Posts

MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution

Apport / ABRT chroot Privilege Escalation

Claymore Dual GPU Miner 10.5 Format String

WebKit detachWrapper Use-After-Free

WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free

FiberHome AN5506 Unauthenticated Remote DNS Change

Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal

Fancy Clone Script SQL Injection

Real Estate Custom Script 1.0 SQL Injection

Advance Loan Management System 1.0 SQL Injection

WordPress Doctor Appointment Booking 1.0.0 SQL Injection / XSS

Linux/x64 Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Jailbreaking iOS 11.1.2 - An Adventure Into The XNU Kernel

Linux/x64 Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode

Whole Vibratissimo Smart Sex Toy XSS / Disclosure / Authentication

Joomla! JMS Music 1.1.1 SQL Injection

Joomla! JEXTN Reverse Auction 3.1.0 SQL Injection

Event Manager PHP Script 1.0 SQL Injection

Joomla! JE PayperVideo 3.0.0 SQL Injection

Microsoft Windows Subsystem For Linux Local Privilege Escalation

Joomla! Jimtawl 2.2.5 Shell Upload

Joomla! JEXTN Classified 1.0.0 SQL Injection

Geovision Inc. IP Camera Remote Command Execution / Stack Overflow

KonaKart eCommerce Platform Directory Traversal

Flexense SyncBreeze Enterprise 10.3.14 Buffer Overflow

Wikindx 5.2.1 Cross Site Scripting

Mara CMS 7.1 Cross Site Scripting

Rich FileManager 2.7.0 Cross Site Scripting

Free CMS 1.0a Cross Site Scripting

Microsoft Windows Subsystem for Linux - Privilege Escalation

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection

Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload

Real Estate Custom Script - 'route' SQL Injection

Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection

IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting

Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal

Event Manager 1.0 - SQL Injection

Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Advance Loan Management System - 'id' SQL Injection

Fancy Clone Script - 'search_browse_product' SQL Injection

FiberHome AN5506 - Unauthenticated Remote DNS Change

Joomla! Component JMS Music 1.1.1 - SQL Injection

Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection

Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)

Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode