Результаты поиска

Arq 5.9.7 - Local Privilege Escalation =begin As well as the other bugs affecting Arq <= 5.9.6 there is also another issue with the suid-root restorer binaries in Arq for Mac. There are three of them and they are used to execute restores of backed up files from the various cloud providers...

Arq 5.9.6 - Local Privilege Escalation # Arq Backup from Haystack Software is a great application for backing up macs and # windows machines. Unfortunately versions of Arq for mac before 5.9.7 are # vulnerable to a local root privilege escalation exploit. # The updater binary has a...

Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation # Another day, another root privesc bug in this plugin. Not quite so serious this # time - this one is only exploitable if the user has the plugin installed but # VMware Fusion *not* installed. This is a fairly unlikely...

Techno Portfolio Management Panel - 'id' SQL Injection # # # # # # Exploit Title: Techno - Portfolio Management Panel 1.0 - SQL Injection # Dork: N/A # Date: 02.12.2017 # Vendor Homepage: https://codecanyon.net/user/engtechno # Software Link...

Readymade Classifieds Script 1.0 - SQL Injection # # # # # # Exploit Title: Readymade Classifieds Script 1.0 - SQL Injection # Dork: N/A # Date: 02.12.2017 # Vendor Homepage: http://www.scubez.net/ # Software Link: http://www.posty.in/index.html # Demo...

FS Makemytrip Clone - 'id' SQL Injection # Exploit Title: FS Makemytrip Clone - SQL Injection # Date: 2017-12-05 # Exploit Author: Dan° # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/makemytrip-clone/ # Version: 2017-12-05 # Tested on: Kali...

FS Shaadi Clone - 'token' SQL Injection # Exploit Title: FS Shaadi Clone - SQL Injection # Date: 2017-12-05 # Exploit Author: Dan° # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/shaadi-clone/ # Version: 2017-12-05 # Tested on: Kali Linux 2.0...

MistServer 2.12 - Cross-Site Scripting [+] Credits: John Page (aka Hyp3rlinX) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt [+] ISR: ApparitionSec Vendor...

Abyss Web Server < 2.11.6 - Heap Memory Corruption [+] Credits: John Page (aka HyP3rlinX) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt [+] ISR: ApparitionSec Vendor: ==========...

Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Exploit Title: Privilege Escalation -...

HP iMC Plat 7.2 - Remote Code Execution #!/opt/local/bin/python2.7 # Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE # Date: 11-28-2017 # Exploit Author: Chris Lyne (@lynerc) # Vendor Homepage: www.hpe.com # Software Link...

HP iMC Plat 7.2 - Remote Code Execution (2) #!/opt/local/bin/python2.7 # Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE # Date: 11-29-2017 # Exploit Author: Chris Lyne (@lynerc) # Vendor Homepage: www.hpe.com # Software Link...

Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank =...

Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation /* EDB Note Source ~ https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source ~...

pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

QEMU - NBD Server Long Export Name Stack Buffer Overflow Introduced in commit f37708f6b8 (2.10). The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and...

Exim 4.89 - 'BDAT' Denial of Service While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.c#L1867 Exim goes into an incorrect state after this message is sent because the function pointer...

ZTE ZXDSL 831CII - Improper Access Restrictions # Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access # Date: 27/11/2017 # Exploit Author: Ibad Shah # Vendor Homepage: zte.com.cn # Software Link: - # Version: - ZXDSL - 831CII # Tested on: Windows 10 # CVE :- 2017-16953...

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download ''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the...

Microsoft Edge Chakra JIT - 'Inline::InlineCallApplyTarget_Shared' does not Return the return Instruction /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1366 Here's a snippet of Inline::Optimize. FOREACH_INSTR_EDITING(instr, instrNext, func->m_headInstr) {...

Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1367 In the following JavaScript code, both of the print calls must print out "undefined" because of "x" is a formal parameter. But the second print call...

Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1365 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a...

Linux Kernel - 'mincore()' Uninitialized Kernel Heap Page Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I found the following bug with an AFL-based fuzzer: When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are...

ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode) #!/usr/bin/python # Tested on: Windows 10 Professional (x86) # Exploit for previous version: https://www.exploit-db.com/exploits/42455/ (Seems they haven't patched the vulnerability at all :D) # msfvenom -p windows/exec CMD="calc.exe" -e...

Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 1. In the Chakra's JIT compilation process, it stores variables' type information by basic block. function opt(b) { let o; if (b) {...