Результаты поиска

AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello { (hello\n) print } def That's simple enough, but because a subroutine...

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others...

Exploiting Node.js deserialization bug for Remote Code Execution 41289.pdf

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank =...

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) # Exploit Title: Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) # Date: 2019/01/24 # Author: Saeed Hasanzadeh (Net.Hun73r) # Twitter: @nethun73r # Software Link...

PHP Dashboards NEW 5.8 - 'dashID' SQL Injection # Exploit Title: PHP Dashboards NEW 5.8 - SQL Injection # Dork: N/A # Date: 2019-01-21 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://dataninja.biz # Software Link...

Alternative for Information_Schema.Tables in MySQL 41274.pdf

MySQL Injection in Update, Insert, and Delete 41275.pdf

Microsoft Windows CONTACT - HTML Injection / Remote Code Execution [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt [+]...

Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure [+] Exploit Title: Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion [+] Date: 7 Feb 2017 [+] Vulnerability and Exploit Author: Wiswat Aswamenakul [+] Vendor Homepage: http://www.responsivefilemanager.com/ [+]...

MoneyFlux 1.0 - 'id' SQL Injection # Exploit Title: MoneyFlux - Cashflow Management System 1.0 - SQL Injection # Dork: N/A # Date: 2019-01-20 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://ragob.com/ # Software Link...

MySQL Out-of-Band Hacking 41273.pdf

Kepler Wallpaper Script 1.1 - SQL Injection # Exploit Title: Kepler Wallpaper Script 1.1 - SQL Injection # Dork: N/A # Date: 2019-01-19 # Exploit Author: Ihsan Sencan # Vendor Homepage: https://keplerwallpapers.online/ # Software Link: https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script #...

Coman 1.0 - 'id' SQL Injection # Exploit Title: Coman - Company Management System 1.0 - SQL Injection # Dork: N/A # Date: 2019-01-20 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://ragob.com/ # Software Link: https://codecanyon.net/item/coman-company-management-system/17799270 #...

Reservic 1.0 - 'id' SQL Injection # Exploit Title: Reservic - Reserves Management System 1.0 - SQL Injection # Dork: N/A # Date: 2019-01-20 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://ragob.com/ # Software Link...

Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type...

Microsoft Edge Chakra - 'InitClass' Type Confusion /* Issue description This is similar to issue 1702 (https://www.exploit-db.com/exploits/46203) . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: */ function opt(o, c, value) { o.b = 1; class A...

Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free /* The JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it's essentially...

Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting # Exploit Title: [Cross-site Scripting (XSS)] # Date: [2019-01-15] # Exploit Author: [Mohamed M.Fouad - From SecureMisr Company] # Vendor Homepage: [https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html]...

Microsoft Windows CONTACT - Remote Code Execution [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt [+] ISR...

Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation # Exploit Title: Check Point ZoneAlarm Local Privilege Escalation # Date: 1/16/19 # Exploit Author: Chris Anastasio # Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/ # Software Link: Vulnerable Versions included...

Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion /* In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the...

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User boundary Summary: The...

Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 (almost certainly earlier versions as well). Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria)...