Clik here to view.
Microsoft Windows 10 x64 RS2 win32kfull!bFill Overflow
This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits...
View ArticleClik here to view.
Magento Cross Site Requst Forgery / Cross Site Scripting
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to...
View ArticleClik here to view.
SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization
SmartBear SoapUI version 5.3.0 suffers from a remote code execution vulnerability via deserialization.MD5 | 30d35779c848aacb185006763fc22835DownloadTitle: SmartBear SoapUI - Remote Code Execution via...
View ArticleClik here to view.
WordPress 4.8.2 Activation Key Failed Expiry
WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.MD5 | 3c28a295dac492af383a14d0c08a3698DownloadDetails================Software:...
View ArticleClik here to view.
EMC Network Configuration Manager 9.x Cross Site Scripting
EMC Network Configuration Manager (NCM) is affected by a reflected cross site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions...
View ArticleClik here to view.
RSA Archer GRC 6.2.0.5 XSS / File Upload / Privilege Escalation
RSA Archer GRC version 6.2.0.5 suffers from cross site scripting, privilege escalation and remote file upload vulnerabilities.MD5 | ff86d3a0cf645804901bcb7686be5d89Download-----BEGIN PGP SIGNED...
View ArticleClik here to view.
Lansweeper 6.0.100.29 XXE Injection
Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.MD5 | ac359c8576cebe46e9bfc2fd930fc500Download=============================================- Release date:...
View ArticleClik here to view.
Metasploit Cross Site Rquest Forgery
Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.MD5 | c8ca60fdae30ac7c1a2e4987f680b81eDownload# Exploit Title: CSRF# Date: Wed, Aug 30, 2017#...
View ArticleClik here to view.
OrientDB 2.2.x Remote Code Execution
This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.MD5 |...
View ArticleClik here to view.
Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery
EDB-ID: 42961Author: Dhiraj MishraPublished: 2017-08-30CVE: CVE-2017-15084 Type: WebappsPlatform: RubyVulnerable App: N/A # Date: Wed, Aug 30, 2017 # Software Link: https://www.metasploit.com/ #...
View ArticleClik here to view.
PyroBatchFTP 3.17 - Buffer Overflow (SEH)
EDB-ID: 42962Author: Kevin McGuiganPublished: 2017-10-07CVE: CVE-2017-15035 Type: DosPlatform: WindowsVulnerable App: N/A print "PyroBatchFTP Local Buffer Overflow (SEH) Server" #Author: Kevin McGuigan...
View ArticleClik here to view.
Rancher Server Docker Exploit
Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker...
View ArticleClik here to view.
Ruby CVE-2017-14064 Arbitrary Memory Disclosure Vulnerability
Ruby is prone to an arbitrary memory disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Ruby 2.2.7, 2.3.x through...
View ArticleClik here to view.
RubyGems CVE-2017-0899 Security Bypass Vulnerability
RubyGems is prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass security restrictions and perform unauthorized actions. RubyGems version 2.6.12 and prior...
View ArticleClik here to view.
Ruby CVE-2017-14033 Buffer Underrun Vulnerability
Ruby is prone to a buffer-underrun vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible...
View ArticleClik here to view.
PyroBatchFTP 3.17 Buffer Overflow
PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.MD5 | bf52c10ef56c7f41656ce36b50a4981fDownload#!/usr/bin/pythonprint "PyroBatchFTP Local Buffer Overflow (SEH)...
View ArticleClik here to view.
Rancher Server - Docker Daemon Code Execution (Metasploit)
EDB-ID: 42964Author: MetasploitPublished: 2017-10-09CVE: N/A Type: RemotePlatform: Lin_x86-64Aliases: N/AAdvisory/Source: LinkTags: Metasploit FrameworkVulnerable App: N/A # This module requires...
View ArticleClik here to view.
OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit)
EDB-ID: 42965Author: MetasploitPublished: 2017-10-09CVE: N/A Type: RemotePlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: Metasploit FrameworkVulnerable App: N/A # This module requires...
View ArticleClik here to view.
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload...
EDB-ID: 42966Author: intx0x80Published: 2017-10-09CVE: CVE-2017-12617 Type: WebappsPlatform: JSPAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A import requests import re import signal...
View ArticleClik here to view.
ClipShare 7.0 - SQL Injection
EDB-ID: 42967Author: 8bitsecPublished: 2017-10-09CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 2017-10-09 # Exploit Author: 8bitsec # Vendor Homepage: http://www.clip-share.com/ #...
View Article