Результаты поиска

XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection When the mmap() syscall is invoked on a POSIX shared memory segment (DTYPE_PSXSHM), pshm_mmap() maps the shared memory segment's pages into the address space of the calling process. It does this with the following code...

Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2) Source: https://cosig.gouv.qc.ca/en/cosig-2017-01-en/ ##################################################################################### # Application: Adobe Flash Player # Platforms: Windows,OSX #...

Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1) Source: https://cosig.gouv.qc.ca/en/cosig-2017-01-en/ ##################################################################################### # Application: Adobe Flash Player # Platforms: Windows,OSX #...

Starting Page 1.3 - 'category' SQL Injection # Exploit Title: Starting Page 1.3 "Add a Link" - SQL Injection # Date: 11-01-2017 # Software Link: http://software.friendsinwar.com/downloads.php?cat_id=2&download_id=11<http://software.friendsinwar.com/downloads.php?cat_id=2&download_id=11> #...

My Link Trader 1.1 - 'id' SQL Injection # Vulnerability: My link trader - SQL Injection # Date: 11.01.2017 # Vendor Homepage: http://software.friendsinwar.com/scripts_example/my_link_trader/ # Tested on: Kali Linux 2016.2 # Author: Dawid Morawski # Website: http://www.morawskiweb.pl # Contact...

DiskBoss Enterprise 7.5.12 - 'POST' Remote Buffer Overflow (SEH) #!/usr/bin/python # Exploit Title: DiskBoss Enterprise 7.5.12 SEH + Egghunter Buffer Overflow # Date: 10-01-2017 # Exploit Author: Wyndell Bibera # Software Link: http://www.diskboss.com/setups/diskbossent_setup_v7.5.12.exe #...

Starting Page 1.3 - 'linkid' SQL Injection # Vulnerability: Starting Page- SQL Injection # Date: 10.01.2017 # Vendor Homepage: http://software.friendsinwar.com/ # Tested on: win10 # Author: JaMbA # Script link: http://software.friendsinwar.com/news.php?readmore=31...

WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation # Exploit Title: WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation # Date: 10-01-2017 # Software Link: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/ # Exploit...

HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Emacs - movemail Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File...

Friends in War Make or Break 1.7 - 'imgid' SQL Injection # Exploit : Make or Break 1.7 (imgid) SQL Injection Vulnerability # Author : v3n0m # Contact : v3n0m[at]outlook[dot]com # Date : January, 09-2017 GMT +7:00 Jakarta, Indonesia # Software : Make or Break # Version : 1.7 Lower versions...

Advanced Desktop Locker 6.0.0 - Lock Screen Bypass Exploit Title : Advanced Desktop Locker [ Locker Bypass ] # Date: 8 - 1 - 2017 # Software Link: http://www.encrypt4all.com/products/advanced-desktop-locker-information.php # Sofrware Version : 6.0.0 # Exploit Author: Squnity | Sir.matrix #...

Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption The following crash due to a stack-based out-of-bounds memory access can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"): Attached...

Wireshark - 'find_signature' Heap Out-of-Bounds Read The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"): --- cut --- ==35788==ERROR...

My Link Trader 1.1 - Authentication Bypass # # # # # # Vulnerability:: Admin Login Bypass & SQLi # Date:09.01.2017 # Vendor Homepage: http://software.friendsinwar.com/ # Script Name: My Link Trader # Script Version: v1.1 # Script DL...

Google Android max86902 Driver - 'sysfs' Interfaces Race Condition Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=963 The MAX86902 sensor has a driver that exposes several interfaces through which the device may be configured. In addition to exposing a character device, it...

Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing Brave Browser Suffers from Address Bar Spoofing Vulnerability. Address Bar spoofing is a critical vulnerability in which any attacker can spoof the address bar to a legit looking website but the content of the web-page remains different...

My Click Counter 1.0 - Authentication Bypass ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: Admin login bypass via SQLi [x] Vendor: http://software.friendsinwar.com/ [x] Script Name: My Click Counter [x] Script Version: 1.0 [x] Script DL...

Kaspersky 17.0.0 - Local CA Root Incorrectly Protected /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=989 When Kaspersky generate a private key for the local root, they store the private key in %ProgramData%. Obviously this file cannot be shared, because it's the private...

Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting =====[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ]============== Persisted Cross-Site Scripting (XSS) in Confluence Jira Software ---------------------------------------------------------------- Author(s)...

Web App Penetration Testing - Local File Inclusion (LFI) 40992.pdf

[Hebrew] Digital Whisper Security Magazine #79 40980.pdf

Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH) #!/usr/bin/python # # Exploit Title: IDA 6.10.1.1527 FTP SEH Universal exploit. # Exploit Author: Fady Mohamed Osman (@fady_osman) # Exploit-db : http://www.exploit-db.com/author/?a=2986 # Youtube ...

QNAP NAS Devices - Heap Overflow ================== 1) [Heap overflow] ================== Path: /home/httpd/cgi-bin/cgi.cgi u = valid user [guest|admin] 1.1) /* Remote */ [Remote host]# echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=`for((i=0;i<263;i++));do echo -en "A";done` HTTP/1.0\nHost...

WordPress Plugin Simply Poll 1.4.1 - SQL Injection # Exploit Title: Simply Poll 1.4.1 Plugin for WordPress SQL Injection # Date: 21/12/2016 # Exploit Author: TAD GROUP # Vendor Homepage: https://wordpress.org/plugins/simply-poll/ # Software Link: https://wordpress.org/plugins/simply-poll/ #...