Clik here to view.
Joomla! User Bench 1.0 SQL Injection
Joomla! User Bench component version 1.0 suffers from a remote SQL injection vulnerability.MD5 | 13472b1d713be21862827fd58ce8f843Download# # # # ## Exploit Title: Joomla! Component User Bench 1.0 - SQL...
View ArticleClik here to view.
Windows jscript!RegExpComp::Compile Heap Overflow
There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.MD5 | 6090424aeefb73a1046a5bb0694554fcDownloadWindows: Heap overflow...
View ArticleClik here to view.
Windows jscript!NameTbl::GetValDef Use-After-Free
There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.MD5 | aec6b9f25c8ebc849fe5b43820ec5473DownloadWindows: use-after-free in...
View ArticleClik here to view.
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
There is a use-after-free in jscript.dll library that can be exploited in IE11.MD5 | 70d9dab62006eb1aac80ab95307a311bDownloadIE11: use-after-free in jscript!JSONStringifyObject CVE-2017-11793There is a...
View ArticleClik here to view.
GoAhead LD_PRELOAD Remote Code Execution
GoAhead http versions 2.5 through 3.6.5 LD_PRELOAD remote code execution exploit.MD5 | f9e2734b50e21720d76a8c8736df6a20DownloadSource:packetstormsecurity.com
View ArticleClik here to view.
Joomla! JB Visa 1.0 SQL Injection
Joomla! JB Visa component version1.0 suffers from a remote SQL injection vulnerability.MD5 | fbd83c6c528edfa7d34d2326d265b26aDownload# # # # ## Exploit Title: Joomla! Component JB Visa 1.0 - SQL...
View ArticleClik here to view.
Jenkins XStream Groovy classpath Deserialization
This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with...
View ArticleClik here to view.
Tuleap 9.6 Second-Order PHP Object Injection
This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of...
View ArticleClik here to view.
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).MD5 | 5d6d4de766996a82680340bb4a93c196DownloadWindows: out-of-bounds read in jscript!RegExpFncObj::LastParen...
View ArticleClik here to view.
Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection
EDB-ID: 43365Author: Ihsan SencanPublished: 2017-12-19CVE: N/A Type: WebappsPlatform: PHPVulnerable App: # Exploit Title: Joomla! Component NextGen Editor 2.1.0 - SQL Injection # Dork: N/A # Date:...
View ArticleClik here to view.
BrightSign Digital Signage - Multiple Vulnerablities
EDB-ID: 43364Author: Information ParadoxPublished: 2017-12-19CVE: CVE-2017-17737... Type: WebappsPlatform: HardwareVulnerable App: N/A # Date: 12/15/17 # Exploit Author: singularitysec@gmail.com #...
View ArticleClik here to view.
WordPress WebConnex Form Management 1.6.3 Cross Site Scripting
WordPress WebConnex Form Management plugin version 1.6.3 suffers from a cross site scripting vulnerability.MD5 | ed224faad8372c18633ac31733b8c23bDownloadClass Input Validation ErrorRemote YesCredit...
View ArticleClik here to view.
WordPress Itinerary 1.0.0 Cross Site Scripting
WordPress Itinerary plugin version 1.0.0 suffers from a cross site scripting vulnerability.MD5 | 3b3e55bc570c582ddcd2ca8f9f399e32DownloadClass Input Validation ErrorRemote YesCredit Ricardo...
View ArticleClik here to view.
Intel Content Protection HECI Service Privilege Escalation
The Intel Content Protection HECI Service exposes a DCOM object to all users and most sandboxes (such as Edge LPAC and Chrome GPU). It has a type confusion vulnerability which can be used to elevate to...
View ArticleClik here to view.
BrightSign Digital Signage XSS / Traversal / File Upload
BrightSign Digital Signage suffers from cross site scripting, directory traversal, and file upload vulnerabilities.MD5 | d7db3e462951f413cc5395b7b18f9b1cDownload# Exploit Title: BrightSign Digital...
View ArticleClik here to view.
Joomla! NextGen Editor 2.1.0 SQL Injection
Joomla! NextGen Editor component version 2.1.0 suffers from a remote SQL injection vulnerability.MD5 | 2c8b85eabf5921ee744c2ed6017bd135Download# # # # ## Exploit Title: Joomla! Component NextGen Editor...
View ArticleClik here to view.
Linksys WVBR0-25 CVE-2017-17411 Remote Command Injection Vulnerability
Linksys WVBR0-25 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploit allows an attacker to execute arbitrary commands...
View ArticleClik here to view.
IBM RPA with Automation Anywhere CVE-2017-1751 Cross Site Scripting...
IBM Robotic Process Automation with Automation Anywhere is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue...
View ArticleClik here to view.
IBM Business Process Manager CVE-2017-1494 Cross Site Scripting Vulnerability
IBM Business Process Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...
View ArticleClik here to view.
Genexis GAPS 7.2 Access Control
Genexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.MD5 |...
View Article