Результаты поиска

VX Search Enterprise 9.5.12 - 'Verify Email' Buffer Overflow author = ''' ############################################## # Created: ScrR1pTK1dd13 # # Name: Greg Priest # # Mail...

Microsoft Internet Explorer 11 - XML External Entity Injection [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt [+] ISR: ApparitionSec...

Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'fileutils' require 'rex/zip' class MetasploitModule <...

Github Enterprise - Default Session Secret and Deserialization (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

QNAP Netatalk < 3.1.12 - Authentication Bypass ## # Exploit Title: QNAP Netatalk Authentication Bypass # Date: 12/20/2018 # Original Exploit Author: Jacob Baines # Modifications for QNAP devices: Mati Aharoni # Vendor Homepage: http://netatalk.sourceforge.net/ # Software Link...

QNAP QTS < 4.2.4 - Domain Privilege Escalation QNAP QTS Domain Privilege Escalation Vulnerability Name Sensitive Data Exposure in QNAP QTS Systems Affected QNAP QTS (NAS) all model and all versions < 4.2.4 Severity High 7.9/10 Impact...

Apple Safari - 'DateTimeFormat.format' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1036 There is a type confusion vulnerability when calling DateTimeFormat.format. This function is provided as a bound function by a getter in the DateTimeFormat class...

Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1032 If a builtin script in webkit is in strict mode, but then calls a function that is not strict, this function is allowed to call...

Apple Safari - Out-of-Bounds Read when Calling Bound Function <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1033 There is an out-of-bounds read when reading the bound arguments array of a bound function. When Function.bind is called, the arguments to the call are...

WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow [+] Title: Disk Sorter Server v9.5.12 - Local Stack-based buffer overflow [+] Credits / Discovery: Nassim Asrir [+] Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ [+] Author Company: Henceforth [+]...

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is...

Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation /* Check this out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf Tested on: - Windows 10 Pro x64 (Pre-Anniversary) - hal.dll: 10.0.10240.16384 -...

Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation /* Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows...

Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'time' class MetasploitModule < Msf::Exploit::Remote...

Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion <!-- VULNERABILITY DETAILS ==1. TriggerPromiseReactions== https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=d24c8dd69f1c7e89553ce101272aedefdb41110d&l=5975 Handle<Object>...

Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

WebKitGTK+ - 'ThreadedCompositor' Race Condition <!-- VULNERABILITY DETAILS The compositor thread in WebKitGTK+ might alter a FilterOperation object's reference count variable at the same time as the main thread. Then the reference count corruption might lead to a UAF condition. REPRODUCTION...

Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary...

Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion <!-- VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/third_party/blink/renderer/bindings/core/v8/initialize_v8_extras_binding.cc?rcl=b16591511b299e0791def0b85dced2c74efc4961&l=90...

wifirxpower - Local Buffer Overflow (PoC) [+] Title: wifirxpower - Local Stack Based Buffer Overflow [+] Credits / Discovery: Nassim Asrir [+] Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ [+] Author Company: Henceforth [+] CVE: N/A Vendor...

WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free /* While fuzzing JavaScriptCore, I encountered the following (simplified and commented) JavaScript program which crashes jsc from current HEAD and release: */ function v9() { // Some watchpoint (on the...

Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe Privileged IPC services in userspace often have to verify the security context of their client processes (such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing...