Результаты поиска

NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection # Exploit Title: NfSen/AlienVault remote root exploit (command injection in customfmt parameter) # Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1~bpo80+1_all. Previous versions are also likely to be affected. # Version...

Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) #!/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpack_from import sys import socket import time ''' MS17-010 exploit for...

Microsoft Windows PowerShell - Unsanitized Filename Command Execution ''' [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt [+] ISR...

NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Local Privilege Escalation # Exploit Title: Local root exploit affecting NfSen <= 1.3.7, AlienVault USM/OSSIM <= 5.3.6 # Version: NfSen 1.3.7 # Version: AlienVault 5.3.6 # Date: 2017-07-10 # Vendor Homepage: http://nfsen.sourceforge.net/ # Vendor...

WebKit - UXSS via XSLT and Nested Document Replacements VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cpp#L66 ``` Ref<Document> XSLTProcessor::createDocumentFromSource(const String& sourceString, const String& sourceEncoding, const...

NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection # Exploit Title: NfSen/AlienVault remote root exploit (IPC query command injection) # Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1~bpo80+1_all. Previous versions are also likely to be affected. # Version: AlienVault 5.3.4 # Date...

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution import os import inspect import argparse import shutil from shutil import copyfile print("") print("") print("################################################") print("") print("------------------CVE-2019-13623----------------") print("")...

LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read Source: http://bugzilla.maptools.org/show_bug.cgi?id=2693 On 4.0.7: # tiffsplit $FILE ==2007== Invalid read of size 4 ==2007== at 0x40CD1A: _TIFFVGetField (tif_dir.c:1072) ==2007== by 0x41B2C5: TIFFVGetField (tif_dir.c:1198)...

Linux - Use-After-Free Reads in show_numa_stats() /* On NUMA systems, the Linux fair scheduler tracks information related to NUMA faults in task_struct::numa_faults and task_struct::numa_group. Both of these have broken object lifetimes. Since commit 82727018b0d3 ("sched/numa: Call...

LibTIFF - 'tif_dirwrite.c' Denial of Service Source: http://bugzilla.maptools.org/show_bug.cgi?id=2712 Triggered by "./tiffset POC1" $ ./tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 (0x12e) encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 (0xf209)...

Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

LibTIFF - 'tif_jbig.c' Denial of Service Source: http://bugzilla.maptools.org/show_bug.cgi?id=2706 Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” The asan debug information is below: $./tiff2ps $POC...

osTicket 1.12 - Formula Injection # Exploit Title: osTicket-v1.12 Formula Injection # Vendor Homepage: https://osticket.com/ # Software Link: https://osticket.com/download/ # Exploit Author: Aishwarya Iyer # Contact: https://twitter.com/aish_9524 # Website: https://about.me/aish_iyer #...

osTicket 1.12 - Persistent Cross-Site Scripting # Exploit Title: osTicket-v1.12 Stored XSS # Vendor Homepage: https://osticket.com/ # Software Link: https://osticket.com/download/ # Exploit Author: Aishwarya Iyer # Contact: https://twitter.com/aish_9524 # Website: https://about.me/aish_iyer #...

GoAutoDial CE 3.3 - Authentication Bypass / Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution #!/usr/bin/python """ Lepide Auditor Suite createdb() Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1...

BestSafe Browser - Man In The Middle Remote Code Execution # Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution # Date: 30/Jun/17 # Exploit Author: MaXe # Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com # Software Link: See APK archive...

[French] SYN FLOOD ATTACK for IP CISCO Phone 42292.pdf

osTicket 1.12 - Persistent Cross-Site Scripting via File Upload # Exploit Title: osTicket-v1.12 Stored XSS via File Upload # Vendor Homepage: https://osticket.com/ # Software Link: https://osticket.com/download/ # Exploit Author: Aishwarya Iyer # Contact: https://twitter.com/aish_9524 #...

LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1226 There are three variants of the below crash, all of which stemming from an unbound copy into a fixed size stack buffer allocated in the function ASFParser::SetMetaData...

Google Chrome - Out-of-Bounds Access in RegExp Stubs There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this...

eVestigator Forensic PenTester - Man In The Middle Remote Code Execution # Exploit Title: eVestigator Forensic PenTester v1 - Remote Code Execution via MITM # Date: 30/Jun/17 # Exploit Author: MaXe # Vendor Homepage: https://play.google.com/store/apps/details?id=penetrationtest.eVestigator.com...

[Spanish] How to Exploit ETERNALBLUE on Windows Server 2012 R2 42281.pdf

Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/ndmp_socket' require 'openssl' require 'xdr'...

ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...