Результаты поиска

JVC IP-Camera VN-T216VPRU - Local File Disclosure 1. Advisory Information ======================================== Title : JVC IP-Camera (VN-T216VPRU) Local File Inclusion Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types ...

Ocomon 2.0 - SQL Injection # Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection # Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 # Date: 2016.08.18 # Exploit Author: Jonatas Fil a.k.a pwx # Vendor Homepage: ninj4c0d3r.github.io # Version: Latest...

Adobe Flash - AVC Processing Out-of-Bounds Read The attached fuzz file causes an out-of-bounds read in AVC processing. To reproduce the issue, put both attached files on a server, and vist: http://127.0.0.1/LoadMP4.swf?file=transpose.mp4 This issue reproduces on Chrome and Firefox for Linux...

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin) # Title: Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin) # Author: Cakes # Exploit Date: 2018-08-01 # Vendor: Vox Telecom # Link: https://www.vox.co.za/ # Firmware Version: 6.2.W.1 # CVE: N/A # Description # Due to...

ZYCOO IP Phone System - Remote Command Execution Vulnerable hardware : ZYCOO IP phone system Vendor : zycoo.com Author : Ahmed sultan (@0x4148) Email : [email protected] Summary : According to the vendor's site , CooVox Series IP Phone System is the most innovative solution for VoIP...

WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection # Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection # Google Dork: intext:"/wp-content/plugins/gift-voucher/" # Date: 2018-08-23 # Exploit Author: Renos Nikolaou # Software Link...

Epiphany Web Browser 3.28.1 - Denial of Service (PoC) # Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service (PoC) # Author: Dhiraj Mishra # Date: 2018-08-23 # Software: https://projects-old.gnome.org/epiphany/ # Version: 3.28.1 # CVE: N/A # Tested on: Ubuntu 18 64bit # Steps to...

StyleWriter 4 1.0 - Denial of Service (PoC) # Exploit Title: StyleWriter 4 1.0 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-23 # Homepage: http://www.editorsoftware.com # Software Link: http://www.editorsoftware.com/StyleWriter_Download.php # Tested...

JVC IP-Camera VN-T216VPRU - Credentials Disclosure 1. Advisory Information ======================================== Title : JVC IP-Camera (VN-T216VPRU) Remote Credentials Disclosure Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera...

CuteFTP 8.3.1 - Denial of Service (PoC) # Exploit Title : CuteFTP 8.3.1 - Denial Of Service (PoC) # Exploit Author : Ali Alipour # WebSite : Alipour.it # Date: 2018-08-22 # Vendor Homepage : http://www.cuteftp.com/ # Software Link Download : https://filehippo.com/download_cuteftp_pro/4518/ #...

Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=828 The Microsoft GDI+ implementation of the EMF format supports records corresponding to the ExtTextOutA() and PolyTextOutA() API...

SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download # # # Multiple SIEMENS IP Cameras auth bypass configuration download # # Tested: # SIEMENS IP Camera CCID1410-ST X.1.0.24 # SIEMENS IP Camera CCMW1025 x.2.2.1798 # SIEMENS IP Camera CCMS2025 x.2.2.1798...

Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual...

Softdisk 3.0.3 - Denial Of Service (PoC) # Exploit Title: Softdisk 3.0.3 - Denial Of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-22 # Homepage: http://www.ezbsystems.com/ # Software Link: https://www.ezbsystems.com/softdisc/download.htm # Tested Version: 3.0.3 #...

Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=824 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like...

Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=826 The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF...

Easyboot 6.6.0 - Denial Of Service (PoC) # Exploit Title: Easyboot 6.6.0 - Denial Of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-22 # Homepage: http://www.ezbsystems.com/ # Software Link: http://www.ezbsystems.com/easyboot/download.htm # Tested Version: 6.6.0 #...

Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move...

Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=827 --> <script> function eventhandler1() { CollectGarbage(); } function eventhandler5() { try { /*FileReader*/...

Textpad 7.6.4 - Denial Of Service (PoC) # Exploit Title: Textpad 7.6.4 - Denial Of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-22 # Homepage: https://textpad.com # Software Link: https://textpad.com/download/v76/win32/txpeng764-32.zip # Tested Version: 7.6.4 #...

UltraISO 9.7.1.3519 - Denial Of Service (PoC) # Exploit Title : UltraISO 9.7.1.3519 - Denial Of Service (PoC) # Exploit Author : Ali Alipour # WebSite : Alipour.it # Date: 2018-08-22 # Vendor Homepage : https://www.ultraiso.com # Software Link Download : https://www.ultraiso.com/download.html...

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist # Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file # Author: loneferret from Kioptrix # Product: Pi-Hole # Version: Web Interface 1.3 # Web Interface software...

OpenSSH 2.3 < 7.7 - Username Enumeration # Exploit: OpenSSH 7.7 - Username Enumeration # Author: Justin Gardner # Date: 2018-08-20 # Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz # Affected Versions: OpenSSH version < 7.7 # CVE: CVE-2018-15473...

[Turkish] Drupal Coder Vulnerability Analysis & MSF Module Dev 40244.pdf

KingMedia 4.1 - File Upload # Exploit Title: KingMedia 4.1 - Remote Code Execution # Author: Efren Diaz # Exploit Date: 2018-08-15 # Software: KingMedia # Version: 1.x, 2.x, 3.x, 4.1 # Link: https://codecanyon.net/item/king-media-video-image-upload-and-share/7877877 # CVE: N/A <?php //...