Результаты поиска

Chrome V8 - 'TranslatedState::MaterializeCapturedObjectAt' Type Confusion /* Here'a snippet of TranslatedState::MaterializeCapturedObjectAt. case JS_SET_KEY_VALUE_ITERATOR_TYPE: case JS_SET_VALUE_ITERATOR_TYPE: { Handle<JSSetIterator> object = Handle<JSSetIterator>::cast(...

AsusWRT LAN - Remote Code Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Transmission - Integer Overflows Parsing Torrent Files I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the tr_new/tr_new0 allocation wrappers don't handle overflow. #define tr_new(struct_type, n_structs) \ ((struct_type *)...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f ("io_uring: add support for sendmsg()", first in v5.3), io_uring has support for asynchronously calling sendmsg(). Unprivileged userspace tasks can submit...

Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include...

Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before...

CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include...

Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite # Exploit Title: Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite # Exploit Author : Peter Lapp # Exploit Date: 2019-12-05 # Vendor Homepage : https://www.trendmicro.com/en_us/business.html # Link Software ...

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. *Advisory Information* Title: Trend Micro Email Encryption Gateway...

Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting # Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting # Exploit Author: Metin Yunus Kandemir (kandemir) # Vendor Homepage: https://snipeitapp.com/ # Software Link...

Visual Studio 2008 - XML External Entity Injection # Exploit Title: Visual Studio 2008 - XML External Entity Injection # Discovery by: hyp3rlinx # Date: 2019-12-02 # Vendor Homepage: www.microsoft.com # Software Link: Visual Studio 2008 Express IDE # Tested Version: 2008 # CVE: N/A [+]...

Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass # Exploit Title: Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass # Discovery by: hyp3rlinx # Date: 2019-12-03 # Vendor Homepage: www.microsoft.com # CVE: N/A [+] Credits: John Page (aka hyp3rlinx)...

Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution # Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution # Author: Peter Lapp # Date: 2019-12-05 # Vendor...

Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback There is a use-after-free issue in JSCript (triggerable via Internet Explorer) where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the...

macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache Tested on macOS Mojave (10.14.6, 18G87) and Catalina Beta (10.15 Beta 19A536g). On macOS, the dyld shared cache (in /private/var/db/dyld/) is generated locally on the system and therefore doesn't have a real code...

FreeSWITCH - Event Socket Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Bludit - Directory Traversal Image File Upload (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Pulse Secure VPN - Arbitrary Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Xorg X11 Server - Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::File...

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 (not tested earlier versions) Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability...

Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/exe' require...

FusionPBX - Operator Panel exec.php Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is...

Microsoft Windows - NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 (functionality not present prior to this version) Class: Security Feature...

Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank =...