Clik here to view.
Bypassing Browser Security Policies For Fun And Profit
In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in...
View ArticleClik here to view.
mkvalidator 0.5.1 Denial Of Service
mkvalidator version 0.5.1 suffers from multiple denial of service vulnerabilities leveraging libebml2 and mkclean.MD5 | a6a7a05030b7baeea04f707a0abb51bcDownloadSource:packetstormsecurity.com
View ArticleClik here to view.
SMPlayer 17.11.0 Buffer Overflow Proof Of Concept
SMPlayer version 17.11.0 .m3u buffer overflow proof of concept denial of service exploit.MD5 | 1bcb814e932a01009608c02420cfeeb3Download#!/usr/bin/python## Exploit Author: bzyo# Twitter: @bzyo_# Exploit...
View ArticleClik here to view.
ManageEngine Applications Manager 13 - SQL Injection
EDB-ID: 43129Author: Cody SixteenPublished: 2017-11-07CVE: CVE-2017-16542... Type: WebappsPlatform: WindowsAliases: N/AAdvisory/Source: N/ATags: SQL Injection (SQLi)Vulnerable App: N/A Proof of Concept...
View ArticleClik here to view.
IBM OpenPages GRC Platform CVE-2017-1290 Unspecified Cross Site Scripting...
IBM OpenPages GRC Platform is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
View ArticleClik here to view.
Ipswitch WS_FTP Professional Local Buffer Overflow
Ipswitch WS_FTP Professional versions prior to 12.6.0.3 local buffer overflow SEH exploit.MD5 | 933312c3e328f6314c710f3d3f67d22aDownload#!/usr/bin/python#Title: Ipswitch WS_FTP Professional Local...
View ArticleClik here to view.
Debut Embedded httpd 1.20 Denial Of Service
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying with an HTTP 500...
View ArticleClik here to view.
WordPress UserPro 4.6.17 Authentication Bypass
WordPress Userpro plugin versions 4.9.17 and below suffer from an authentication bypass vulnerability.MD5 | 3caf55475144701c51ba9e65a7535575Download# Exploit Title: Userpro a WordPress Plugin a...
View ArticleClik here to view.
Logitech Media Server 7.9.0 Cross Site Scripting
Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities.MD5 | 8c4957b94bdce3c0e68c8f212feeed3eDownload# Exploit Title: Logitech Media Server : Persistent Cross...
View ArticleClik here to view.
Actiontec C1000A Modem Backdoor Account
The Actiontec C1000A modem has a hard-coded backdoor admin account.MD5 | 9b26731e44af5a8e6e15a0558e3e6416Download# Exploit Title: Actiontec C1000A backdoor account# Google Dork: NA# Date: 11/04/2017#...
View ArticleClik here to view.
Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
This is a proof of concept exploit for the waitid bug introduced in version 4.13 of the Linux kernel. It can be used to break out of sandboxes such as that in Google Chrome.MD5 |...
View ArticleClik here to view.
pfSense 2.3.1_1 - Command Execution
EDB-ID: 43128Author: s4squatchPublished: 2017-11-07CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 11-06-2017 # Exploit Author: s4squatch (Scott White - www.trustedsec.com) # Vendor...
View ArticleClik here to view.
LibTIFF CVE-2017-16232 Multiple Local Memory Corruption Vulnerabilities
LibTIFF is prone to multiple local memory-corruption vulnerabilities. Attackers can exploit these issues to obtain sensitive information or to crash the affected application, resulting in a...
View ArticleClik here to view.
Joomla! Zh YandexMap Component CVE-2017-15966 SQL Injection Vulnerability
The Zh YandexMap component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker may leverage...
View ArticleClik here to view.
WordPress Duplicator Migration 1.2.28 Cross Site Scripting
WordPress Duplicator Migration plugin version 1.2.28 suffers from a cross site scripting vulnerability.MD5 | 2a23ccdd30440e91eff8eb3c5895687aDownloadClass Input Validation ErrorRemote YesCredit Ricardo...
View ArticleClik here to view.
pfSense 2.3.1_1 Post-Authentication Command Execution
pfSense versions 2.3.1_1 and below suffers from a post authentication command execution vulnerability.MD5 | d8d02e5d6eae4e7a40f0f83d102408adDownload# Exploit Title: pfSense <= 2.3.1_1 Post-Auth...
View ArticleClik here to view.
IBM Lotus Notes Denial Of Service
This Metasploit module creates a malicious web page that causes a crash in IBM Lotus Notes when viewed in the native browser.MD5 | 6f5149353309d9f52b58572701f6b48eDownload### This module requires...
View ArticleClik here to view.
Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
Apache Tomcat is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Apache Tomcat...
View ArticleClik here to view.
PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
PHP is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges within the context of a privileged process.PHP versions...
View ArticleClik here to view.
Geutebrueck GCore GCoreServer.exe Buffer Overflow
This Metasploit module exploits a stack Buffer Overflow in the GCore server (GCoreServer.exe). The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and...
View Article