Результаты поиска

Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution #!/usr/bin/env python # -*- coding: utf-8 -*- # Exploit Title: Weblogic wls-wsat Component Deserialization RCE # Date Authored: Jan 3, 2018 # Date Announced: 10/19/2017 # Exploit Author: Kevin Kirsche...

Vanilla < 2.1.5 - Cross-Site Request Forgery # Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 # Google Dork: NA # Date: 7/1/2018 # Contact: https://twitter.com/anandm47 # website: https://anandtechzone.blogspot.in <https://t.co/MJ8SoRaIMn> # Exploit...

Android - Inter-Process munmap due to Race Condition in ashmem The MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a...

Ayukov NFTP FTP Client 2.0 - Remote Buffer Overflow (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking...

VX Search Enterprise 10.1.12 - Denial of Service # Exploit Title: VX Search Enterprise Server v10.1.12 - Denial of Service # Date: 2017-10-20 # Exploit Author: Ahmad Mahfouz # Software Link: http://www.vxsearch.com/setups/vxsearchsrv_setup_v10.1.12.exe # Version: v10.1.12 # Category; Windows...

Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation """ Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720_ENU_DOWN_331020_10.rar Internet Security...

Xplico - Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1389&desc=6 Windows maintains a DC cache in win32kbase!gpDispInfo->pdceFirst. If you create multiple windows from a...

PoC || GTFO 0x17

Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP) // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0-* and Ubuntu xenial 4-8-0-* kernels. // //...

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection Exploit Title: Smart Google Code Inserter < 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage...

Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Apple macOS - IOHIDSystem Kernel Read/Write Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid...

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/security_prince...

SysGauge Server 3.6.18 - Denial of Service # Exploit Title: SysGauge Server 3.6.18 - DOS # Date: 2017-10-20 # Exploit Author: Ahmad Mahfouz # Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrv_setup_v3.6.18.exe # Version: v3.6.18 # Category; Windows Remote DOS # CVE: CVE-2017-15667 #...

HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Jenkins - XStream Groovy classpath Deserialization (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via...

Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1378 There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a...

Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1382 There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places): PoC for IE (note: page heap might be required to...

Intel Content Protection HECI Service - Type Confusion Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege...

Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1381 There is a use-after-free in jscript.dll library that can be exploited in IE11. PoC: ========================================= --> <!--...