Результаты поиска

ProcessMaker - Plugin Upload (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the...

Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write /* Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle<JSFunction> regexp_fun = InstallFunction( global, "RegExp"...

LimeSurvey 4.1.11 - 'File Manager' Path Traversal # Exploit Title: LimeSurvey 4.1.11 - 'File Manager' Path Traversal # Date: 2020-04-02 # Exploit Author: Matthew Aberegg, Michael Burkey # Vendor Homepage: https://www.limesurvey.org # Version: LimeSurvey 4.1.11+200316 # Tested on: Ubuntu...

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1) /* Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance->head" is on the stack. So simply by adding a single line of code that...

SharePoint Workflows - XOML Injection (Metasploit) # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion /* Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe<bool> CollectValuesOrEntriesImpl( Isolate*...

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Redis - Replication Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include...

IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'openssl' class MetasploitModule < Msf::Exploit::Remote Rank =...

DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

osCommerce 2.3.4.1 - Remote Code Execution # Exploit Title: osCommerce 2.3.4.1 Remote Code Execution # Date: 29.0.3.2018 # Exploit Author: Simon Scannell - https://scannell-infosec.net <[email protected]> # Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely...

WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery # Exploit Title: WampServer 3.1.1 XSS via CSRF # Date: 31-03-2018 # Software Link: http://www.wampserver.com/en/ # Version: 3.1.1 # Tested On: Windows 10 # Exploit Author: Vipin Chaudhary # Contact...

WampServer 3.1.2 - Cross-Site Request Forgery # Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely # Date: 31-03-2018 # Software Link: http://www.wampserver.com/en/ # Version: 3.1.2 # Tested On: Windows 10 # Exploit Author: Vipin Chaudhary # Contact...

Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection # Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection # Google Dork: N/A # Date: 22-03-2018 ################################ # Exploit Author: Sureshbabu Narvaneni ################################ #...

Joomla! Component AcySMS 3.5.0 - CSV Macro Injection # Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection # Google Dork: N/A # Date: 22-03-2018 ################################ # Exploit Author: Sureshbabu Narvaneni ################################ # Vendor Homepage...

VMware Fusion 11.5.2 - Privilege Escalation # Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation # Date: 2020-03-17 # Exploit Author: Rich Mirch # Vendor Homepage: https://www.vmware.com/products/fusion.html # Vendor Advisory...

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/powershell' class MetasploitModule <...

Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Rconfig 3.x - Chained Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include...

ManageEngine Desktop Central - Java Deserialization (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Nagios XI - Authenticated Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

PHPStudy - Backdoor Remote Code execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

GitStack - Unsanitized Argument Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include...

OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local # smtpd(8) may crash on a malformed message...