Результаты поиска

blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include...

NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC) #!/usr/bin/env python # Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept # Bug Discovery: Magnus Klaaborg Stubman (@magnusstubman) # Exploit Author: Magnus Klaaborg Stubman...

NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC) #!/usr/bin/env python # Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS # Bug Discovery: Magnus Klaaborg Stubman (@magnusstubman) # Exploit Author: Magnus Klaaborg Stubman...

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free /* The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage...

Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=984 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP (Real-time Kernel Protection), running in EL2. This hypervisor is meant to...

NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC) #!/usr/bin/env python # Exploit Title: ntpsec 1.1.2 OOB read Proof of concept # Bug Discovery: Magnus Klaaborg Stubman (@magnusstubman) # Exploit Author: Magnus Klaaborg Stubman (@magnusstubman) # Website...

NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC) #!/usr/bin/env python # Exploit Title: ntpsec 1.1.2 OOB read Proof of concept # Bug Discovery: Magnus Klaaborg Stubman (@magnusstubman) # Exploit Author: Magnus Klaaborg Stubman (@magnusstubman) # Website...

Google Android - RKP Information Disclosure via s2-remapping Physical Ranges Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=982 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP (Real-time Kernel Protection), running in EL2. This hypervisor is...

Microsoft Windows 10 - SMBv3 Tree Connect (PoC) # Full Proof of Concept: # https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41222.zip import sys, struct, SocketServer from odict import OrderedDict from datetime import datetime from calendar import timegm...

Microsoft Windows VCF - Remote Code Execution [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt [+] ISR: ApparitionSec [+] Zero Day...

Fortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure #/usr/bin/python3 """ CVE-2018-13374 Publicado por Julio Ureña (PlainText) Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia...

Google Android - RKP EL1 Code Loading Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=981 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP (Real-time Kernel Protection), running in EL2. This hypervisor is meant to ensure that the HLOS...

Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 (not tested anything else). Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): Session Boundary Summary: The...

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 (almost certainly earlier versions as well). Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): AppContainer Sandbox...

Apple WebKit - 'HTMLKeygenElement' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=999 --> <keygen id="keygen_element" style="position:absolute; height: 100px; width: 100px;"> <script> var range = document.caretRangeFromPoint(50, 50); var...

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1038 There is a type confusion vulnerability that affects WebKit with accessibility enabled (WebCore::AXObjectCache::gAccessibilityEnabed). PoC...

Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User boundary NOTE: This is one of...

Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=994 Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=666246 PoC: --> <keygen id="keygen_element" style="position:absolute; height...

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User boundary NOTE...

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary (per Windows Security Service...

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=980 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP (Real-time Kernel Protection), running in EL2. This hypervisor is meant to...

Apple WebKit - 'HTMLFormElement::reset()' Use-After Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1044 --> <script> function go() { output.value = "aaa"; output.appendChild(inserted_div)...

Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 (not tested earlier versions) Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): Session...

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User boundary NOTE: This...

Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection # Exploit Title: Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection # Dork: N/A # Date: 2019-01-14 # Exploit Author: Ihsan Sencan # Vendor Homepage: http://ocsolutions.co.in/ # Software Link...