Результаты поиска

NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require "msf/core" class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking...

Ghostscript - Failed Restore Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit Rank = ExcellentRanking PLACEHOLDER_STRING =...

BuilderEngine 3.5.0 - Arbitrary File Upload <!-- # Exploit Title: BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0 # Date: 18/09/2016 # Exploit Author: metanubix # Vendor Homepage: http://builderengine.org/ # Software Link: http://builderengine.org/page-cms-download.html # Version...

Cherry Music 0.35.1 - Arbitrary File Disclosure # Exploit Title: Cherry Music v0.35.1 directory traversal vulnerability allows authenticated users to download arbitrary files # Date: 11-09-2016 # Exploit Author: feedersec # Contact: [email protected] # Vendor Homepage...

Contrexx CMS egov Module 1.0.0 - SQL Injection # Exploit Title: Contrexx CMS:egov moudle SQL injection # Google Dork: inurl:?section=egov # Date: 12/9/2016 # Exploit Author: hamidreza borghei # Software Link: https://www.cloudrexx.com/de/index.php?section=downloads&cmd=7&category=8 # Version...

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=840 There's an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a...

Adobe Flash - Transform.colorTranform Getter Infomation Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=845 There is an info leak in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter...

Adobe Flash - Method Calls Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=846 If a method is called on a MovieClip, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a...

Wikipedia 12.0 - Denial of Service (PoC) # Exploit Title: Wikipedia 12.0 - Denial of Service (PoC) # Date: 9/2/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://www.microsoft.com/en-us/p/wikipedia/9wzdncrfhwm4?activetab=pivot%3aoverviewtab # Version...

Adobe ColdFusion < 11 Update 10 - XML External Entity Injection ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid (at) legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...

Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection # Exploit Title: Jorani Leave Management 0.6.5 – 'startdate' SQL Injection # Exploit Author: Javier Olmedo # Website: https://hackpuntes.com # Date: 2018-09-06 # Google Dork: N/A # Vendor: Benjamin BALET # Software Link...

Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC) # Exploit Title: Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC) # Date: 2018-08-30 # Exploit Author: Uriel Corral Salinas # Vendor Homepage: http://www.itlights.com # Software Link: http://www.scanwith.com/download/Free_Visual_Ping.htm...

[Hebrew] Digital Whisper Security Magazine #75 40331.pdf

Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC) # Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service (PoC) # Date: 2018-09-01 # Exploit Author: Ghaaf # Vendor Homepage: http://www.microsoft.com # Version: Windows 7(x86/x64) # Tested on...

ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows...

Vox TG790 ADSL Router - Cross-Site Scripting # Title: Vox TG790 ADSL Router - Cross-Site Scripting # Author: Cakes # Exploit Date: 2018-08-01 # Vendor: Vox Telecom # Link: https://www.vox.co.za/ # Firmware Version: 6.2.W.1 # CVE: N/A # Description # Due to improper user iunput management low...

Network Manager VPNC 1.2.6 - 'Username' Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking...

VSAXESS V2.6.2.70 build 20171226_053 - 'Nickname' Denial of Service (PoC) # Exploit Title: VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC) # Discovery by: Diego Santamaria # Discovery Date: 2018-08-31 # Vendor Homepage: https:https://www.visionistech.com/en/home/ #...

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC) #Exploit Title: NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2018-08-30 #Vendor Homepage...

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal # Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal # Date: 2018-08-29 # Exploit Author: Emre ÖVÜNÇ # Vendor Homepage: http://www.cybrotech.com/ # Software Link...

Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting # Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting # Date: 2018-08-29 # Exploit Author: Emre ÖVÜNÇ # Vendor Homepage: http://www.cybrotech.com/ # Software Link...

Drive Power Manager 1.10 - Denial Of Service (PoC) # Exploit Title: Drive Power Manager 1.10 - Denial Of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-29 # Homepage: https://www.hdtune.com/ # Software Link: https://www.hdtune.com/download.html # Tested Version: v1.10...

Easy PhotoResQ 1.0 - Denial Of Service (PoC) # Exploit Title: Easy PhotoResQ 1.0 - Denial Of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-29 # Homepage: https://www.hdtune.com/ # Software Link: https://www.hdtune.com/download.html # Tested Version: v1.0 # Tested on...

Trillian 6.1 Build 16 - 'Sign In' Denial of service (PoC) #Exploit Title: Trillian 6.1 Build 16 - "Sign In" Denial of service (PoC) #Discovery by: Jose Miguel Gonzalez #Discovery Date; 2018-08-29 #Vendor Homepage: https://www.trillian.im/ #Software Link: https://www.trillian.im/download/...