Результаты поиска

DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting # Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting # Date: 2018-11-22 # Exploit Author: Mohammed Abdul Kareem # Vendor Homepage: domainmod (https://domainmod.org/) # Software Link: domainmod...

Google Chrome - 'layout' Out-of-Bounds Read <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1024 Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=671328 PoC: --> <style> content { contain: size layout; } </style> <script> function leak() {...

Adobe Flash - YUVPlane Decoding Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1008 The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit...

DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting # Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting # Date: 2018-11-22 # Exploit Author: Mohammed Abdul Raheem # Vendor Homepage: domainmod (https://domainmod.org/) # Software Link: domainmod...

DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting # Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting # Date: 2018-11-22 # Exploit Author: Mohammed Abdul Raheem # Vendor Homepage: domainmod (https://domainmod.org/) # Software Link: domainmod...

Android - binder Use-After-Free of VMA via race Between reclaim and munmap The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There...

Adobe Flash - MP4 AMF Parsing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. Proof of Concept...

Adobe Flash - SWF Stack Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1013 The attached fuzzed swf causes stack corruption when it is loaded, likely due to the parsing of the SWF file. Proof of Concept...

Adobe Flash - Use-After-Free in Applying Bitmap Filter Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1007 The attached swf causes a use-after-free in applying bitmap filters. Proof of Concept...

Android - binder Use-After-Free via fdget() Optimization This bug report describes *two* different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 ("binder: fix proc->files use-after-free"); the second issue is in the...

Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=950 Platform: Microsoft Office 2010 on Windows 7 x86 Class: Time of check time of use leading to memory corruption The following crash was observed in...

Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was...

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution # Exploit Title: BlogEngine.NET <= 3.3.6 Directory Traversal RCE # Date: 02-11-2019 # Exploit Author: Dustin Cobb # Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ # Software Link...

Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) # Exploit Title: Sophos Web Appliance diagnostic_tools wget Remote Command Injection Vulnerablity # Date: 12/12/2016 # Exploit Author: xort @ Critical Start # Vendor Homepage: www.sophos.com # Software Link...

Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=949 Platform: Microsoft Office 2010 on Windows 7 x86 Class: heap memory corruption The following crash was observed in Microsoft Office...

Evince - CBT File Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'rex/zip' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Tenda N3 Wireless N150 Router - Authentication Bypass # Exploit Title: Complete Authentication Bypass In Tenda N3 Wireless N150 Routers # Date: 03-09-2015 # Software Link: http://tendacn.com/en/product/N150.html # Exploit Author: Mandeep Jadon # Contact: http://twitter.com/1337tr0lls #...

Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) # Exploit Title: Sophos Web Appliance UnBlock/Block-IP Remote Command Injection Vulnerablity # Date: 12/12/2016 # Exploit Author: xort @ Critical Start # Vendor Homepage: www.sophos.com # Software Link...

Injecting SQLite Database Based Applications 41397.pdf

Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking...

NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting # Exploit Title: Authorized Stored XSS at WordPress Corner-Ad plugin. # Google Dork: inurl:/wp-content/plugins/corner-ad # Date: 16-02-17 # Exploit Author: Atik Rahman # Vendor Homepage: https://wordpress.org/plugins/corner-ad/ # Software...

dotCMS 3.6.1 - Blind Boolean SQL Injection : ' # Blind Boolean SQL Injection in dotCMS <= 3.6.1 (CVE-2017-5344) ## Product Description dotCMS is a scalable, java based, open source content management system (CMS) that has been designed to manage and deliver personalized, permission based...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed...

GOM Player 2.3.10.5266 - '.fpx' Denial of Service # Exploit Title: GOM Player 2.3.10.5266 - Remote heap corruption (.fpx) # Date: 2017-02-15 # Exploit Author: Peter Baris # Exploit link: http://www.saptech-erp.com.au/resources/PoC.zip # Software Link...