Результаты поиска

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution <!DOCTYPE HTML> <!-- FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) *PoC* Exploit against Firefox 46.0.1 (CVE-2016-2819) ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018 Tested...

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution <!DOCTYPE HTML> <!-- FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) *PoC* Exploit against Firefox 44.0.2 (CVE-2016-1960) ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018 Tested...

Tuleap 9.17.99.189 - Blind SQL Injection =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL...

WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include...

OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution # Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation # Date: 2020-02-02 # Exploit Author: Marco Ivaldi # Vendor Homepage: https://www.opensmtpd.org/ # Version: OpenSMTPD 6.4.0 - 6.6.1 # Tested on: OpenBSD...

D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init ''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctp_load_addresses_from_init function of usersctp that can lead to a number of out-of-bound reads. The input to...

iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand() While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand(), I noticed that the size checks used to parse the IOAccelKernelCommand in...

Ricoh Driver - Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/exe' class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking...

Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking...

Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution #!/usr/bin/python2.7 # Exploit Title: Advantech WebAccess < 8.3 webvrpcs Directory Traversal RCE Vulnerability # Date: 03-11-2018 # Exploit Author: Chris Lyne (@lynerc) # Vendor Homepage: www.advantech.com # Software...

Eclipse Equinoxe OSGi Console - Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'base64' class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking...

Cisco Data Center Network Manager 11.2 - Remote Code Execution #!/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows (64-bit) - Release: 11.2(1) - Release Date...

Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection #!/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows (64-bit) - Release: 11.2(1) -...

Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection #!/usr/bin/python """ Cisco Data Center Network Manager LanFabricImpl createLanFabric Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 ISO Virtual Appliance for VMWare, KVM and...

Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read /* In the current implementation, the bytecode generator also emits empty jump tables. https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-writer.cc?rcl=111e990462823c9faeee06b67c0dcf05749d4da8&l=89 So the bytecode...

rConfig 3.9.3 - Authenticated Remote Code Execution # Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution # Date: 2019-11-07 # CVE-2019-19509 # Exploit Author: vikingfr # Vendor Homepage: https://rconfig.com/ (see also : https://github.com/rconfig/rconfig) # Software Link ...

OpenSMTPD 6.6.1 - Remote Code Execution # Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution # Date: 2020-01-29 # Exploit Author: 1F98D # Original Author: Qualys Security Advisory # Vendor Homepage: https://www.opensmtpd.org/ # Software Link...

macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code (tester.m) can be used. I've attached another code snippet to reproduce the issue on iOS as well...

Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement Optimization Bug /* I think this commit has introduced the bugs: https://chromium.googlesource.com/v8/v8/+/c22ca7f73ba92f22d0cd29b06bb2944a545a8d3e%5E%21/#F0 Here's a snippet. case IrOpcode::kStoreField: {...

Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is "null" /* I think this commit has introduced the bug. https://chromium.googlesource.com/v8/v8/+/ff7063c7d5d8ad8eafcce3da59e65d7fe2b4f915%5E%21/#F2 According to the description, Object.create is supposed...

Chrome V8 JIT - 'GetSpecializationContext' Type Confusion PoC: function* opt(arg = () => arg) { let tmp = opt.x; // LdaNamedProperty for (;;) { arg; yield; function inner() { tmp; } break; } } for (let i = 0; i < 100000; i++)...

Pachev FTP Server 1.0 - Path Traversal # Exploit Title: Pachev FTP Server 1.0 - Path Traversal # Date: 2020-01-23 # Vulnerability: Path Traversal # Exploit Author: 1F98D # Vendor Homepage: https://github.com/pachev/pachev_ftp from ftplib import FTP ip = raw_input("Target IP: ") port =...

Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule <...