Результаты поиска

Apple macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1125 The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: /* u_int */ if (d->bd_bif != 0) error = EINVAL...

Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1111 SIOCSIFORDER and SIOCGIFORDER allow userspace programs to build and maintain the ifnet_ordered_head linked list of...

Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1116 necp_open is a syscall used to obtain a new necp file descriptor The necp file's fp's fg_data points to a struct necp_fd_data allocated...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 (not tested earlier) Class: Elevation of Privilege Security Boundary (per Windows Security Service...

Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1104 exec_handle_port_actions is responsible for handling the xnu port actions extension to posix_spawn. It supports 4 different types...

Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1108 SIOCSIFORDER is a new ioctl added in iOS 10. It can be called on a regular tcp socket, so from pretty much...

Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass Windows: LUAFV NtSetCachedSigningLevel Device Guard Bypass Platform: Windows 10 1809 (not tested earlier). Note I’ve not tested this on Windows 10 SMode. Class: Security Feature Bypass Summary: The...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 (not tested earlier) Class: Elevation of Privilege Security Boundary (per Windows...

Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1071 Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig...

Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation Windows: LUAFV LuafvCopyShortName Arbitrary Short Name EoP Platform: Windows 10 1809 (not tested earlier) Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User...

Bluecoat ASG 6.6/CAS 1.3 - Local Privilege Escalation (Metasploit) # Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS # Date: April 3, 2017 # Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd # Contact: chrisdhebert[at]gmail.com # Vendor Security Advisory...

Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User boundary (and others) Summary: The SxS...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation Windows: LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess EoP Platform: Windows 10 1809 (not tested earlier) Class: Elevation of Privilege Security Boundary (per Windows Security...

Splunk Enterprise - Information Disclosure [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt [+] ISR: ApparitionSec Vendor: =============== www.splunk.com...

Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # linux/armle/meterpreter/bind_tcp -> segfault #...

Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection (Metasploit) # Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS # Date: April 3, 2017 # Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd # Contact: chrisdhebert[at]gmail.com # Vendor Security Advisory...

EyesOfNetwork (EON) 5.1 - SQL Injection # Exploit Title: EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root # Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" # Date: 29/03/2017 # Exploit Author: Dany Bach # Vendor Homepage...

Sync Breeze Enterprise 9.5.16 - 'GET' Remote Buffer Overflow (SEH) #!/usr/bin/env python # Exploit Title: Sync Breeze Enterprise v9.5.16 - Remote buffer overflow (SEH) # Date: 2017-03-29 # Exploit Author: Daniel Teixeira # Vendor Homepage: http://syncbreeze.com # Software Link...

Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |mach_msg| with |deallocate| flag or |MACH_MSG_VIRTUAL_COPY| flag, |mach_msg| performs moving the memory to the destination process...

DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow #!/usr/bin/env python # Exploit Title: DiskBoss Enterprise v7.8.16 - 'Import Command' Buffer Overflow # Date: 2017-03-29 # Exploit Author: Daniel Teixeira # Author Homepage: www.danielteixeira.com # Vendor Homepage...

CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer Overflow #!/usr/bin/env python # Exploit Title: Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (SEH) # Date: 2017-03-29 # Exploit Author: Daniel Teixeira # Author Homepage: www.danielteixeira.com # Vendor...

Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow #!/usr/bin/env python # Exploit Title: DiskSorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow (SEH) # Date: 2017-03-29 # Exploit Author: Daniel Teixeira # Author Homepage: www.danielteixeira.com # Vendor Homepage...

RemoteMouse 3.008 - Arbitrary Remote Command Execution # Exploit Title: Remote Mouse 3.008 - Failure to Authenticate # Date: 2019-09-04 # Exploit Author: 0rphon # Software Link: https://www.remotemouse.net/ # Version: 3.008 # Tested on: Windows 10 #Remote Mouse 3.008 fails to check for...