Результаты поиска

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10...

Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery # Exploit Title: Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery # Date: 2/26/2019 # Exploit Author: Alexandre Basquin # Vendor Homepage: https://blog.thehive-project.org # Software Link...

Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1084 When creating an object in Javascript, its |Structure| is created with the constructor's prototype's...

Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1094 Once a spread operation is optimized, the function |operationSpreadGeneric| will be called from then on. But...

How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008 41896.pdf

[Spanish] How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008 41897.pdf

Dmitry 1.3a - Local Buffer Overflow (PoC) ################ #Exploit Title: Dmitry(Deepmagic Information Gathering Tool) Local Stack Buffer Overflow #CVE: CVE-2017-7938 #CWE: CWE-119 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage...

pinfo 0.6.9 - Local Buffer Overflow (PoC) # Title: pinfo v0.6.9 - Local Buffer Overflow # Author: Nassim Asrir # Researcher at: Henceforth # Author contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ # CVE: N/A # Download # $ apt-get install pinfo # POC # For...

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Huawei HG532n - Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'base64' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # auxiliary/scanner/smb/smb_ms_17_010 require 'msf/core' class...

Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include...

PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) \## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/postgres' class MetasploitModule < Msf::Exploit::Remote...

[Turkish] Web Services Penetration Testing 41888.pdf

WinSCP 5.9.4 - 'LIST' Denial of Service (Metasploit) ## # Exploit Title: WinSCP 5.9.4 - (LIST) Command Denial of service (Crush application) # Date: [4-4-2017] mm.dd.yy # Exploit Author: [M.Ibrahim] [email protected] # E-Mail: vulnbug <at> gmail.com # Vendor Home Page...

Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt [+] ISR: ApparitionSec Vendor...

Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1192 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in...

Concrete5 CMS 8.1.0 - 'Host' Header Injection [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt [+] ISR: ApparitionSec Vendor: ==================...

VirusChaser 8.0 - Local Buffer Overflow (SEH) # Exploit Title: Virus Chaser 8.0 - Scanner component, SEH Overflow # Date: 14 April 2017 # Exploit Author: 0x41Li ([email protected]) # Vendor Homepage: https://www.viruschaser.com/ # Software Link...

Adobe Creative Cloud Desktop Application < 4.0.0.185 - Local Privilege Escalation [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt [+] ISR: apparitionSec Vendor...

microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection [+] Sql Injection on microASP (Portal+) CMS [+] Date: 05/05/2019 [+] Risk: High [+] CWE Number : CWE-89 [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: http://www.microasp.it/ [+] Contact...

Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1078 We have discovered two bugs in the implementation of the win32k!NtGdiGetDIBitsInternal system call, which is a part of the graphic...

Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1098 I confirmed the PoC crashes the release version of Safari 10.0.3(12602.4.8). (It might need to refresh the page several times.) PoC: -->...

Microsoft Windows PowerShell ISE - Remote Code Execution [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt [+] ISR: ApparitionSec [+] Zero...

Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1184 This bug report describes a vulnerability in memory_exchange() that permits PV guest kernels to write to an arbitrary virtual address with hypervisor...