Результаты поиска

LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website...

LEPTON 2.2.2 - Remote Code Execution Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/...

WordPress Plugin Olimometer 2.56 - SQL Injection # Exploit Title: Olimometer Plugin for WordPress – Sql Injection # Date: 14/11/2016 # Exploit Author: TAD GROUP # Vendor Homepage: https://wordpress.org/plugins/olimometer/ # Software Link: https://wordpress.org/plugins/olimometer/ # Contact...

Tetris Heap Spraying: Spraying the Heap on a Budget Tetris heap spraying: spraying the heap on a budget Source: http://blog.skylined.nl/20161118001.html Over the past decade, heap sprays have become almost synonymous with exploits in web-browsers (but let's not forget that they can be used...

Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104) <!-- Source: http://blog.skylined.nl/20161118002.html Synopsis A specially crafted web-page can cause an integer underflow in Microsoft Edge. This causes CTextExtractor::GetBlockText to read data outside of the...

Microsoft Internet Explorer 8 - jscript 'RegExpBase::FBadHeader' Use-After-Free (MS15-018) <!-- Source: http://blog.skylined.nl/20161116001.html Synopsis A specially crafted web-page can cause the Javascript engine of Microsoft Internet Explorer 8 to free memory used for a string. The code...

Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3...

ScriptCase 8.1.053 - Multiple Vulnerabilities [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt [+] ISR: ApparitionSec Vendor: ================== www.scriptcase.net...

Microsoft Edge Scripting Engine - Memory Corruption (MS16-129) <!-- Source: http://www.security-assessment.com/files/documents/advisory/edge_chakra_mem_corruption.pdf Name: Microsoft Edge Scripting Engine Memory Corruption Vulnerability (MS16-129) CVE: CVE-2016-7202 Vendor Website...

Microsoft Edge - 'Array.reverse' Overflow <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=925 There is an overflow when reversing arrays in Chakra. On line 5112 of JavascriptArray::EntryReverse, the length of the array is fetched and stored. It is then passed as a...

Microsoft Edge - 'Array.splice' Heap Overflow <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=934 There is a heap overflow in Array.splice in Chakra. When an array is spliced, and overflow check is performed, but ArraySpeciesCreate, which can execute code and alter the...

Palo Alto Networks PanOS - 'root_trace' Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=912 The setuid root executable /usr/local/bin/root_trace essentially just does setuid(0) then system("/usr/local/bin/masterd"), which is a python script: $ ls...

Palo Alto Networks PanOS - 'root_reboot' Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=913 This was fixed by PAN: http://securityadvisories.paloaltonetworks.com/Home/Detail/67 The root_reboot utility is setuid root, but performs multiple calls to...

WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection # Exploit Title: Product Catalog 8 1.2 Plugin WordPress – Sql Injection # Date: 12/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/product-catalog-8/ # Software Link...

Microsoft Edge - 'FillFromPrototypes' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=945 JavascriptArray::FillFromPrototypes is a method that is used by several Javascript functions available in the browser to set the native elements of an array to the...

Microsoft Edge - 'Array.filter' Information Leak <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=922 There is an info leak in Array.filter. In Chakra, the destination array that arrays are filtered into is initialized using ArraySpeciesCreate, which can create both...

Microsoft Edge - 'eval' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=948 In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra...

Nagios 4.2.2 - Local Privilege Escalation Affected Product: Nagios 4 Vulnerability Type: root privilege escalation Fixed in Version: N/A Vendor Website: https://www.nagios.com/ Software Link: : https://sourceforge.net/projects/nagios/files/latest/download?source=directory-featured...

FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow # -*- coding: utf-8 -*- # Exploit Title: FTPShell Client v5.24 PWD Remote Buffer Overflow # Date: 16/11/2016 # Author: Yunus YILDIRIM (Th3GundY) # Team: CT-Zer0 (@CRYPTTECH) - http://www.ct-zer0.com # Author Website: http://yildirimyunus.com...

WinaXe 7.7 FTP Client - Remote Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include...

WordPress Plugin Answer My Question 1.3 - SQL Injection # Exploit Title: Answer My Question 1.3 Plugin for WordPress – Sql Injection # Date: 10/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/answer-my-question/ # Software Link...

WordPress Plugin Sirv 1.3.1 - SQL Injection # Exploit Title: Sirv 1.3.1 Plugin For WordPress Sql Injection # Date: 10/11/2016 # Exploit Author: Lenon Leite # Vendor Homepage: https://wordpress.org/plugins/sirv/ # Software Link: https://wordpress.org/plugins/sirv/ # Contact...

Microsoft Windows - VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation (MS16-138) /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=915 Windows: VHDMP ZwDeleteFile Arbitrary File Deletion EoP Platform: Windows 10 10586 and 14393. No idea about 7 or 8.1...

Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138) /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=916 Windows: VHDMP Arbitrary Physical Disk Cloning EoP Platform: Windows 10 10586. No idea about 14393, 7 or 8.1 versions. Class...

Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=874 We have encountered a Windows kernel crash in the nt!RtlEqualSid function invoked through nt!SeAccessCheck by...