首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
热门关键字: shell  88888  art  vitter  vsserver
  当前位置:主页>安全文章>文章资料>Exploits>列表
QEMU - NBD Server Long Export Name Stack Buffer Overflow
  日期:2017-11-30 16:20:53 点击:3 评论:0
Introduced in commit f37708f6b8 (2.10). The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and fails to filte
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySy
  日期:2017-11-30 16:19:52 点击:5 评论:0
/* EDB Note Source ~ https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source ~ https://blog.xpnsec.com/windows-warbird-privesc/ Source ~ https://github.com/xpn/warbird_exploit Ref ~ https://bugs.ch
osCommerce 2.3.4.1 - Arbitrary File Upload
  日期:2017-11-30 16:19:03 点击:6 评论:0
# Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload # Date: 11.11.2017 # Exploit Author: Simon Scannell - https://scannell-infosec.net contact@scannell-infosec.net # Vendor Homepage: https://www.oscommerce.com/ # Software Link: ht
pfSense 2.3.1_1 Remote Command Execution
  日期:2017-11-29 16:42:59 点击:8 评论:0
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient de
Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download
  日期:2017-11-29 16:39:39 点击:4 评论:0
''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when a
Winamp Pro 5.66.Build.3512 - Denial of Service
  日期:2017-11-28 15:20:37 点击:3 评论:0
#! /usr/bin/perl # Exploit Title: Winamp Pro (.wav|.wmv|.au|.asf|.aiff|.aif ) Denial of Service # Date: 2017-11-22 # Exploit Author: R.Yavari # Version: v5.66.Build.3512 # Tested on: Windows 10 , Windows 7 # other version should be affected # CVE-201
KMPlayer 4.2.2.4 - Denial of Service
  日期:2017-11-28 15:19:35 点击:5 评论:0
#! /usr/bin/perl # Exploit Title: KMPlayer .nsv Denial of Service # Date: 2017-11-22 # Exploit Author: R.Yavari # Version: v4.2.2.4 # Tested on: Windows 10 , Windows 7 # other version should be affected # NSV is Streaming video container format devel
Exim 4.89 - 'BDAT' Denial of Service
  日期:2017-11-28 15:18:21 点击:4 评论:0
While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.c#L1867 Exim goes into an incorrect state after this message is sent because the function pointer recei
ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)
  日期:2017-11-27 16:24:35 点击:5 评论:0
#!/usr/bin/python # Tested on: Windows 10 Professional (x86) # Exploit for previous version: https://www.exploit-db.com/exploits/42455/ (Seems they haven't patched the vulnerability at all :D) # msfvenom -p windows/exec CMD=calc.exe -e x86/unicode_mi
Linux - 'mincore()' Uninitialized Kernel Heap Page Disclosure
  日期:2017-11-27 16:23:30 点击:7 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I found the following bug with an AFL-based fuzzer: When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present page
Microsoft Edge Chakra JIT Incorrect Function Declaration Scope
  日期:2017-11-27 16:22:50 点击:7 评论:0
Microsoft Edge: Chakra: JIT: Incorrect function declaration scope CVE-2017-11870In the following JavaScript code, both of the print calls must print out undefined because of x is a formal parameter. But the second print call prints out function x()
Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared Failed Return
  日期:2017-11-27 16:22:06 点击:5 评论:0
Microsoft Edge: Chakra: JIT: Inline::InlineCallApplyTarget_Shared doesn#39;t return the return instruction CVE-2017-11841Here's a snippet of Inline::Optimize. FOREACH_INSTR_EDITING(instr, instrNext, func-m_headInstr) { switch (instr-m_opcode) { case
Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration
  日期:2017-11-27 16:21:21 点击:5 评论:0
Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly CVE-2017-11840Some background: a href=https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 title= class= rel=nofollowhttps://bugs.chromium.org/p/projec
Microsoft Edge Chakra JIT BailOutOnTaggedValue Bailouts
  日期:2017-11-27 16:20:44 点击:5 评论:0
Microsoft Edge: Chakra: JIT: BailOutOnTaggedValue bailouts can be generated for constant values CVE-2017-118391.In the Chakra's JIT compilation process, it stores variables' type information by basic block.function opt(b) { let o; if (b) { // BASIC
D-Link DIR-850L Credential Disclosure
  日期:2017-11-27 16:18:59 点击:5 评论:0
#!/bin/bash## Derped together by Raphael de la Vienne A.K.A. Hackdwerg# Original exploit https://www.rapid7.com/db/modules/exploit/linux/http/dlink_dir850l_unauth_exec# Just in case if you dont have metasploit, or are to lazy to install it. here is
WebKit - 'WebCore::FormSubmission::create' Use-After-Free
  日期:2017-11-23 14:40:23 点击:5 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1355 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =============================================
WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free
  日期:2017-11-23 14:39:31 点击:0 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1354 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =============================================
WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free
  日期:2017-11-23 14:38:40 点击:0 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1353 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =============================================
WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free
  日期:2017-11-23 14:37:58 点击:7 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1351 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =============================================
WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Re
  日期:2017-11-23 14:37:06 点击:0 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1350 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =========================================
共585页/11687条记录 首页 上一页 [1] [2] 3 [4] [5] [6] [7] 下一页 末页
  本月热点文章
·Abyss Web Server < 2.11.6 -
·Artica Web Proxy 3.06 - Remo
·Linux Kernel - 'The Huge Dir
·iOS < 11.1 / tvOS < 11.1 / w
·Linux Kernel - DCCP Socket U
·pfSense 2.3.1_1 Remote Comma
·phpMyFAQ 2.9.9 Code Injectio
·Claymore's Dual Miner 10.1 S
·Asterisk 13.17.2~dfsg-2 Memo
·Linux - 'mincore()' Uninitia
·HP iMC Plat 7.2 - Remote Cod
·WebKit - 'WebCore::Style::Tr
  本月推荐文章
 
  相关分类
  漏洞检测
  漏洞资料
  入侵实例
  系统安全
  网络安全
  网络基础
  病毒分析
Exploits
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved