Clik here to view.
Chakra CFG Bypass With leafInterpreterFrame
Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra (except a tagged int) is a pointer. From this pointer, using an arbitrary read, it is possible to follow...
View ArticleClik here to view.
Chakra CFG Bypass By Overwriting JavaScript Bytecode
Chakra suffers from a CFG bypass by overwriting JavaScript bytecode.MD5 | 9e57eaebd2d21e12b8ff2602894b0871DownloadChakra: CFG bypass by overwriting JavaScript bytecode Assume an attacker has the...
View ArticleClik here to view.
WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting
WordPress 3rd-Party Inject Results plugin version 0.2 suffers from a persistent cross site scripting vulnerability.MD5 | 6d2a2496807bbfc5b9169ebcdb5486a0DownloadClass Input Validation ErrorRemote...
View ArticleClik here to view.
WordPress Super Simple Custom CSS 1.2 Cross Site Scripting
WordPress Super Simple Custom CSS plugin version 1.2 suffers from a persistent cross site scripting vulnerability.MD5 | 91009decf866411ea09c3d6b5295a4c1DownloadClass Input Validation ErrorRemote...
View ArticleClik here to view.
WordPress WP Mailster 1.5.4.0 Cross Site Scripting
WordPress WP Mailster plugin version 1.5.4.0 suffers from a persistent cross site scripting vulnerability.MD5 | b99fe238c6deceb9c0356cc5201dd253DownloadClass Input Validation ErrorRemote YesCredit...
View ArticleClik here to view.
Microsoft Office Equation Editor Code Execution
This Metasploit module exploits a flaw in how the Equation Editor handles OLE objects in memory to execute arbitrary code using RTF files without interaction.MD5 |...
View ArticleClik here to view.
Polycom Shell HDX Series Traceroute Command Execution
Within Polycom command shell, a command execution flaw exists in lan traceroute, one of the dev commands, which allows for an attacker to execute arbitrary payloads with telnet or openssl.MD5 |...
View ArticleClik here to view.
WinduCMS 3.1 - Local File Disclosure
EDB-ID: 43214Author: Maciek KrupaPublished: 2017-12-06CVE: N/A Type: WebappsPlatform: PHPVulnerable App: # # Exploit Title: WinduCMS <= 3.1 - Local File Disclosure # Date: 2017-12-03 # Exploit...
View ArticleClik here to view.
FS Shaadi Clone - 'token' SQL Injection
EDB-ID: 43215Author: Dan°Published: 2017-12-06CVE: N/A Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: N/ATags: SQL Injection (SQLi)Vulnerable App: N/A # Date: 2017-12-05 # Exploit Author: Dan°...
View ArticleClik here to view.
FS Makemytrip Clone - 'id' SQL Injection
EDB-ID: 43213Author: Dan°Published: 2017-12-06CVE: N/A Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: N/ATags: SQL Injection (SQLi)Vulnerable App: N/A # Date: 2017-12-05 # Exploit Author: Dan°...
View ArticleClik here to view.
Arq 5.9.7 - Local root Privilege Escalation
EDB-ID: 43216Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-16895 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: N/A As well as the other bugs affecting...
View ArticleClik here to view.
Murus 1.4.11 - Local root Privilege Escalation
EDB-ID: 43217Author: Mark WadhamPublished: 2017-12-06CVE: N/A Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: # firewall. By design it requires the user to...
View ArticleClik here to view.
Arq 5.9.6 - Local root Privilege Escalation
EDB-ID: 43218Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-15357 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: N/A # windows machines. Unfortunately...
View ArticleClik here to view.
Hashicorp vagrant-vmware-fusion 4.0.24 - Local root Privilege Escalation
EDB-ID: 43223Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-12579 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: N/A # Unfortunately the 4.0.23 release...
View ArticleClik here to view.
Hashicorp vagrant-vmware-fusion 5.0.3 - Local root Privilege Escalation
EDB-ID: 43219Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-16777 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: N/A # time - this one is only exploitable...
View ArticleClik here to view.
Hashicorp vagrant-vmware-fusion 5.0.0 - Local root Privilege Escalation
EDB-ID: 43222Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-15884 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: N/A # ruby code that get executed as root...
View ArticleClik here to view.
Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation
EDB-ID: 43224Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-11741 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: N/A # vagrant-vmware-fusion plugin: # #...
View ArticleClik here to view.
Proxifier for Mac 2.19 - Local root Privilege Escalation
EDB-ID: 43225Author: Mark WadhamPublished: 2017-12-06CVE: CVE-2017-7690 Type: LocalPlatform: macOSAliases: N/AAdvisory/Source: LinkTags: LocalVulnerable App: # binary that ships with Proxifier <=...
View ArticleClik here to view.
IBM Connections CVE-2017-1498 Cross Site Scripting Vulnerability
IBM Connections is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
View ArticleClik here to view.
IBM Connections Engagement Center Cross Site Scripting and Information...
IBM Connections Engagement Center is prone to cross-site scripting and an information disclosure vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and...
View Article