Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless wide links are enabled, in which case the server is allowed to follow symlinks. The defaul
''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning wi
/* Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x64 (Post-Anniversary) - hal.dll: 10.0.102
/* Check this out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf Tested on: - Windows 10 Pro x64 (Pre-Anniversary) - hal.dll: 10.0.10240.16384 - FortiShield.sys: 5.2.3.633 Thanks to master @ryuji
# DescriptionNuxeo Platform is a content management system for enterprises (CMS).It embeds an Apache Tomcat server, and can be managed through a webinterface.One of its features allows authenticated users to import files to theplatform.By crafting t
require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer:: HTML include Msf::Exploit:: EXE def initialize(info = {}) super (update_info(info, 'Name' = 'DLL Side Loading Vulnerabilit
### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def ini
#!/bin/bash # # D-Link DSL-2640B Remote DNS Change Exploit # Description: # Different D-Link Routers are vulnerable to DNS change. # The vulnerability exist in the web interface, which is # accessible without authentication. # # Tested On Linux/ubun
OpenSSH on Cygwin: directory traversal in SFTP client Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names . and .. (in download_dir_internal()). On Window
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1076 There is an use-after-free bug in IE which can lead to info leak / memory disclosure. The bug was confirmed on Internet Explorer version 11.0.9600.18537 (update version 11.0.3
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1130 Mozilla bug tracker link: https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 There is a use-after-free security vulnerability in Firefox. The vulnerability was confirmed on
