Результаты поиска

Man-db 2.6.7.1 - Local Privilege Escalation /* EDB Note: man:man -> man:root ~ http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root -> root:root ~ http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c ~...

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): User boundary NOTE: This is one of...

Google Android - 'pm_qos' KASLR Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=971 The "pm_qos" module exposes an interface to kernel space for specifying QoS dependencies. In order to aid in debugging this interface, the module exposes a "debugfs" interface...

Wireshark - 'get_t61_string' Heap Out-of-Bounds Read The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"). --- cut ---...

MDwiki < 0.6.2 - Cross-Site Scripting Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source [MDwiki](https://github.com/Dynalon/mdwiki) universal system. (MDwiki is...

GNU Screen 4.5.0 - Local Privilege Escalation #!/bin/bash # screenroot.sh # setuid screen v4.5.0 local root exploit # abuses ld.so.preload overwriting to get root. # bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html # HACK THE PLANET # ~ infodox (25/1/2017) echo "~...

Disk Savvy Enterprise - GET Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Cisco WebEx - 'nativeMessaging' Remote Command Execution <!-- Cisco's WebEx extension (jlhmfgmfgeifomenelglieieghnjghma) has ~20M active users, and is part of Cisco's popular web conferencing software. The extension works on any URL that contains the magic pattern...

Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule <...

GNU Screen 4.5.0 - Local Privilege Escalation (PoC) Commit f86a374 ("screen.c: adding permissions check for the logfile name", 2015-11-04) The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory...

All in One Video Downloader 1.2 - (Authenticated) SQL Injection # Exploit Title: All in One Video Downloader 1.2 - SQL Injection # Google Dork: "developed by Niche Office" # Date: 1 Jan 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me #...

PageKit 1.0.10 - Password Reset # Exploit Title: Remote PageKit Password Reset Vulnerability # Date:21-01-2017 # Software Link: http://pagekit.com/ # Exploit Author: Saurabh Banawar from SecureLayer7 # Contact: http://twitter.com/securelayer7 # Website: https://securelayer7.net # Category...

Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service ''' Application: Java SE Vendor: Oracle Bug: DoS Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Author: Roman Shalymov 1...

Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Hashicorp Consul - Remote Command Execution via Services API (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Embed Video Scripts - Persistent Cross-Site Scripting # Exploit Title: Embed Video Scripts - Cross-site Script (stored) # Google Dork: N/A # Date: 1 Jan 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # POC Video...

WebKit JSC - 'AbstractValue::set' Use-After-Free <!-- void AbstractValue::set(Graph& graph, RegisteredStructure structure) { RELEASE_ASSERT(structure); m_structure = structure; m_arrayModes = asArrayModes(structure->indexingType()); m_type =...

Complain Management System - SQL injection # Title : Complain Management System SQL Injection # Date: 20 January 2017 # Exploit Author: Sibusiso Sishi [email protected] # Tested on: Windows7 x32 # Vendor: https://sourceforge.net/projects/complain-management-system/ # Version: not supplied...

WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write /* bool JSArray::shiftCountWithArrayStorage(VM& vm, unsigned startIndex, unsigned count, ArrayStorage* storage) { unsigned oldLength = storage->length(); RELEASE_ASSERT(count <= oldLength); // If the...

Courier Management System - SQL Injection # Title : Courier Management System - Sql Injection and non-persistent XSS login portal # Date: 17 January 2017 # Exploit Author: Sibusiso Sishi [email protected] # Tested on: Windows7 x32 # Vendor: http://couriermanageme.sourceforge.net/ #...

Art of Anti Detection - PE Backdoor Manufacturing 41129.pdf

Google Android TSP sysfs - 'cmd_store' Multiple Overflows Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=967 The TSP touchscreen controller driver exposes several sysfs entries through which the driver may be configured. One such entry, "cmd", allows the user to write...

SentryHD 02.01.12e - Local Privilege Escalation ''' # Exploit Title: SentryHD 02.01.12e Privilege Escalation # Date: 18-01-2017 # Software Link: http://www.minutemanups.com/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ #...

Netatalk 3.1.12 - Authentication Bypass ## # Exploit Title: Netatalk Authentication Bypass # Date: 12/20/2018 # Exploit Author: Jacob Baines # Vendor Homepage: http://netatalk.sourceforge.net/ # Software Link: https://sourceforge.net/projects/netatalk/files/ # Version: Before 3.1.12 # Tested...

Netatalk 3.1.12 - Authentication Bypass (PoC) import socket import struct import sys if len(sys.argv) != 3: sys.exit(0) ip = sys.argv[1] port = int(sys.argv[2]) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print "[+] Attempting connection to " + ip + ":" + sys.argv[2]...