首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
热门关键字: shell  88888  art  vitter  linux
  当前位置:主页>安全文章>文章资料>Exploits>列表
Apple WebKit - 'HTMLFormElement::reset()' Use-After Free
  日期:2017-02-03 14:43:32 点击:47 评论:0
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1044 -- script function go() { output.value = aaa; output.appendChild(inserted_div); document.getElementById(output).addEventListener('DOMSubtreeModified', function () { for(var i=
Multiple Netgear Routers - Password Disclosure
  日期:2017-02-03 14:41:07 点击:72 评论:0
Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR ( http://www.netgear.com/ ) Product: Multiple products Finding 1: Remote and Local Password Disclosure
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
  日期:2017-02-03 14:40:15 点击:46 评论:0
''' # Exploit Title: HelpDeskZ = v1.0.2 - Authenticated SQL Injection / Unauthorized file download # Google Dork: intext:Help Desk Software by HelpDeskZ, inurl:?v=submit_ticket # Date: 2017-01-30 # Exploit Author: Mariusz Popawski, kontakt@deepsec.pl
Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC)
  日期:2017-02-03 14:39:01 点击:153 评论:0
== [ Overview ] === System affected: VirtualBox Software-Version: prior to 5.0.32, prior to 5.1.14 User-Interaction: Required Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell === [ Detailed description ] ===
OpenSSL 1.1.0 - Remote Client Denial of Service
  日期:2017-02-03 14:38:02 点击:105 评论:0
// Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/ /* * SSL server demonstration program * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SP
Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow
  日期:2017-02-03 14:32:48 点击:29 评论:0
/* Exploit Title - Palo Alto Networks Terminal Services Agent Integer Overflow Date - 26th January 2017 Discovered by - Parvez Anwar (@parvezghh) Vendor Homepage - https://www.paloaltonetworks.com/ Tested Version - 7.0.3-13 Driver Version - 6.0.7.0 -
OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation
  日期:2017-02-03 14:31:22 点击:35 评论:0
/* * not_an_sshnuke.c * * Federico Bento * * up201407890 () alunos dcc fc up pt * https://twitter.com/uid1000 * * OpenSSH 6.8-6.9 local privilege escalation - CVE-2015-6565 * * Considered mostly to be a DoS, turns out to be a priv esc vuln. * https:/
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC)
  日期:2017-02-03 14:30:07 点击:103 评论:0
Source: http://www.openwall.com/lists/oss-security/2017/01/24/4 This is a heads up for a trivial systemd local root exploit, that was silently fixed in the upstream git as: commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e Author: .... Date: Fri Jan 29
macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
  日期:2017-02-03 14:29:20 点击:25 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1034 The task struct has a lock (itk_lock_data, taken via the itk_lock macros) which is supposed to protect the task-itk_* ports. The host_self_trap mach trap accesses task-itk_host
macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
  日期:2017-02-03 14:28:30 点击:125 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=973 IOService::matchPassive is called when trying to match a request dictionary against a candidate IOService. We can call this function on a controlled IOService with a controlled
Haraka < 2.8.9 - Remote Command Execution
  日期:2017-02-03 14:27:49 点击:129 评论:0
#!/usr/bin/python # Exploit Title: Harakiri # ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection # Exploit Author: xychix [xychix at hotmail.com] / [mark at outflank.n
Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Servi
  日期:2017-02-03 14:27:04 点击:55 评论:0
import sys import datetime import socket import argparse import os import time remote_host = '' remote_port = '' def callExit(): print ntt[!] exiting at %s .....n % datetime.datetime.now() sys.exit(1) def mySocket(): try: s = socket.socket(socket
Man-db 2.6.7.1 - Privilege Escalation (PoC)
  日期:2017-02-03 14:26:15 点击:13 评论:0
/* EDB Note: man:man - man:root ~ http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root - root:root ~ http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c ~ http://www.halfdog
Joomla! < 3.6.4 - Admin TakeOver
  日期:2017-02-03 14:25:34 点击:30 评论:0
#!/usr/bin/python3 # CVE-2016-9838: Joomla! = 3.6.4 Admin TakeOver # cf # Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random ADMIN_ID = 384 url = 'http://vmwe
Joomla! < 2.5.2 - Admin Creation
  日期:2017-02-03 14:24:46 点击:41 评论:0
#!/usr/bin/python3 # CVE-2012-1563: Joomla! = 2.5.2 Admin Creation # cf # Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random url = 'http://vmweb.lan/joomla-cm
GNU Screen 4.5.0 - Privilege Escalation
  日期:2017-02-03 14:23:55 点击:17 评论:0
#!/bin/bash # screenroot.sh # setuid screen v4.5.0 local root exploit # abuses ld.so.preload overwriting to get root. # bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html # HACK THE PLANET # ~ infodox (25/1/2017) echo ~ gnu/sc
Geutebrueck GCore 1.3.8.42/1.4.2.37 - Remote Code Execution (Metasploit)
  日期:2017-02-03 14:20:02 点击:28 评论:0
# Exploit Title: Geutebrueck GCore X64 Full RCE Bufferoverflow for Metasploit # Date: 20170125 # Exploit Author: Luca Cappiello, Maurice Popp # Contact(Twitter): @dopa_mined, @_m4p0 # Github: https://github.com/m4p0/Geutebrueck_GCore_X64_RCE_BO # Ven
Cisco WebEx - 'nativeMessaging' Arbitrary Remote Command Execution
  日期:2017-02-03 14:16:47 点击:33 评论:0
!-- Cisco's WebEx extension (jlhmfgmfgeifomenelglieieghnjghma) has ~20M active users, and is part of Cisco's popular web conferencing software. The extension works on any URL that contains the magic pattern cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c
Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution
  日期:2017-01-24 14:02:05 点击:77 评论:0
### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ht
Oracle OpenJDK Runtime Environment Build 1.8.0_112-b15 Denial Of Service
  日期:2017-01-24 14:01:11 点击:90 评论:0
Application: Java SEVendor: OracleBug: DoSReported: 23.12.2016Vendor response: 24.12.2016Date of Public Advisory: 17.01.2017Reference: Oracle CPU Jan 2017Author: Roman Shalymov1. ADVISORY INFORMATIONTitle: Oracle OpenJDK - Java Serialization DoSAdvi
共637页/12733条记录 首页 上一页 [88] [89] [90] 91 [92] [93] [94] 下一页 末页
  本月热点文章
 
  本月推荐文章
 
  相关分类
  漏洞检测
  漏洞资料
  入侵实例
  系统安全
  网络安全
  网络基础
  病毒分析
Exploits
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved