首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
热门关键字: shell  88888  art  vitter  linux
  当前位置:主页>安全文章>文章资料>Exploits>列表
Apple WebKit - 'Document::adoptNode' Use-After-Free
  日期:2017-04-12 14:39:18 点击:38 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1099 This is a regression test from: https://crbug.com/541206 . But I think it seems not possible to turn it into an UXSS in WebKit. PoC: -- body script var s = document.body.appen
Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free
  日期:2017-04-12 14:38:07 点击:157 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1101 Note: It seems it doesn't crash the JSC compiled without Address Sanitizer. PoC: -- (function () { for (var i = 0; i 1000000; ++i) { const v = Array 1 ? v : 1; typeof o = 'obj
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a
  日期:2017-04-12 14:37:21 点击:23 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1119 This is somewhat similar to https://crbug.com/663476 . Here's a snippet of Container::replaceAllChildren. while (RefPtrNode child = m_firstChild) { removeBetween(nullptr, chil
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross
  日期:2017-04-12 14:36:39 点击:19 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1121 Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed. bool SubframeLoader::requestFrame(HTMLFrameOwnerEle
Brother MFC-J6520DW - Authentication Bypass / Password Change
  日期:2017-04-12 14:34:59 点击:111 评论:0
?php /* # Title: Brother Devices Web Auth Bypass / Change Password Exploit # Vendor: Brother ( http://www.brother.com/ ) # Affected models: Most of Brother devices from MFC, DCP, HL ADS Series - see vulnerable models below for more info # Release dat
Quest Privilege Manager 6.0.0 - Arbitrary File Write
  日期:2017-04-12 14:33:53 点击:40 评论:0
#!/usr/bin/env python2 # Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write # Date: 10/Mar/2017 # Exploit Author: m0t # Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ # Version: 6.0.0-27, 6.0.0-50 # Tes
Adobe Multiple Products - XML Injection File Content Disclosure
  日期:2017-04-12 14:31:52 点击:52 评论:0
#!/bin/bash # # Source: https://raw.githubusercontent.com/tsluyter/exploits/master/adobe_xml_inject.sh # Exploit Title: Adobe XML Injection file content disclosure # Date: 07-04-2017 # Exploit Author: Thomas Sluyter # Website: https://www.kilala.nl #
Proxifier for Mac 2.17 / 2.18 - Privesc Escalation
  日期:2017-04-12 14:29:19 点击:88 评论:0
# Source: https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html Proxifier 2.18 (also 2.17 and possibly some earlier version) ships with a KLoader binary which it installs suid root the first time Proxifier is run. This
Wordpress webplayer Plugins SQL Injection Vulnerability
  日期:2017-04-11 14:51:14 点击:46 评论:0
########################################################### # Exploit Title : Wordpress webplayer Plugins SQL Injection Vulnerability # Vendor Homepage: hdwebplayer.com # Version : 2.8.6 # Date : 2017 10 April # Category : Web App #Test on : Sqlmap
Moxa MX AOPC-Server 1.5 - XML External Entity Injection
  日期:2017-04-11 14:49:42 点击:78 评论:0
[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt [+] ISR: ApparitionSec Vendor: ============ www.moxa.com Product: =====
Moxa MXview 2.8 - Denial of Service
  日期:2017-04-11 14:48:26 点击:109 评论:0
[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ============ www.moxa.com Product: =========== MXV
Moxa MXview 2.8 - Private Key Disclosure
  日期:2017-04-11 14:46:25 点击:26 评论:0
[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt [+] ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: ===
CyanogenMod 12 Stagefright (.MP4 tx3g Integer Overflow) Remote Code Execution Ex
  日期:2017-04-11 14:43:45 点击:43 评论:0
#!/usr/bin/python2 # # CyanogenMod 12 Stagefright (.MP4 tx3g Integer Overflow) Exploit Remote Code Execution # Author: Marcin Kozlowski ( marcinguy@gmail.com ) # Based on: https://googleprojectzero.blogspot.com/2015/09/stagefrightened.html # # On Cya
Moodle 2.x/3.x - SQL Injection
  日期:2017-04-07 14:49:13 点击:75 评论:0
# Exploit: Moodle SQL Injection via Object Injection Through User Preferences # Date: April 6th, 2017 # Exploit Author: Marko Belzetski # Contact: mbelzetski@protonmail.com # Vendor Homepage: https://moodle.org/ # Version: 3.2 to 3.2.1, 3.1 to 3.1.4,
CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)
  日期:2017-04-07 14:47:29 点击:20 评论:0
import socket import binascii import time import struct s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) s.connect((10.101.0.85, 8400)) def sr(p=None, r=None): if p: print sending %d bytes: %s % (len(p)/2,p) payl = binascii.a2b_h
Apple WebKit - 'WebCore::toJS' Use-After-Free
  日期:2017-04-05 15:29:02 点击:18 评论:0
!-- Source :https://bugs.chromium.org/p/project-zero/issues/detail?id=1114 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =============================================
Apple WebKit - 'table' Use-After-Free
  日期:2017-04-05 15:27:56 点击:40 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1105 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on a nightly version of WebKit. The PoC has also been observed to crash Safari 10.0
Apple WebKit - 'ComposedTreeIterator::traverseNextInShadowTree' Use-After-Free
  日期:2017-04-05 15:26:18 点击:13 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1097 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on a nightly version of WebKit. The PoC has also been observed to crash Safari 10.0
Apple WebKit - 'FormSubmission::create' Use-After-Free
  日期:2017-04-05 15:25:21 点击:12 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1090 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on a nightly version of WebKit. The PoC has also been observed to crash Safari 10.0
Apple WebKit - Negative-Size memmove in HTMLFormElement
  日期:2017-04-05 15:24:23 点击:27 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1087 There is a negative-size memmove security vulnerability in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC has also been observed to crash Safari
共637页/12733条记录 首页 上一页 [79] [80] [81] 82 [83] [84] [85] 下一页 末页
  本月热点文章
 
  本月推荐文章
 
  相关分类
  漏洞检测
  漏洞资料
  入侵实例
  系统安全
  网络安全
  网络基础
  病毒分析
Exploits
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved