Результаты поиска

Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Local Rank =...

Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138) /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=914 Windows: VHDMP Arbitrary File Creation EoP Platform: Windows 10 10586 and 14393. Unlikely to work on 7 or 8.1 as I think it’s new...

Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution #!/usr/bin/env python # -*- coding: utf-8 -*- ''' Software : Dolphin <= 7.3.2 Auth bypass / RCE exploit Vendor : www.boonex.com Author : Ahmed sultan (0x4148) Home : 0x4148.com | https://www.linkedin.com/in/0x4148 Email ...

Microsoft Internet Explorer 11 - MSHTML CMapElement::Notify Use-After-Free (MS15-009) <!-- Source: http://blog.skylined.nl/20161114001.html Synopsis A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to...

Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

MTGAS MOGG Web Simulator Script - SQL Injection # Exploit Title: MOGG web simulator Script - SQL Injection # Date: 2018-10-29 # Exploit Author: Meisam Monsef - [email protected] - @meisamrce - @dorsateam # Vendor Homepage: https://github.com/spider312/mtgas # Version: All Version Exploit ...

[Hebrew] Digital Whisper Security Magazine #77 40754.pdf

ATutor 2.2.2 - Cross-Site Request Forgery (Add New Course) # Exploit Title: ATutor_2.2.2 Learning Management System # Cross-Site Request Forgery (Add New Course) # Date: 13-11-2016 # Software Link: https://github.com/atutor/ATutor/releases/tag/atutor_2_2_2 # Vendor: http://www.atutor.ca/ #...

InvoicePlane 1.4.8 - Password Reset # Exploit Title: InvoicePlane v1.4.8 Incorrect Access Control for password = reset # Date: 12-11-2016 # Exploit Author: feedersec # Contact: [email protected] # Vendor Homepage: https://invoiceplane.com # Software Link...

systemd - 'chown_one()' Dereference Symlinks [I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.md#security-vulnerability-reports .] When chown_one() in the recursive chown logic decides...

Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection <?php /* Software : Schoolhos CMS 2.29 Home : http://www.schoolhos.com/ Author : Ahmed sultan (0x4148) Email : [email protected] Home : 0x4148.com Intro Schoolhos CMS is alternative to developing School Website. It's Free and Open...

Microsoft Internet Explorer 11/10/9 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104) <!-- Source: http://blog.skylined.nl/20161109001.html Synopsis A specially crafted web-page can cause Microsoft Internet Explorer to assume a CSS value stored as a string...

4Images 1.7.13 - SQL Injection # vulnerable app : 4images <= 1.7.13 # Vendor : www.4homepages.de # Author : Ahmed sultan (0x4148) # Email : [email protected] # Home : 0x4148.com 4images is a powerful web-based image gallery management system. Features include comment system, user registration...

systemd - 'reexec' State Injection /* [I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.md#security-vulnerability-reports .] When systemd re-executes (e.g. during a package upgrade)...

vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection ################################################################################################## #Exploit Title : vBulletin <= 4.2.3 SQL Injection (CVE-2016-6195) #Author : Manish Kishan Tanwar AKA error1046...

Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137) MS16-137: LSASS Remote Memory Corruption Advisory Title: LSASS SMB NTLM Exchange Remote Memory Corruption Version: 1.0 Issue type: Null Pointer Dereference Authentication...

e107 CMS 2.1.2 - Privilege Escalation # Exploit Title: e107 CMS 2.1.2 Privilege Escalation # Date: 09-11-2016 # Software Link: http://e107.org/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps 1. Description...

Microsoft WININET.dll - 'CHttpHeaderParser::ParseStatusLine' Out-of-Bounds Read (MS16-104/MS16-105) <!-- Source: http://blog.skylined.nl/20161110001.html Synopsis A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end...

Navicat 12.0.29 - 'SSH' Denial of Service (PoC) # Exploit Title: Navicat 12.0.29 - 'SSH' Denial of Service (PoC) # Author: Rafael Alfaro # Discovery Date: 2018-10-27 # Vendor Homepage: https://www.navicat.com/es/ # Software Link : https://www.navicat.com/es/download/navicat-premium #...

Adobe Connect 9.5.7 - Cross-Site Scripting Document Title: =============== Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1838 Security ID: PSIRT-5180 Bulletin...

AlienIP 2.41 - Denial of Service (PoC) # Exploit Title: AlienIP 2.41 - Denial of Service (PoC) # Author: Arturo de la Cruz Tellez # Discovery Date: 2018-10-17 # Vendor Homepage: http://www.armcode.com # Tested Version: 2.41 # Tested on OS: Microsoft Windows 10 Home Single Language x64 #...

WebExec - (Authenticated) User Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## # Windows XP systems that are not part of a domain default to treating all # network logons as...

WebEx - Local Service Permissions Exploit (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Exploit::EXE...

WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_404_to_301_wordpress_plugin.html Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin Abstract A stored Cross-Site...