Результаты поиска

Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution ''' Source: https://blogs.securiteam.com/index.php/archives/3356 Vulnerability details The remote code execution is a combination of 4 different vulnerabilities: Upload arbitrary files to the specified directories Log in...

Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2) Sources: - https://github.com/sensepost/gdi-palettes-exp - https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/ Windows 7 SP1 x86 exploit presented at DEF CON 25 involving the abuse of a newly...

VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1296 VirtualBox: Windows Process DLL UNC Path Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 (Tested on Windows 10) Class...

DirtyTooth: Extracting VCARD data from Bluetooth iOS profiles 42430.pdf

FileThingie 2.5.7 - Arbitrary File Upload # Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload # Author: Cakes # Discovery Date: 2019-09-03 # Vendor Homepage: www.solitude.dk/filethingie # Software Link: https://github.com/leefish/filethingie/archive/master.zip # Tested Version: 2.5.7 #...

AwindInc SNMP Service - Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 (Tested on Windows 10) Class: Elevation of...

Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # linux/armle/meterpreter/bind_tcp -> segfault #...

ptrace - Sudo Token Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File...

Cisco UCS Director - default scpuser password (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'net/ssh' require 'net/ssh/command_stream' class MetasploitModule <...

[Hebrew] Digital Whisper Security Magazine #85 42405.pdf

Apple macOS/iOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1247 When XPC serializes large xpc_data objects it creates mach memory entry ports to represent the memory region then transfers that region to the...

ktsuss 1.4 - suid Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File...

Jenkins < 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException # Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit # Google Dork: intitle: "Dashboard [Jenkins]" + "Manage...

DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow #!/usr/bin/env python # Exploit Title: DiskBoss Enterprise v8.2.14 Remote buffer overflow # Date: 2017-07-30 # Exploit Author: Ahmad Mahfouz # Author Homepage: www.unixawy.com # Vendor Homepage: http://www.diskboss.com/ # Software Link...

[Hebrew] Digital Whisper Security Magazine #84 42406.pdf

AudioCoder 0.8.46 - Local Buffer Overflow (SEH) #!/usr/bin/python # Exploit Title : AudioCoder 0.8.46 Local Buffer Overflow (SEH) # CVE : CVE-2017-8870 # Exploit Author : Muhann4d @0xSecured # Vendor Homepage : http://www.mediacoderhq.com # Vulnerable Software...

GNU libiberty - Buffer Overflow Source: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687 The attached program binary causes a buffer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the binary. Both the buffer size as well as the buffer content are...

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting # Title: FortiOS <= 5.6.0 Multiple XSS Vulnerabilities # Vendor: Fortinet (www.fortinet.com) # CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 # Date: 28.07.2016 # Author: Patryk Bogdan (@patryk_bogdan) Affected FortiNet products: *...

WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1240 JSObject::putInlineSlow and JSValue::putToPrimitive use getPrototypeDirect instead of getPrototype to get an object's...

Friends in War Make or Break 1.7 - Authentication Bypass ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: Admin login bypass via SQLi [x] Vendor: http://software.friendsinwar.com/ [x] Script Name: Make or Break [x] Script Version: 1.7 [x] Script DL...

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp#L743 case GetByVal: { ... unsigned numberOfArgumentsToSkip...

WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1236 WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy Here's a snippet of JSArray::appendMemcpy. bool JSArray::appendMemcpy(ExecState* exec, VM&...