Результаты поиска

Adobe Flash - Out-of-Bounds Write in blur Filtering The attached swf file causes and out-of-bounds write in blur filtering. This PoC crashes reliably in Firefox for Linux. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44529.zip

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion /* https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: { if...

RiteCMS 2.2.1 - Authenticated Remote Code Execution # Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution # Date: 2020-07-03 # Exploit Author: Enes Özeser # Vendor Homepage: http://ritecms.com/ # Version: 2.2.1 # Tested on: Linux # CVE: CVE-2020-23934 1- Go to following url. >>...

ASUS infosvr - Authentication Bypass Command Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Adobe Flash - Overflow when Playing Sound The attached fuzzed swf file causes heap overflow when playing a sound. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept...

Adobe Flash - Overflow in Slab Rendering The attached fuzzed swf file causes heap or stack corruption (depending on platform) when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept...

Adobe Flash - Info Leak in Image Inflation The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png...

Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Pi-hole 4.4.0 - Remote Code Execution (Authenticated) # Exploit Title: Pi-hole 4.4.0 - Remote Code Execution (Authenticated) # Date: 2020-05-22 # Exploit Author: Photubias # Vendor Advisory: [1] https://github.com/pi-hole/AdminLTE # Version: Pi-hole <=4.4.0 + Web <=4.3.3 # Tested on: Pi-hole...

lastore-daemon D-Bus - Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File...

Rvsitebuilder CMS - Database Backup Download # Exploit Title: Rvsitebuilder CMS Database Backup Download # Exploit Author: Hesam Bazvand # Contact: [email protected] # Software Link: http://www.rvsitebuilder.com # Version: All Version # Tested on: Windows 7 / Kali Linux # Category...

Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # <input...

Match Clone Script 1.0.4 - Cross-Site Scripting ######################################################################## # Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting # Date: 23.02.2018 # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link...

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting # Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities # Date: 14-13-2018 # Software Link: https://sourceforge.net/projects/mysar/ # Exploit Author: Keerati T. # Version: 2.1.4 # Tested on: Linux 1...

WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking...

Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 (including Win10S) Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a...

Microsoft Edge - 'OpenProcess()' ACG Bypass Each Edge Content process (MicrosoftEdgeCP.exe) needs to call SetProcessMitigationPolicy() on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) # Exploit Title: Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow # Date: 2018-04-14 # Exploit Author: jollymongrel # Vendor Homepage: http://www.vector.co.jp # Software Link...

Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure /* We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName (0x1B) information class discloses uninitialized kernel memory to...

Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure /* We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation (0x0) and MemoryPrivilegedBasicInformation (0x8) information...

Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure /* We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation (0x6) information class discloses uninitialized kernel stack memory to...

Microsoft Windows - 'nt!NtQueryVolumeInformationFile' Kernel Stack Memory Disclosure /* We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects...

Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure /* We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation (0x12) and SystemPageFileInformationEx (0x90) information...