 11gR1...

docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) # Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) # Date: 2020-07-26 # Exploit Author: MasterVlad # Vendor Homepage: http://www.verypdf.com # Software Link: http://dl.verypdf.net/docprint_pro_setup.exe #...

SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow # Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow # Date: 18-Sep-2020 # Exploit Author: Abdessalam king(A.salam) # Vendor Homepage: http://www.syncbreeze.com # Software Link...

Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution Exploit Title: Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution Date: 2020-08-13 Exploit Author: Loke Hui Yi Vendor Homepage: https://razerid.razer.com Software Link...

Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH) # Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH) # Discovery by: Luis Martinez # Discovery Date: 2020-11-22 # Vendor Homepage: http://www.boxoft.com/ # Software Link...

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking...

WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting # Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting # Date: 20-11-2020 # Exploit Author: Hemant Patidar (HemantSolo) # Vendor Homepage: https://www.wondercms.com/ # Version: 3.1.3 # Tested on: Windows 10/Kali...

Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit # Exploit Title: Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit # Date: 17.09.2020 # Vendor Homepage: http://www.boxoft.com/ # Software Link: http://www.boxoft.com/convert-master/setup(boxoft-conver=t-master).exe # Exploit Author...