Результаты поиска

Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec...

Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC) #!/usr/bin/python # # Exploit Author: bzyo # Twitter: @bzyo_ # Exploit Title: Xlight FTP Server (x86/x64) - Buffer Overflow Crash (PoC) # Date: 07-11-2017 # Vulnerable Software: Xlight FTP Server v3.8.8.5 (x86/x64) # Vendor Homepage...

MyBB 1.8.13 - Remote Code Execution # Exploit Title: RCE in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage: https://mybb.com/ # Version: Version > 1.8.13 (Fixed in 1.8.13) # CVE : CVE-2017-16780 This RCE can be executed via CSRF...

Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1340 There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library that was used in IE 8...

Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include...

PHP 7.1.8 - Heap Buffer Overflow Description: ------------ A heap out-of-bound read vulnerability in timelib_meridian() can be triggered via wddx_deserialize() or other vectors that call into this function on untrusted inputs. $ ~/php-7.1.8/sapi/cli/php --version PHP 7.1.8 (cli) (built: Aug...

Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007) <!DOCTYPE html> <html> <head> <style> .class1 { float: left; column-count: 5; } .class2 { column-span: all; columns: 1px; } table {border-spacing: 0px;} </style>...

PoC || GTFO 0x16 pocorgtfo16.pdf

pfSense 2.3.1_1 - Command Execution # Exploit Title: pfSense <= 2.3.1_1 Post-Auth Command Execution # Date: 11-06-2017 # Exploit Author: s4squatch (Scott White - www.trustedsec.com) # Vendor Homepage: https://www.pfsense.org # Version: 2.3-RELEASE # Vendor Security Advisory...

Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure #!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: <= v8u131 File: jre-8u131-windows-i586-iftw.exe SHA1...

tnftp - 'savefile' Arbitrary Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH) #!/usr/bin/python #Title: Ipswitch WS_FTP Professional Local Buffer Overflow (SEH) #Author: Kevin McGuigan. Twitter: @_h3xagram #Author Website: https://www.7elements.co.uk #Vendor Website: https://www.ipswitch.com #Date...

Unitrends UEB 9 - http api/storage Remote Root (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Polycom - Command Shell Authorization Bypass (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

Mozilla Firefox < 55 - Denial of Service # Exploit Title: Mozilla Firefox < 55 - Forcibly make someone view a web content # Category: Denial of Service # Date: 5/11/17 # CVE : CVE-2017-7783 # Affected Version: < Mozilla Firefox 55 # Tested on: Windows/Linux # Software Link...

Ayukov NFTP FTP Client < 2.0 - Remote Buffer Overflow #!/usr/bin/env python # coding: utf-8 ############ Description: ########## # The vulnerability was discovered during a vulnerability research lecture. # This is meant to be a PoC. #################################### # Exploit Title...

Kaltura < 13.2.0 - Remote Code Execution #!/usr/bin/env python # Kaltura <= 13.1.0 RCE (CVE-2017-14143) # https://telekomsecurity.github.io/2017/09/kaltura-rce.html # # $ python kaltura_rce.py "https://example.com" 0_xxxxxxxx "system('id')" # [~] host: https://example.com # [~] entry_id...

Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution First Vulnerability: XML External Entity Expansion (deftype=xmlparser) Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1...

Xen - Pagetable De-typing Unbounded Recursion Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address. When cleaning up a pagetable...

Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service) /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var...

Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1334 The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the...

Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to...