Результаты поиска

Linux SELinux - W+X Protection Bypass via AIO /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=854 SELinux has a set of permissions that can be used to prevent processes from creating executable memory mappings that contain data controlled by the process (PROCESS__EXECMEM...

Adobe Flash - Video Decompression Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=857 The attached fuzz file causes memory corruption when decompressing embedded video content. Fixed in the September update Proof of Concept...

Adobe Flash - Crash When Freeing Memory After AVC decoding Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=859 There is a crash when the AVC decoder attempts to free memory, likely indicating memory corruption. Fixed in the September update Proof of Concept...

Matrimonial Website Script 1.0.2 - SQL Injection ###################### # Application Name : Matrimonial Website Script v1.0.2 # Google Dork : inurl:viewfullprofile1.php?id= # Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL # Author Contact : https://twitter.com/byn4tural...

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1) /* # Exploit Title: STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation # Date: 2018-09-13 # Author: Parvez Anwar (@parvezghh) # Vendor Homepage: https://www.stopzilla.com/ # Software link...

Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH) # Exploit Title: Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-13 # Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper # Tested on...

Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC) # Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC) # Exploit Author: ZwX # Exploit Date: 2018-09-11 # Vendor Homepage : http://www.clone2go.com/ # Software Link...

JCraft/JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 Version: 0.3 Date: Aug 31st, 2016 Complete Proof of Concept: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725...

Metasploit Web UI - Diagnostic Console Command Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

Microsoft Office PowerPoint 2010 - Invalid Pointer Reference Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=866 The following crash was observed in Microsoft PowerPoint 2010 running under Windows 7 x86 with application verifier enabled. File versions are: mso.dll...

[Turkish] Network Penetration Testing 101 40408.pdf

Microsoft Windows Kerberos - Security Feature Bypass (MS16-101) # Exploit Title: Kerberos Security Feature Bypass Vulnerability (Kerberos to NTLM Fallback) # Date: 22-09-2016 # Exploit Author: Nabeel Ahmed # Tested on: Windows 7 Professional (x32/x64) and Windows 10 x64 # CVE : CVE-2016-3237 #...

Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC) # Exploit Title: Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-12 # Software Link: https://www.infiltration-systems.com/download.shtml # Tested...

Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=867 In issue 810 we pointed out to Symantec that they hadn't updated their unrar based unpacker for years, and it was vulnerable to...

IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection # Exploit Title: [Unauthenticated Remote SQLi] # Date: [11/09/2018] # Exploit Author: [Mohamed Sayed - From SecureMisr Company] # Vendor Homepage: [https://www-01.ibm.com/support/docview.wss?uid=ibm10728883] # Version...

VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=850 As already discussed in a number of reports in this tracker (#285, #286, #287, #288, #289, #292), VMware Workstation (current version 12.1.1...

iCash 7.6.5 - Denial of Service (PoC) # Exploit Title: iCash 7.6.5 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-12 # Software Link: https://www.maxprog.com/site/misc/downloads_us.php # Tested Version: 7.6.5 # Tested on OS: Windows 7 32-bit # Steps to...

PDF Explorer 1.5.66.2 - Denial of Service (PoC) # Exploit Title: PDF Explorer 1.5.66.2 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-12 # Software Link: https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip # Tested Version: 1.5.66.2 # Tested on OS...

RoboImport 1.2.0.72 - Denial of Service (PoC) # Exploit Title: RoboImport 1.2.0.72 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-11 # Software Link: http://www.picajet.com/download/RoboImportInstall.exe # Tested Version: 1.2.0.72 # Tested on OS: Windows 7...

PicaJet FX 2.6.5 - Denial of Service (PoC) # Exploit Title: PicaJet FX 2.6.5 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-11 # Software Link: http://www.picajet.com/download/PicaJetFXInstall.exe # Tested Version: 2.6.5 # Tested on OS: Windows 7 32-bit #...

VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=849 As already discussed in a number of reports in this tracker (#285, #286, #287, #288, #289, #292), VMware Workstation (current version...

Docker Daemon - Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File...

Android - 'zygote->init;' Chain from USB Privilege Escalation After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 (Android ID 80436257, CVE-2018-9445), I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I...

PixGPS 1.1.8 - Denial of Service (PoC) # Exploit Title: PixGPS 1.1.8 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-09-10 # Software Link: http://www.br-software.com/pixgps11_setup.exe # Tested Version: 1.1.8 # Tested on OS: Windows 7 32-bit # Steps to...

Google Android - getpidcon Usage binder Service Replacement Race Condition Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=851 This is very similar to forshaw's bug (<https://code.google.com/p/android/issues/detail?id=200617>...