Результаты поиска

Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure /* We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation (4) information class...

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution #!/usr/bin/env ruby # # [CVE-2018-7600] Drupal <= 8.5.0 / <= 8.4.5 / <= 8.3.8 / 7.23 <= 7.57 - 'Drupalgeddon2' (SA-CORE-2018-002) ~ https://github.com/dreadlocked/Drupalgeddon2/ # # Authors: # - Hans Topo ~...

Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure /* We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects...

Microsoft Windows - 'nt!NtQueryAttributesFile' Kernel Stack Memory Disclosure /* We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7...

Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion /* I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKind(Node* node) { ...

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) #!/usr/bin/env import sys import requests print ('################################################################') print ('# Proof-Of-Concept for CVE-2018-7600') print ('# by Vitalii Rudnykh') print ('# Thanks...

H2 Database - 'Alias' Arbitrary Code Execution ''' Exploit Title: H2 Database Alias Abuse Date: 05/04/2018 Exploit Author: gambler Vendor Homepage:www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux, Mac OS ''' import sys...

WebKit - WebAssembly Parsing Does not Correctly Check Section Order When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check...

Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ManualRanking include...

Open-AudIT Professional 3.3.1 - Remote Code Execution # Exploit Title: Open-AudIT Professional 3.3.1 - Remote Code Execution # Date: 2020-04-22 # Exploit Author: Askar # CVE: CVE-2020-8813 # Vendor Homepage: https://opmantek.com/ # Version: v3.3.1 # Tested on: Ubuntu 18.04 / PHP 7.2.24...

Nexus Repository Manager - Java EL Injection RCE (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Cobub Razor 0.7.2 - Cross-Site Request Forgery # Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery # Date: 2018-03-07 # Exploit Author: ppb # Vendor Homepage: https://github.com/cobub/razor/ # Software Link: https://github.com/cobub/razor/ # Version: 0.72 # CVE : CVE-2018-7746 There...

Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient...

DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/powershell' require 'openssl' require 'set' class...

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include...

Apache Solr - Remote Code Execution via Velocity Template (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/powershell' class MetasploitModule < Msf::Exploit::Remote...

ThinkPHP - Multiple PHP Injection RCEs (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods <!-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method (such as Array.join), it first retrieves the length of an array. If the input is not an array but an...

TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'openssl' class MetasploitModule < Msf::Exploit::Remote Rank =...

Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Microsoft NET USE win10 - Insufficient Authentication Logic # Title: Microsoft NET USE win10 - Insufficient Authentication Logic # Date: 2020-04-04 # Author: hyp3rlinx # Vendor: www.microsoft.com # CVE: N/A [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+]...

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2) /* Here's a snippet of JavascriptArray::BoxStackInstance. template <typename T> T * JavascriptArray::BoxStackInstance(T * instance, bool deepCopy) { Assert(ThreadContext::IsOnStack(instance)); // On...