|
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'InitClass' Type Confusion
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
|
|
2019-01-18
|
|
Webmin 1.900 - Remote Command Execution (Metasploit)
|
|
2019-01-18
|
|
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
|
|
2019-01-18
|
|
FastTube 1.0.1.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
7 Tik 1.0.1.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
Eco Search 1.0.2.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
One Search 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
Watchr 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
|
|
2019-01-18
|
|
phpTransformer 2016.9 - Directory Traversal
|
|
2019-01-18
|
|
phpTransformer 2016.9 - SQL Injection
|
|
2019-01-18
|
|
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
|
|
2019-01-18
|
|
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
|
|
2019-01-17
|
|
Microsoft Windows CONTACT - Remote Code Execution
|
|
2019-01-17
|
|
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
|
|
2019-01-17
|
|
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
|
|
2019-01-16
|
|
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
|
|
2019-01-16
|
|
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
|
|
2019-01-16
|
|
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
|
|
2019-01-16
|
|
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
|
|
2019-01-16
|
|
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
|
|
2019-01-16
|
|
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
|
|
2019-01-16
|
|
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
|
|
2019-01-16
|
|
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
|
|
2019-01-16
|
|
doorGets CMS 7.0 - Arbitrary File Download
|
|
2019-01-16
|
|
Roxy Fileman 1.4.5 - Arbitrary File Download
|
|
2019-01-16
|
|
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
|
|
2019-01-16
|
|
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
|
|
2019-01-16
|
|
Windows Debugging 101
|
|
2019-01-15
|
|
[Portuguese] Reverse Engineering 101 using Radare2
|
|
2019-01-15
|
|
Windows Privilege Escalations
|
|
2019-01-15
|
|
An Internal Pentest Audit Against Active Directory
|
|
2019-01-15
|
|
PHP Source Code Analysis
|
|
2019-01-15
|
|
PoC || GTFO 0x16
|
|
2019-01-15
|
|
PoC || GTFO 0x15
|
|
2019-01-15
|
|
PoC || GTFO 0x14
|
|
2019-01-15
|
|
PoC || GTFO 0x13
|
|
2019-01-15
|
|
PoC || GTFO 0x12
|
|
2019-01-15
|
|
PoC || GTFO 0x11
|
|
2019-01-15
|
|
PoC || GTFO 0x10
|
|
2019-01-15
|
|
ownDMS 4.7 - SQL Injection
|
|
2019-01-15
|
|
Microsoft Windows VCF - Remote Code Execution
|
|
2019-01-15
|
|
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)
|
|
2019-01-15
|
|
1Password < 7.0 - Denial of Service
|
|
2019-01-15
|
|
AudioCode 400HD - Command Injection
|
|
2019-01-14
|
|
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
|
|
2019-01-14
|
|
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
|
|
2019-01-14
|
|
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
|
|
2019-01-14
|
|
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
|
|
2019-01-14
|
|
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
|
|
2019-01-14
|
|
Job Portal Platform 1.0 - SQL Injection
|
|
2019-01-14
|
|
Real Estate Custom Script 2.0 - SQL Injection
|
|
2019-01-14
|
|
ThinkPHP 5.X - Remote Command Execution
|
|
2019-01-14
|
|
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
|
|
2019-01-14
|
|
HealthNode Hospital Management System 1.0 - SQL Injection
|
|
2019-01-14
|
|
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
|
|
2019-01-14
|
|
Cleanto 5.0 - SQL Injection
|
|
2019-01-14
|
|
Find a Place CMS Directory 1.5 - SQL Injection
|
|
2019-01-14
|
|
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
|
|
2019-01-14
|
|
Hootoo HT-05 - Remote Code Execution (Metasploit)
|
|
2019-01-14
|
|
xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
|
|
2019-01-14
|
|
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
|
|
2019-01-14
|
|
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
|
|
2019-01-14
|
|
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
|
|
2019-01-14
|
|
Modern POS 1.3 - SQL Injection
|
|
2019-01-14
|
|
Modern POS 1.3 - Arbitrary File Download
|
|
2019-01-14
|
|
Horde Imp - 'imap_open' Remote Command Execution
|
|
2019-01-14
|
|
i-doit CMDB 1.12 - SQL Injection
|
|
2019-01-14
|
|
i-doit CMDB 1.12 - Arbitrary File Download
|
|
2019-01-14
|
|
Across DR-810 ROM-0 - Backup File Disclosure
|
|
2019-01-14
|
|
Luminance Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Blob Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Liquid Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Pixel Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Paint Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Tree Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Selfie Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Windows/x86 - Download With Tftp And Execute Shellcode (51-60 bytes)(msvcrt.system)(Generator)
|
|
2019-01-11
|
|
Joomla! Component JoomCRM 1.1.1 - SQL Injection
|
|
2019-01-11
|
|
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
|
|
2019-01-11
|
|
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
|
|
2019-01-11
|
|
Adapt Inventory Management System 1.0 - SQL Injection
|
|
2019-01-11
|
|
OpenSource ERP 6.3.1. - SQL Injection
|
|
2019-01-10
|
|
eBrigade ERP 4.5 - SQL Injection
|
|
2019-01-10
|
|
Event Locations 1.0.1 - 'id' SQL Injection
|
|
2019-01-10
|