Результаты поиска

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC) In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins...

FaceTime - Texture Processing Memory Corruption There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. * thread #7, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0...

Android Kernel < 4.8 - ptrace seccomp Filter Bypass /* The seccomp.2 manpage (http://man7.org/linux/man-pages/man2/seccomp.2.html) documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. (This means that, on older ker‐...

SysGauge 1.5.18 - Remote Buffer Overflow # Exploit Title: SysGauge 1.5.18 – buffer overflow in SMTP connection verification function leads to code execution # Date: 2017-02-28 # Exploit Author: Peter Baris # Vendor Homepage: http://www.saptech-erp.com.au # Software Link...

Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory < 20170301-0 > ======================================================================= title: XML External Entity Injection (XXE)...

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_the_wordpress_newstatpress_plugin.html Abstract A persistent Cross-Site Scripting (XSS) vulnerability has been found in the WordPress NewStatPress plugin. By...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts...

BlueIris 4.5.1.4 - Denial of Service import socket # Title: BlueIris - Denial of Service # Date: 2017-02-28 # Exploit Author: Peter Baris # Vendor Homepage: http://www.saptech-erp.com.au # Software Link: http://blueirissoftware.com/blueiris.exe # Version: 4.5.1.4 # Tested on: Windows Server...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of OpenType fonts. It...

MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing...

Microsoft Edge / Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 PoC: --> <!-- saved from url=(0014)about:internet --> <style> .class1 { float: left; column-count: 5; } .class2 {...

Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution #!/usr/bin/python #Provides access to default user account, privileges can be easily elevated by using either: # - a kernel exploit (ex. memodipper was tested and it worked) # - by executing /bin/bd (suid backdoor present...

RSA Asymmetric Polymorphic Shellcode 41469.pdf

Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1049 When the new page is loading, FrameLoader::clear is called to clear the old document and window. Here's a snippet of FrameLoader::clear. void...

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1050 The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that...

Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1057 Here's a snippet of Frame::setDocument. void Frame::setDocument(RefPtr<Document>&& newDocument) { ASSERT(!newDocument ||...

AirMore 1.6.1 - Denial of Service (PoC) #!/usr/bin/python #coding: utf-8 # ************************************************************************ # * Author: Marcelo Vázquez (aka s4vitar) * # * AirMore 1.6.1 Remote Denial of Service (DoS) & System Freeze...

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1040 HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open...

Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference kvm_ioctl_create_device() contains the following code: dev = kzalloc(sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; dev->ops = ops; dev->kvm = kvm...

DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting # Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting # Date: 2018-11-22 # Exploit Author: Mohammed Abdul Kareem # Vendor Homepage: domainmod (https://domainmod.org/) # Software Link: domainmod...

Shutter 0.93.1 - Code Execution # Exploit Title: Shutter user-assisted remote code execution # Date: 2016-12-26 # Software Link: http://shutter-project.org/ # Version: 0.93.1 # Tested on: Ubuntu, Debian # Exploit Author: Prajith P # Website: http://prajith.in/ # Author Mail: [email protected] #...

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC) #!/usr/bin/python #coding: utf-8 # ********************************************************************* # * Author: Marcelo Vázquez (aka s4vitar) * # * ApowerManager Remote Denial of Service (DoS)...

DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting # Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting # Date: 2018-11-22 # Exploit Author: Mohammed Abdul Raheem # Vendor Homepage: domainmod (https://domainmod.org/) # Software Link: domainmod...