Clik here to view.
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
EDB-ID: 44393Author: Todor DonevPublished: 2018-04-02CVE: N/A Type: WebappsPlatform: HardwareVulnerable App: N/A # # Secutech RiS-11/RiS-22/RiS-33 V5.07.52_es_FRI01 # Remote DNS Change PoC # #...
View ArticleClik here to view.
OpenCMS 10.5.3 Cross Site Scripting
OpenCMS version 10.5.3 suffers from a cross site scripting vulnerability.MD5 | ae0ac77e764c93b388167c27e57b6978Download# Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability# Google...
View ArticleClik here to view.
OpenCMS 10.5.3 Cross Site Request Forgery
OpenCMS version 10.5.3 suffers from a cross site request forgery vulnerability.MD5 | efb5fe1b11d7f261d4ebe9651d26f1eaDownload# Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery...
View ArticleClik here to view.
ShoprLynx 9.2.3 Insecure File Permissions
ShoprLynx version 9.2.3 suffers from an insecure file permissions vulnerability.MD5 | 34cb6eae09a136075078fd8f17fca5cfDownloadShaprLynx v9.2.3 Insecure File PermissionsVendor: Lynx Software Pty...
View ArticleClik here to view.
Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type...
EDB-ID: 44394Author: Google Security ResearchPublished: 2018-04-03CVE: CVE-2018-6064 Type: DosPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: Type ConfusionVulnerable App: N/A Here's a snippet...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2)
EDB-ID: 44397Author: Google Security ResearchPublished: 2018-04-03CVE: CVE-2018-0934 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Here's a snippet of...
View ArticleClik here to view.
Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write
EDB-ID: 44395Author: Google Security ResearchPublished: 2018-04-03CVE: N/A Type: DosPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: Out Of BoundsVulnerable App: N/A Bug: The...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix)
EDB-ID: 44396Author: Google Security ResearchPublished: 2018-04-03CVE: CVE-2018-0933... Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Here's a snippet of...
View ArticleClik here to view.
DuckDuckGo 4.2.0 WebRTC Private IP Leakage
This Metasploit module exploits a vulnerability in browsers using well-known property of WebRTC (Web Real-Time Communications) which enables Web applications and sites to capture or exchange arbitrary...
View ArticleClik here to view.
Chrome V8 ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion
Chrome V8 suffers from a type confusion vulnerability in ElementsAccessorBase::CollectValuesOrEntriesImpl.MD5 | e92050fc25960e3ebedf1862a29f2346DownloadChrome: V8: Type confusion in...
View ArticleClik here to view.
Chrome V8 Genesis::InitializeGlobal Bugs
Chrome V8 has multiple bugs in Genesis::InitializeGlobal.MD5 | 0b5c156e751faddf1932eeb73dcaf083DownloadChrome: V8: Bugs in Genesis::InitializeGlobal Bug:The Genesis::InitializeGlobal method initializes...
View ArticleClik here to view.
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420
A security fix applied for Microsoft Edge Chakra JIT is incomplete.MD5 | dc6e350de68f5b22d4f1cdba5404821bDownloadMicrosoft Edge: Chakra: JIT: The fix for issue 1420 is incomplete. CVE-2018-0933Here's a...
View ArticleClik here to view.
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2
A security fix applied for Microsoft Edge Chakra JIT is incomplete.MD5 | 6099c93a3f08c4e81ed7de84882cba0aDownloadTitle: Microsoft Edge: Chakra: JIT: The fix for issue 1420 is incomplete...
View ArticleClik here to view.
ProcessMaker Plugin Code Execution
This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is...
View ArticleClik here to view.
Rockwell LOGIX 5324 ER Cross Site Scripting
Rockwell LOGIX 5324 ER suffers from cross site scripting and html injection vulnerabilities.MD5 | ea5b7abf9d32d9e47f4676930d6def4bDownload Vulnerable Product(s): Rockwell SCADA/ICS SystemAffected...
View ArticleClik here to view.
ProcessMaker - Plugin Upload (Metasploit)
EDB-ID: 44399Author: MetasploitPublished: 2018-04-04CVE: N/A Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: N/A # This module requires...
View ArticleClik here to view.
MPEngine UnRAR Inherited Flaw
Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code and has a vulnerability that has since...
View ArticleClik here to view.
Sophos Endpoint Protection 10.7 Tamper Protection Bypass
Sophos Endpoint Protection version 10.7 suffers from a tamper protection bypass vulnerability.MD5 | 81f02a8434690f8501645852069a7be1Download[+] Credits: John Page (aka hyp3rlinx) [+] Website:...
View ArticleClik here to view.
Sophos Endpoint Protection 10.7 Insecure Cryptography
Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability...
View ArticleClik here to view.
Adobe Flash 28.0.0.137 Remote Code Execution
Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.MD5 | d2fd29c4f918f11dabd7bb253cc87a3fDownload#!/usr/bin/env python# coding: UTF-8import BaseHTTPServerimport...
View Article