Результаты поиска

Microsoft Edge - JSON.parse Info Leak <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=952 There is an info leak in JSON.parse. If this function is called with a reviver, and the reviver modifies the output object to contain a native array, the Walk function assumes that...

Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=932 The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses port_index without validation, leading to writing the dword value 0 or 1 at an...

Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service /* [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CISCO-IMMUNET-AND-CISCO-AMP-FOR-ENDPOINTS-SYSTEM-SCAN-DENIAL-OF-SERVICE.txt [+]...

DiskBoss Enterprise 7.4.28 - 'GET' Remote Buffer Overflow #!/usr/bin/python import socket,os,time #SEH Stack Overflow in GET request #DiskBoss Enterprise 7.4.28 #Tested on Windows XP SP3 & Windows 7 Professional #For educational proposes only host = "192.168.1.20" port = 80 #badchars...

WordPress Plugin Single Personal Message 1.0.3 - SQL Injection # Exploit Title: Single Personal Message 1.0.3 – Plugin WordPress – Sql Injection # Date: 28/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/simple-personal-message/ # Software Link...

Apache CouchDB 2.0.0 - Local Privilege Escalation [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/APACHE-COUCHDB-LOCAL-PRIVILEGE-ESCALATION.txt [+] ISR: ApparitionSec Vendor: ==================...

NetCat 0.7.1 - Denial of Service #/usr/bin/python #-*- Coding: utf-8 -*- ### GNU Netcat 0.7.1 - Out of bounds array write (Access Violation) by n30m1nd ### # Date: 2016-11-19 # Exploit Author: n30m1nd # Vendor Homepage: http://netcat.sourceforge.net/ # Software Link...

Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH) #!/usr/bin/python #Open the DupScout client and click on Tools > click on Connect Network Drive > type the content of boom.txt in the "User Name" field. The payload is sent to the DupScout server (port 9126) #SEH based stack overflow...

Microsoft Event Viewer 1.0 - XML External Entity Injection [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt [+] ISR: ApparitionSec [+] CVE: CVE-2019-0948...

Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt [+] ISR: ApparitionSec Vendor...

Evince 3.24.0 - Command Injection # Exploit Title: evince command line injection # Date: 2017-09-05 # Exploit Author: Matlink # Vendor Homepage: https://wiki.gnome.org/Apps/Evince # Software Link: https://wiki.gnome.org/Apps/Evince # Version: 3.24.0 # Tested on: Debian sid # CVE ...

Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows...

Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-AZMAN-XXE-FILE-EXFILTRATION.txt [+] ISR: ApparitionSec Vendor...

Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt [+] ISR...

Alcatel Lucent Omnivista 8770 - Remote Code Execution import socket import time import sys import os # ref https://blog.malerisch.net/ # Omnivista Alcatel-Lucent running on Windows Server if len(sys.argv) < 2: print "Usage: %s <target> <command>" % sys.argv[0] print "eg: %s...

WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion # Exploit Title: WP Vault 0.8.6.6 – Plugin WordPress – Local File Inclusion # Date: 28/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/wp-vault/ # Software Link...

Disk Savvy Enterprise 9.1.14 - 'GET' Remote Buffer Overflow #!/usr/bin/python import socket,os,time #SEH Stack Overflow in GET request #Disk Savvy Enterprise 9.1.14 #Tested on Windows XP SP3 && Windows 7 Professional host = "192.168.1.20" port = 80 #badchars \x00\x09\x0a\x0d\x20 #msfvenom...

[Hebrew] Digital Whisper Security Magazine #78 40855.pdf

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) // EDB-Note: Compile: g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil // EDB-Note: Recommended way to run: ./dcow -s (Will automatically do "echo 0 >...

WinPower 4.9.0.4 - Local Privilege Escalation // Exploit Title: WinPower V4.9.0.4 Privilege Escalation // Date: 29-11-2016 // Software Link: http://www.ups-software-download.com/ // Exploit Author: Kacper Szurek // Contact: http://twitter.com/KacperSzurek // Website: http://security.szurek.pl/...

Xitami Web Server 5.0a0 - Denial of Service #!/usr/bin/env python # # # X5 Webserver 5.0 Remote Denial Of Service Exploit # # # Vendor: iMatrix # Product web page: http://www.xitami.com # Affected version: 5.0a0 # # Summary: X5 is the latest generation web server from iMatix Corporation. # The...

Red Hat JBoss EAP - Deserialization of Untrusted Data Security Advisory @ Mediaservice.net Srl (#05, 23/11/2016) Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description...

Microsoft Internet Explorer 10 - MSHTML 'CEditAdorner::Detach' Use-After-Free (MS13-047) <!-- Source: http://blog.skylined.nl/20161125001.html Synopsis A specially crafted web-page can cause Microsoft Internet Explorer 10 to continue to use an object after freeing the memory used to store...

Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009) Source: http://blog.skylined.nl/20161128001.html Synopsis A specially crafted web-page can cause a type confusion vulnerability in Microsoft Internet Explorer 8 through to 11. An attacker can cause...

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) // // This exploit uses the pokemon exploit of the dirtycow vulnerability // as a base and automatically generates a new passwd line. // The user will be prompted for the new...