Результаты поиска

PHPads 2.0 - 'click.php3?bannerID' SQL Injection [+] Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores [+] Date: 05/05/2019 [+] Risk: High [+] CWE Number : CWE-89 [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: https://blondish.net/ [+] Software Demo ...

Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1119 This is somewhat similar to https://crbug.com/663476. Here's a snippet of Container::replaceAllChildren...

Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1101 Note: It seems it doesn't crash the JSC compiled without Address Sanitizer. PoC: --> (function () { for (var i = 0; i < 1000000; ++i) {...

Apple WebKit - 'Document::adoptNode' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1099 This is a regression test from: https://crbug.com/541206. But I think it seems not possible to turn it into an UXSS in WebKit. PoC: --> <body> <script> var s =...

MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal Description: ============ product: MyBB Homepage: https://mybb.com/ vulnerable version: < 1.8.11 Severity: Low risk =============== Proof of Concept: ============= vulnerability...

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1121 Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is...

AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting Description: ============ product:MyBB Homepage:https://mybb.com/ vulnerable version:<1.8.11 Severity:High risk =============== Proof of Concept: ============= 1.post a thread or reply any thread ,write: hover me then when user’s mouse...

Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

Domoticz 4.10577 - Unauthenticated Remote Command Execution #!/usr/bin/env python #-*- coding: utf-8 -*- # Exploit Title: Unauthenticated Remote Command Execution on Domoticz <= 4.10577 # Date: April 2019 # Exploit Author: Fabio Carretto @ Certimeter Group # Vendor Homepage...

From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case) From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case) =================================================================== - Leon Juranic <leon[at]defensecode.com> http://www.defensecode.com/ Date: 03/10/2013...

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification elf_core_dump() has a comment back from something like 2.5.43-C3 that says: /* * We no longer stop all VM operations. * * This is because those proceses that could possibly...

Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery # Exploit Title: CSRF / Privilege Escalation (Manipulation of Role Agent to Admin) on Faveo version Community 1.9.3 # Google Dork: no # Date: 05-April-2017 # Exploit Author: @rungga_reksya, @yokoacc, @AdyWikradinata, @dickysofficial...

systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of...

QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection QNAP QTS multiple RCE vulnerabilities ===================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt Overview -------- QNAP QTS...

Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle<FixedArrayBase> Factory::NewFixedDoubleArray(int length...

osTicket 1.11 - Cross-Site Scripting / Local File Inclusion # Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion # Date: 09.04.2019 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) @ehakkus # Contact: https://pentest.com.tr # Vendor Homepage: https://osticket.com #...

RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # # TODO: add other non-payload files class MetasploitModule <...

Linux - 'page->_refcount' Overflow via FUSE Linux: page->_refcount overflow via FUSE with ~140GiB RAM usage Tested on: Debian Buster distro kernel "4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22)" KVM guest with 160000MiB RAM A while back, there was some discussion about possible...

GeoMoose < 2.9.2 - Directory Traversal # Exploit Title: GeoMoose <= 2.9.2 Local File Disclosure # Exploit Author: Sander 'dsc' Ferdinand # Date: 2017-03-4 # Version: <= 2.9.2 # Blog: https://ced.pwned.systems/advisories-geomoose-local-file-disclosure-2-9-2.html # Vendor Homepage: geomoose.org...

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host...

Apple WebKit - 'WebCore::toJS' Use-After-Free <!-- Source :https://bugs.chromium.org/p/project-zero/issues/detail?id=1114 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at <https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html>, for any action, a polkit policy can specify separate levels of required authentication based on whether a client...

Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition /* The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero...