Результаты поиска

FS Linkedin Clone 1.0 - 'grid' / 'fid' / 'id' SQL Injection # # # # # # Exploit Title: FS Linkedin Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/linkedin-clone/ # Demo...

FS Indiamart Clone 1.0 - 'token' / 'id' / 'c' SQL Injection # # # # # # Exploit Title: FS Indiamart Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/indiamart-clone/ # Demo...

FS IMDB Clone 1.0 - 'f' / 's' / 'id' SQL Injection # # # # # # Exploit Title: FS IMDB Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/imdb-clone/ # Demo...

FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection # # # # # # Exploit Title: FS Monster Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/monster-clone/ # Demo...

FS Makemytrip Clone 1.0 - 'fl_orig' / 'fl_dest' SQL Injection # # # # # # Exploit Title: FS Makemytrip Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/makemytrip-clone/ # Demo...

Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation ## Source: https://twitter.com/lemiorhan/status/935578694541770752 & https://forums.developer.apple.com/thread/79235 "Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as...

FS Shutterstock Clone 1.0 - 'keywords' SQL Injection <!-- # # # # # # Exploit Title: FS Shutterstock Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/shutterstock-clone/ # Demo...

FS Quibids Clone 1.0 - SQL Injection # # # # # # Exploit Title: FS Quibids Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/quibids-clone/ # Demo...

FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection # # # # # # Exploit Title: FS Olx Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/olx-clone/ # Demo...

Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection # # # # # # Exploit Title: Realestate Crowdfunding Script 2.7.2 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link...

FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection # # # # # # Exploit Title: FS Thumbtack Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/thumbtack-clone/ # Demo...

FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection <!-- # # # # # # Exploit Title: FS Stackoverflow Clone 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/stackoverflow-clone/ # Demo...

Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free /* This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. You’ll find in attachment the...

DomainSale PHP Script 1.0 - 'id' SQL Injection # # # # # # Exploit Title: DomainSale PHP Script 1.0 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://www.codester.com/ChewiScripts # Software Link: https://www.codester.com/items/5301/domainsale-php-script # Demo...

Simple Chatting System 1.0.0 - Arbitrary File Upload # # # # # # Exploit Title: Simple Chatting System 1.0 - Arbitrary File Upload # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: http://yourphpscript.com/ # Software Link...

Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection # # # # # # Exploit Title: Website Auction Marketplace 2.0.5 - SQL Injection # Dork: N/A # Date: 08.12.2017 # Vendor Homepage: https://flippa-clone.com/ # Software Link: https://flippa-clone.com/ # Demo: https://demo.flippa-clone.com/...

Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1418 Windows Defender: Controlled Folder Bypass through UNC Path Platform: Windows 10 1709 + Antimalware client version 4.12.16299.15 Class: Security...

Polycom Shell HDX Series - Traceroute Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash Summary Name: CIP Safety dissector crash Docid: wnpa-sec-2017-49 Date: November 30, 2017 Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11 References: Wireshark bug 14250 Details...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation # A couple of weeks ago I disclosed a local root privesc in Hashicorp's # vagrant-vmware-fusion plugin: # # https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... # # The initial patch they released...

FS IMDB Clone - 'id' SQL Injection # Exploit Title: FS IMDB Clone - 'id' SQL Injection # Date: 2017-12-06 # Exploit Author: Dan° # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/imdb-clone/ # Version: 2017-12-06 # Tested on: Kali Linux 2.0...

FS Facebook Clone - 'token' SQL Injection # Exploit Title: FS Facebook Clone - 'token' SQL Injection # Date: 2017-12-06 # Exploit Author: Dan° # Vendor Homepage: https://fortunescripts.com/ # Software Link: https://fortunescripts.com/product/facebook-clone/ # Version: 2017-12-06 # Tested on...

Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation # I recently blogged about how the installation process of version 5.0.0 of this # plugin could be hihacked by a local attacker or malware in order to escalate # privileges to root. Hashicorp pushed some mitigations for this...

Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation # After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned # ruby code that get executed as root by the sudo helper is no...

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation # I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. # Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so...