Результаты поиска

VBScript - VbsErase Reference Leak Use-After-Free There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. Details...

VBScript - MSXML Execution Policy Bypass According to https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11/, Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the...

Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include...

Openexpert 0.5.17 - 'area_id' SQL Injection # Title : Openexpert 0.5.17 - Sql Injection # Author: Nassim Asrir # Author Company: Henceforth # Tested on: Winxp sp3 - win7 # Vendor: https://sourceforge.net/projects/law-expert/ # Download Software...

WinaXe Plus 8.7 - Remote Buffer Overflow # Exploit Title: WinaXe Plus 8.7 - lpr remote buffer overflow # Date: 2017-01-16 # Exploit Author: Peter Baris # Exploit link: http://www.saptech-erp.com.au/resources/winaxe_lpr.zip # Software Link: http://www.labf.com/download/winaxep-ok.html #...

IBM Operational Decision Manager 8.x - XML External Entity Injection # Exploit Title: [XML External Entity Injection (XXE)] # Date: [2018-12-18] # Exploit Author: [Mohamed M.Fouad - From SecureMisr Company] # Vendor Homepage: [https://www-01.ibm.com/support/docview.wss?uid=ibm10744149] #...

DiskBoss Enterprise - GET Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service # Exploit Title: Excel Password Recovery Professional # Date: 15-12-2018 # Vendor Homepage:https://www.recoverlostpassword.com/ # Software Link...

MegaPing - Local Buffer Overflow Denial of Service # Exploit Title: MegaPing # Date: 15-12-2018 # Vendor Homepage: http://www.magnetosoft.com/ # Software Link: http://www.magnetosoft.com/downloads/win32/megaping_setup.exe # Exploit Author: Achilles # Tested Version: # Tested on: Windows 7...

Nsauditor 3.0.28.0 - Local SEH Buffer Overflow # Exploit Title: Nsauditor Local SEH Buffer Overflow # Date: 15-12-2018 # Vendor Homepage:http://www.nsauditor.com # Software Link: http://www.nsauditor.com/downloads/nsauditor_setup.exe # Exploit Author: Achilles # Tested Version: 3.0.28.0 #...

Safari - Proxy Object Type Confusion (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::EXE...

Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write <!-- There is an out-of-bounds write vulnerability in jscript.dll in JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. PoC...

AnyBurn 4.3 - Local Buffer Overflow (PoC) # Exploit Title: AnyBurn # Date: 15-12-2018 # Vendor Homepage: http://www.anyburn.com/ # Software Link : http://www.anyburn.com/anyburn_setup.exe # Exploit Author: Achilles # Tested Version: 4.3 (32-bit) # Tested on: Windows 7 x64 # Vulnerability Type...

CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit Rank = NormalRanking include...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure Details ================ Software: Fortify SSC (Software Security Center) Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2) Details ================ Software: Fortify SSC (Software Security Center) Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE...

Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

Linux - 'userfaultfd' Bypasses tmpfs File Permissions Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vma_can_userfault(): It must be an anonymous VMA (->vm_ops==NULL), a hugetlb VMA (VM_HUGETLB), or a shmem VMA...

WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains <!-- Bug: void JSObject::setPrototypeDirect(VM& vm, JSValue prototype) { ASSERT(prototype); if (prototype.isObject()) prototype.asCell()->didBecomePrototype(); if...

Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) // Source: https://github.com/sensepost/ms16-098/tree/b85b8dfdd20a50fc7bc6c40337b8de99d6c4db80 // Binary: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41020.exe #include <Windows.h> #include...

VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow In modules/codec/adpcm.c, VLC can be made to perform an out-of-bounds write with user-controlled input. The function DecodeAdpcmImaQT at adpcm.c:595 allocates a buffer which is filled with bytes from the input stream...

ZTE ZXHN H168N - Improper Access Restrictions POC: (CVE-2018-7357 and CVE-2018-7358) Disclaimer: [This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post] [+] Unauthenticated [+] Author: Usman Saeed (usman [at]...

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the...

Boxoft Wav 1.0 - Buffer Overflow Document Title: =============== Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2027 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID...

OpenSSL - Weak KDF I'm glad more people are in here now. It gets much, much worse than this. The post below literally says "if you have the password, you can generate the key and open the file. The real exploit is that you don't need the password or the key to open a file. That is how...