首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
热门关键字: shell  88888  art  vitter  vsserver
  当前位置:主页>安全文章>文章资料>Exploits>列表
Mikogo 5.4.1.160608 - Local Credentials Disclosure
  日期:2017-10-25 15:18:59 点击:8 评论:0
#!/usr/bin/env python # # # Mikogo 5.4.1.160608 Local Credentials Disclosure # # # Vendor: Snapview GmbH # Product web page: https://www.mikogo.com # Affected version: 5.4.1.160608 # # Summary: Mikogo is a desktop sharing software application for # w
Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation
  日期:2017-10-24 14:54:41 点击:15 评论:0
#define _GNU_SOURCE #include stdio.h #include stdlib.h #include unistd.h #include sys/types.h #include sys/wait.h #include sys/mman.h #include string.h struct cred; struct task_struct; typedef struct cred *(*prepare_kernel_cred_t) (struct task_struct
Kaltura < 13.1.0 - Remote Code Execution
  日期:2017-10-24 14:53:23 点击:15 评论:0
#!/usr/bin/env python # Kaltura = 13.1.0 RCE (CVE-2017-14143) # https://telekomsecurity.github.io/2017/09/kaltura-rce.html # # $ python kaltura_rce.py https://example.com 0_xxxxxxxx system('id') # [~] host: https://example.com # [~] entry_id: 0_xxxxx
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
  日期:2017-10-24 14:20:46 点击:3 评论:0
#!/usr/bin/env python # coding: utf-8 ############ Description: ########## # The vulnerability was discovered during a vulnerability research lecture. # # Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 # and earlier allows remot
Ayukov NFTP FTP Client < 2.0 - Buffer Overflow
  日期:2017-10-24 14:01:53 点击:19 评论:0
#!/usr/bin/env python # coding: utf-8 ############ Description: ########## # The vulnerability was discovered during a vulnerability research lecture. # This is meant to be a PoC. #################################### # Exploit Title: Ayukov NFTP FTP
Unitrends UEB 9 HTTP API/Storage Remote Root
  日期:2017-10-23 14:39:58 点击:9 评论:0
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient includ
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
  日期:2017-10-23 14:38:39 点击:2 评论:0
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::
Polycom Command Shell Authorization Bypass
  日期:2017-10-23 14:37:25 点击:14 评论:0
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Aux
TP-Link WR940N Remote Code Execution
  日期:2017-10-23 14:30:09 点击:13 评论:0
** Advisory InformationTitle: TP-Link Remote Code ExecutionBlog URL: https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/Vendor: TP-LinkDate Published: 19/10/2017CVE: CVE-2017-13772** Vulnerability SummaryNumerous remote code e
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
  日期:2017-10-23 14:28:48 点击:7 评论:0
I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant.Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out anothe
Check_MK 1.2.8p25 - Information Disclosure
  日期:2017-10-23 14:27:02 点击:3 评论:0
1. ADVISORY INFORMATION ======================= Product: Check_mk Vendor URL: https://mathias-kettner.de/check_mk.html Type: Race Condition [CWE-362] Date found: 2017-09-21 Date published: 2017-10-18 CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:
Mozilla Firefox < 55 - Denial of Service
  日期:2017-10-23 14:26:35 点击:3 评论:0
# Exploit Title: Mozilla Firefox 55 - Forcibly make someone view a web content # Category: Denial of Service # Date: 5/11/17 # CVE : CVE-2017-7783 # Affected Version: Mozilla Firefox 55 # Tested on: Windows/Linux # Software Link: https://www.mozilla.
Linux Kernel - 'AF_PACKET' Use-After-Free
  日期:2017-10-19 16:10:12 点击:18 评论:0
/*Source: https://blogs.securiteam.com/index.php/archives/3484Vulnerabilities summaryThe following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AF_PACKET that can lead to privilege escalation. AF_PACKET
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memor
  日期:2017-10-19 16:09:00 点击:9 评论:0
/*Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303 it means that between 1 and about 56 bytes of uninitialized kernel pool memory can be leaked with a single nt!NtQueryObject call. The attached proof of concept program has been
Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
  日期:2017-10-17 14:35:25 点击:16 评论:0
SEC Consult Vulnerability Lab Security Advisory 20171016-0 ======================================================================= title: Multiple vulnerabilities product: Micro Focus VisiBroker C++ vulnerable version: 8.5 SP2 fixed version: 8.5 SP4
Webmin 1.850 SSRF / CSRF / Cross Site Scripting
  日期:2017-10-17 14:33:20 点击:11 评论:0
[+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3430[+] Credits: John Page (aka hyp3rlinx)[+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBMIN-v1.850-REMOTE-COMMAND-EXECUTION.txt
Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers
  日期:2017-10-16 16:05:46 点击:6 评论:0
Microsoft Edge: Chakra: Accesses to uninitialized pointers in StackScriptFunction::BoxState::Box CVE-2017-11809Here's a snippet of the method that interprets a javascript function's bytecode.Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME(){
Microsoft Edge Chakra JIT Failed RegexHelper::StringReplace Call
  日期:2017-10-16 16:05:00 点击:6 评论:0
Microsoft Edge: Chakra: JIT: RegexHelper::StringReplace must call the callback function with updating ImplicitCallFlags CVE-2017-11802The String.prototype.replace method can be inlined in the JIT process. So in the method, all the calls which may br
Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns
  日期:2017-10-16 16:04:26 点击:6 评论:0
Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799Bailout:ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile data
Opentext Documentum Content Server File Hijack / Privilege Escalation
  日期:2017-10-16 16:03:11 点击:7 评论:0
#!/usr/bin/env python# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)# does not properly validate input of PUT_FILE RPC-command which allows any# authenticated user to hijack arbitrary file from Content Server f
共585页/11692条记录 首页 上一页 [4] [5] [6] 7 [8] [9] [10] 下一页 末页
  本月热点文章
·Abyss Web Server < 2.11.6 -
·Artica Web Proxy 3.06 - Remo
·iOS < 11.1 / tvOS < 11.1 / w
·Linux Kernel - 'The Huge Dir
·Linux Kernel - DCCP Socket U
·phpMyFAQ 2.9.9 Code Injectio
·Asterisk 13.17.2~dfsg-2 Memo
·pfSense 2.3.1_1 Remote Comma
·Claymore's Dual Miner 10.1 S
·WebKit - 'WebCore::Style::Tr
·Microsoft Windows 10 - 'nt!N
·Microsoft Edge Chakra JIT In
  本月推荐文章
 
  相关分类
  漏洞检测
  漏洞资料
  入侵实例
  系统安全
  网络安全
  网络基础
  病毒分析
Exploits
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved