Результаты поиска

Apple macOS/iOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:] Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1170 Via NSUnarchiver we can read NSBuiltinCharacterSet with a controlled serialized state. It reads a...

PlaySMS 1.4 - 'import.php' Remote Code Execution # Exploit Title: PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php # Date: 21-05-2017 # Software Link: https://playsms.org/download/ # Version: 1.4 # Exploit Author: Touhid M.Shaikh # Contact...

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1142 This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain...

Apple macOS - '32-bit syscall exit' Kernel Register Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths...

Apple macOS - 'stackshot' Raw Frame Pointers Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1164 This is an issue that allows unentitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug. By design, the syscall...

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule <...

LibreNMS - addhost Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC) # Exploit Title: Sure Thing Disc Labeler - Stack Buffer Overflow (PoC) # Date: 5-19-17 # Exploit Author: Chance Johnson ([email protected]) # Vendor Homepage: http://www.surething.com/ # Software Link...

Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption Introduction ------------ Vulnerabilities were identified in the Belden GarrettCom 6K and 10KT (Magnum) series network switches. These were discovered during a black box assessment and therefore the vulnerability...

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free <!-- VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/wasm/wasm-objects.cc?rcl=783343158eb1b147df7e6669f1d03c690c878e21&l=1253 ``` int32_t WasmMemoryObject::Grow(Isolate* isolate...

KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities # Exploit Title: [Dell Kace Appliance Multiple Vulnerabilities] # Date: [12/04/2018] # Exploit Author: [SlidingWindow], Twitter: @kapil_khot # Vendor Homepage...

Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) #!/usr/bin/python from impacket import smb, ntlm from struct import pack import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target...

Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) #!/usr/bin/python from impacket import smb from struct import pack import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system (depended on what...

WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking...

BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Mozilla Firefox 50 < 55 - Stack Overflow Denial of Service <!-- Title: ============== Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability References: ============== https://bugzilla.mozilla.org/show_bug.cgi?id=1322307 Timeline: ============== Reported to Mozilla: 2016-12-06...

Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1107 Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2...

Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGS_ALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or...

Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking...

Serviio Media Server - checkStreamUrl Command Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Adobe Flash - AVC Deblocking Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1171 The attached swf triggers an out-of-bounds read in AVC deblocking. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42017.zip

Adobe Flash - Margin Handling Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1174 The attached fuzzed swf causes a crash due to heap corruption when processing the margins of a rich text field. Proof of Concept...

Adobe Flash - Out-of-Bounds Read in Getting TextField Width Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1211 The attached swf causes an out-of-bounds read in getting the width of a TextField. Proof of Concept...

Apple iOS < 10.3.2 - Notifications API Denial of Service # Exploit Title: Apple iOS < 10.3.2 - Notifications API Denial of Service # Date: 05-15-2017 # Exploit Author: Sem Voigtländer (@OxFEEDFACE), Vincent Desmurs (@vincedes3) and Joseph Shenton # Vendor Homepage: https://apple.com # Software...

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank...