Результаты поиска

Wansview 1.0.2 - Denial of Service (PoC) # Exploit Title: Wansview 1.0.2 - Denial of Service (PoC) # Author: Gionathan "John" Reale # Discovey Date: 2018-08-14 # Software Link: http://www.wansview.com/uploads/soft/Wansview_v1.0.2.exe # Tested Version: 1.0.2 # Tested on OS: Windows 10 # Steps...

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report...

Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) # Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) # Discovery by: Shubham Singh # Known As: Spirited Wolf [Twitter: @Pwsecspirit] # Discovey Date: 2018-08-13 # Vendor Homepage...

Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service Sample generated with AFL Build Information: TShark (Wireshark) 2.0.4 Copyright 1998-2016 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later...

Android - Directory Traversal over USB via Injection in blkid Output When a USB mass storage device is inserted into an Android phone (even if the phone is locked!), vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the...

Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service Sample PCAP Build Information: TShark (Wireshark) 2.0.2 (SVN Rev Unknown from unknown) Copyright 1998-2016 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later...

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting # Exploit Title: [IBM Sterling B2B Integrator persistent cross-site scripting] # Exploit Author: [Vikas Khanna] (https://www.linkedin.com/in/leetvikaskhanna/) (https://twitter.com/MR_SHANU_KHANNA) # Vendor Homepage...

Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service GIOP capture Build Information: Version 2.0.3 (v2.0.3-0-geed34f0 from master-2.0) Copyright 1998-2016 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later...

Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - PacketBB Dissector Denial of Service Sample generated by AFL Build Information: TShark 1.12.9 (v1.12.9-0-gfadb421 from (HEAD) Copyright 1998-2015 Gerald Combs <[email protected]> and contributors. This is free software; see the source for...

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be...

Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service Sample generated with AFL Build Information: TShark 1.12.9 (v1.12.9-0-gfadb421 from (HEAD) Copyright 1998-2015 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions...

Wireshark 2.0.0 < 2.0.4 - MMSE / WAP / WBXML / WSP Dissectors Denial of Service Build Information: TShark (Wireshark) 2.0.2 (SVN Rev Unknown from unknown) Copyright 1998-2016 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later...

WebKit - TypedArray.copyWithin Memory Corruption <!-- There is a bug in TypedArray.copyWithin that can be used to write to an absolute pointer. In JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h, the function genericTypedArrayViewProtoFuncCopyWithin contains the following...

IP Finder 1.5 - Denial of Service (PoC) # Exploit Title: IP Finder 1.5 - Denial of Service (PoC) # Author: Shubham Singh # Known As: Spirited Wolf [Twitter: @Pwsecspirit] # Discovey Date: 2018-08-12 # Software Link...

[Hebrew] Digital Whisper Security Magazine #74 40188.pdf

AppArmor securityfs < 4.8 - 'aa_fs_seq_hash_show' Reference Count Leak /* There's a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free static int aa_fs_seq_hash_show(struct seq_file *seq, void *v) { struct...

Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read perf_event_open() offers to collect various pieces of information when an event occurs, including a user stack backtrace (PERF_SAMPLE_CALLCHAIN). To collect a user stack backtrace, the kernel grabs the userland register state...

WebKit - TypedArray.fill Memory Corruption <!-- There is a bug in TypedArray.fill that can be used to write to an absolute pointer. In JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h, the function genericTypedArrayViewProtoFuncFill contains the following code...

Centreon 2.5.3 - Web Useralias Command Execution (Metasploit) ## ## This module requires Metasploit: http://metasploit.com/download ## Current source: https://github.com/rapid7/metasploit-framework ### require 'msf/core' class MetasploitModule < Msf::Exploit::Remote include...

iSmartViewPro 1.5 - 'Account' Buffer Overflow # Exploit Title: iSmartViewPro 1.5 - 'Account' Buffer Overflow # Discovery by: Alan Joaquín Baeza Meza # Discovery Date: 2018-08-07 # Vendor Homepage: http://www.securimport.com/n/en/ # Software Link...

iSmartViewPro 1.5 - 'Password' Buffer Overflow # Exploit Title: iSmartViewPro 1.5 - 'Password' Buffer Overflow # Discovery by: Javier Enrique Rodriguez Gutierrez # Discovery Date: 2018-08-09 # Vendor Homepage: https://securimport.com/ # Software Link...

VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation // Source: http://blog.cmpxchg8b.com/2013/08/security-debianisms.html On most modern Linux systems, /bin/sh is provided by bash, which detects that it's being invoked as sh, and attempts to mimic traditional sh. As everyone...

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow # Exploit Title: iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow # Author: Rodrigo Eduardo Rodriguez # Discovery Date: 2018-08-07 # Vendor Homepage: https://securimport.com/ # Software Link...

Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory < 20160725-0 > ======================================================================= title: Multiple vulnerabilities product: Micro Focus (former...

OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated) # Title: OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated) # Author: Cody Zacharias # Date: 2018-08-07 # Vendor Homepage: https://www.open-emr.org/ # Software Link: https://github.com/openemr/openemr/archive/v5_0_1_3.tar.gz #...