安全文章 http://www.qvwaow.tw/art/index.html 安全文章 zh-cn CopyRight&nbsp;&copy;&nbsp;2002-2019 <a href="/" target=_blank title=":::VITTERSAFE危特网安:::">VFocuS.Net</a> All Rights Reserved webmaster@mail.securitycn.net Vtiger CRM 7.1.0 Remote Code Execution http://www.qvwaow.tw/art/20190103/15073.html # Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution# Date: 2018-12-27# Exploit Author: Azkan Mustafa AkkuA (AkkuS)# Contact: https://pentest.com.tr# Vendor Homepage: https://www.vtiger.com# Software Link: https://sourceforge.net/projects/vtige 2019-01-03 Exploits Akkus https://pentest.com.tr Ayukov NFTP FTP Client 2.0 Buffer Overflow http://www.qvwaow.tw/art/20190103/15072.html # Exploit Title: Ayukov NFTP FTP Client 2.0 - Buffer Overflow# Date: 2018-12-29# Exploit Author: Uday Mittal# Vendor Homepage: http://www.ayukov.com/nftp/# Software Link: ftp://ftp.ayukov.com/pub/src/nftp-1.72.zip # Version : below 2.0# Tested on: M 2019-01-03 Exploits Mittal vfocus.net EZ CD Audio Converter 8.0.7 Denial Of Service http://www.qvwaow.tw/art/20190103/15071.html # Exploit Title: EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)# Date: 2018-12-30# Exploit Author: Achilles# Vendor Homepage: https://www.poikosoft.com/# Software Link : https://download.poikosoft.com/ez_cd_audio_converter_setup_x64.exe# Expl 2019-01-03 Exploits Achilles vfocus.net NetworkSleuth 3.0.0.0 Denial Of Service http://www.qvwaow.tw/art/20190103/15070.html # Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)# Discovery by: Luis Martinez# Discovery Date: 2018-12-27# Vendor Homepage: www.nsauditor.com# Software Link : http://www.nsauditor.com/downloads/networksleuth_setup.exe# Tested V 2019-01-03 Exploits Martinez luismtzsilva at gmail.com NBMonitor Network Bandwidth Monitor 1.6.5.0 Denial Of Service http://www.qvwaow.tw/art/20190103/15069.html # Exploit Title: NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)# Author: Luis Martinez# Date: 2018-12-27# Vendor Homepage: www.nsauditor.com# Software Link : http://www.nbmonitor.com/downloads/nbmonitor_setup.exe# Teste 2019-01-03 Exploits Martinez luismtzsilva at gmail.com Hashicorp Consul Rexec Remote Command Execution http://www.qvwaow.tw/art/20181229/15068.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient includ 2018-12-29 Exploits Kaiser metasploit.com Hashicorp Consul Services API Remote Command Execution http://www.qvwaow.tw/art/20181229/15067.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient includ 2018-12-29 Exploits Kaiser metasploit.com WebKit JSC AbstractValue::set Use-After-Free http://www.qvwaow.tw/art/20181229/15066.html WebKit: JSC: A bug in AbstractValue::set CVE-2018-4443void AbstractValue::set(Graph graph, RegisteredStructure structure){ RELEASE_ASSERT(structure); m_structure = structure; m_arrayModes = asArrayModes(structure-indexingType()); m_type = speculatio 2018-12-29 Exploits lokihardt Google Security Research WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write http://www.qvwaow.tw/art/20181229/15065.html WebKit: JSC: A bug in JSArray::shiftCountWithArrayStorage CVE-2018-4441bool JSArray::shiftCountWithArrayStorage(VM vm, unsigned startIndex, unsigned count, ArrayStorage* storage){ unsigned oldLength = storage-length(); RELEASE_ASSERT(count = oldLeng 2018-12-29 Exploits lokihardt Google Security Research 史上最秀黑客:抢银行,ATM狂吐10亿,全换比特币 http://www.qvwaow.tw/art/20181228/15064.html (原标题:史上最秀黑客:抢银行,让ATM狂吐10亿欧,全部换成比特币) 他们的故事全球几乎无人知晓,但他们的名字却是世界所有银行共同铭记的噩梦。 Carbanak,这个名称无法?#24065;?#25104;中文的黑客组织,在5年时间内,横扫全球银行,攫取至少10亿欧元。他们创造的木马病毒, 2018-12-28 黑客传奇 31QU 31QU Terminal Services Manager 3.1 Local Buffer Overflow http://www.qvwaow.tw/art/20181228/15063.html # Exploit Title: Terminal Services Manager 3.1 - Buffer Overflow (SEH)# Date: 2018-12-25# Exploit Author: bzyo# Twitter: @bzyo_# Vulnerable Software: Terminal Services Manager 3.1# Vendor Homepage: https://lizardsystems.com# Version: 3.1 # Software 2018-12-28 Exploits bzyo @bzyo_ Iperius Backup 5.8.1 Buffer Overflow http://www.qvwaow.tw/art/20181228/15062.html # Exploit Title: Iperius Backup 5.8.1 - Buffer Overflow (SEH)# Date: 2018-12-26# Exploit Author: bzyo# Twitter: @bzyo_# Vulnerable Software: Iperius Backup 5.8.1# Vendor Homepage: https://www.iperiusbackup.com# Version: 5.8.1 Local Buffer Overflow ( 2018-12-28 Exploits bzyo @bzyo_ MAGIX Music Editor 3.1 Buffer Overflow http://www.qvwaow.tw/art/20181228/15061.html Exploit Title: MAGIX Music Editor 3.1 - Buffer Overflow (SEH)# Exploit Author: bzyo# Twitter: @bzyo_# Date: 2018-12-24# Vulnerable Software: MAGIX Music Editor 3.1# Vendor Homepage: https://www.magix.com/us/# Version: 3.1# Software Link: https://www 2018-12-28 Exploits bzyo @bzyo_ Armitage 1.14.11 Denial Of Service http://www.qvwaow.tw/art/20181228/15060.html # Exploit Title: Armitage - Denial of Service (PoC)# Discovery by: Mr Winst0n# Discovery Date: 2018-12-26# Vendor Homepage: http://www.fastandeasyhacking.com/# Software Link : http://www.fastandeasyhacking.com/download/# Tested Version: 1.14.11# Tes 2018-12-28 Exploits Winst0n vfocus.net NetShareWatcher 1.5.8 Denial Of Service http://www.qvwaow.tw/art/20181228/15059.html # Exploit Title: NetShareWatcher 1.5.8 - Denial of Service (PoC)# Date: 2018-12-25# Exploit Author: T3jv1l# Vendor Homepage: :http://www.nsauditor.com# Software: http://netsharewatcher.nsauditor.com/downloads/NetShareWatcher_setup.exe# Contact: http 2018-12-28 Exploits T3jv1l https://twitter.com/T3jv1l ShareAlarmPro 2.1.4 Denial Of Service http://www.qvwaow.tw/art/20181228/15058.html # Exploit Title:ShareAlarmPro 2.1.4 - Denial of Service (PoC)# Date: 2018-12-25# Exploit Author: T3jv1l# Vendor Homepage: :http://www.nsauditor.com# Software: http://sharealarm.nsauditor.com/downloads/sharealarmpro_setup.exe# Contact: https://twitte 2018-12-28 Exploits T3jv1l https://twitter.com/T3jv1l Product Key Explorer 4.0.9 Denial Of Service http://www.qvwaow.tw/art/20181228/15057.html # Exploit Title: Product Key Explorer 4.0.9 - Denial of Service (PoC)# Date: 2018-12-25# Exploit Author: T3jv1l# Vendor Homepage: :http://www.nsauditor.com# Software: http://www.nsauditor.com/downloads/productkeyexplorer_setup.exe# Contact: https:// 2018-12-28 Exploits T3jv1l https://twitter.com/T3jv1l Kubernetes - (Authenticated) Arbitrary Requests http://www.qvwaow.tw/art/20181225/15056.html #!/usr/bin/env python3 import argparse from ssl import wrap_socket from socket import create_connection from secrets import base64, token_bytes def request_stage_1(namespace, pod, method, target, token): stage_1 = with open('stage_1', 'r') as stage_ 2018-12-25 Exploits evict vfocus.net Kubernetes - (Unauthenticated) Arbitrary Requests http://www.qvwaow.tw/art/20181225/15055.html #!/usr/bin/env python3 import argparse from ssl import wrap_socket from json import loads, dumps from socket import create_connection def request_stage_1(base, version, target): stage_1 = with open('ustage_1', 'r') as stage_1_fd: stage_1 = stage_1_f 2018-12-25 Exploits evict vfocus.net Netatalk - Bypass Authentication http://www.qvwaow.tw/art/20181225/15054.html import socket import struct import sys if len(sys.argv) != 3: sys.exit(0) ip = sys.argv[1] port = int(sys.argv[2]) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print [+] Attempting connection to + ip + : + sys.argv[2] sock.connect((ip, po 2018-12-25 Exploits Tenable NS vfocus.net Keybase keybase-redirector - '$PATH' Local Privilege Escalation http://www.qvwaow.tw/art/20181225/15053.html keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a custom fus 2018-12-25 Exploits mirchr vfocus.net Google Chrome 70 - SQLite Magellan Crash (PoC) http://www.qvwaow.tw/art/20181225/15052.html !--- title: Crash Chrome 70 with the SQLite Magellan bug categories: chrome permalink: /sqlitebug/ layout: post ---! pThis proof-of-concept crashes the Chrome renderer process using a href= https://blade.tencent.com/magellan/index_en.htmlTencent Bla 2018-12-25 Exploits zhuowei https://github.com/zhuowei phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read http://www.qvwaow.tw/art/20181225/15051.html #!/usr/bin/env python #coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLogger(__name__) log.setLevel(logging.DEBUG) tmp_format = logging.handl 2018-12-25 Exploits VulnSpy vfocus.net ATool 1.0.0.22 Buffer Overflow http://www.qvwaow.tw/art/20181224/15050.html # Exploit Title: Kernel Pool Buffer Overflow ATool - 1.0.0.22 (0day)# CVE: CVE-2018-20331# Date: 21-12-2018# Software Link: http://www.antiy.net/ http://www.antiy.net/ # Exploit Author: Aloyce J. Makalanga# Contact: https://twitter.com/aloycemjr htt 2018-12-24 Exploits Makalanga https://twitter.com/aloycemjr SQLScan 1.0 Denial Of Service http://www.qvwaow.tw/art/20181224/15049.html # Exploit Title: McAfee Foundstone SQLScan - Denial of Service (PoC) and EIP record overwrite# Discovery by: Rafael Pedrero# Discovery Date: 2018-12-20# Vendor Homepage: http://www.mcafee.com/us/downloads/free-tools/sqlscan.aspx# Software Link : htt 2018-12-24 Exploits Pedrero vfocus.net Microsoft Edge 42.17134.1.0 Denial Of Service http://www.qvwaow.tw/art/20181224/15048.html # Exploit Title: Microsoft Edge edgehtml.dll!Tree::ANode::DocumentLayout. Denial of Service (PoC)# Google Dork: N/A# Date: 2018-11-11# Exploit Author: Bogdan Kurinnoy (b.kurinnoy@gmail.com)# Vendor Homepage: https://www.microsoft.com/# Version: Micr 2018-12-24 Exploits Kurinnoy b.kurinnoy@gmail.com AnyBurn 4.3 Local Buffer Overflow http://www.qvwaow.tw/art/20181224/15047.html #!/usr/bin/env python# Exploit Title: AnyBurn 4.3 - Local Buffer Overflow (SEH Unicode)# Date: 20-12-2018# Exploit Author: Matteo Malvica# Vendor Homepage: http://www.anyburn.com/# Software Link : http://www.anyburn.com/anyburn_setup.exe# Tested Ver 2018-12-24 Exploits Malvica matteo at malvica.com Angry IP Scanner 3.5.3 Denial Of Service http://www.qvwaow.tw/art/20181224/15046.html # Exploit Title: Angry IP Scanner - Denial of Service (PoC)# Discovery by: Mr Winst0n# Discovery Date: 2018-12-22# Vendor Homepage: https://angryip.org/# Software Link : https://angryip.org/download/# Tested Version: 3.5.3 (latest version)# Tested o 2018-12-24 Exploits Winst0n vfocus.net GIGABYTE Driver Privilege Escalation http://www.qvwaow.tw/art/20181224/15045.html SecureAuth - SecureAuth Labs Advisoryhttp://www.secureauth.com/GIGABYTE Drivers Elevation of Privilege Vulnerabilities*1. *Advisory Information**Title: GIGABYTE Drivers Elevation of Privilege VulnerabilitiesAdvisory ID: CORE-2018-0007Advisory URL:ht 2018-12-24 Exploits SecureAuth http://www.secureauth.com/ ASUS Driver Privilege Escalation http://www.qvwaow.tw/art/20181224/15044.html SecureAuth - SecureAuth Labs Advisoryhttp://www.secureauth.com/ASUS Drivers Elevation of Privilege Vulnerabilities*1. *Advisory Information**Title: ASUS Drivers Elevation of Privilege VulnerabilitiesAdvisory ID: CORE-2017-0012Advisory URL:http://www 2018-12-24 Exploits SecureAuth http://www.secureauth.com/ Netatalk Authentication Bypass http://www.qvwaow.tw/art/20181224/15043.html ### Exploit Title: Netatalk Authentication Bypass# Date: 12/20/2018# Exploit Author: Jacob Baines# Vendor Homepage: http://netatalk.sourceforge.net/# Software Link: https://sourceforge.net/projects/netatalk/files/# Version: Before 3.1.12# Tested on: 2018-12-24 Exploits Baines vfocus.net XMPlay 3.8.3 Local Stack Overflow http://www.qvwaow.tw/art/20181221/15042.html #!/usr/bin/env python# -*- coding: utf-8 -*-# Exploit Title: XMPlay 3.8.3 - '.m3u' Code Execution (PoC)# Date: 2018-12-19# Exploit Author: s7acktrac3# Vendor Homepage: https://www.xmplay.com/# Software Link: https://support.xmplay.com/files_view.php 2018-12-21 Exploits s7acktrac3 vfocus.net Base64 Decoder 1.1.2 SEH Local Buffer Overflow http://www.qvwaow.tw/art/20181221/15041.html #!/usr/bin/env python# Exploit Author: bzyo# Twitter: @bzyo_# Exploit Title: Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)# Date: 12-20-18# Vulnerable Software: Base64 Decoder 1.1.2# Vendor Homepage: http://4mhz.de/b64dec.html# Version: 1.1.2# 2018-12-21 Exploits bzyo @bzyo_ LanSpy 2.0.1.159 Buffer Overflow http://www.qvwaow.tw/art/20181221/15040.html # Exploit Title: LanSpy 2.0.1.159 - Local Buffer Overflow (SEH) (Egghunter)# Exploit Author: bzyo# Date: 12-19-18# Twitter: @bzyo_# Vulnerable Software: LanSpy 2.0.1.159# Vendor Homepage: https://lizardsystems.com# Version: 2.0.1.159 # Software Link 2018-12-21 Exploits bzyo @bzyo_ Erlang Port Mapper Daemon Cookie Remote Code Execution http://www.qvwaow.tw/art/20181220/15039.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp def initialize(in 2018-12-20 Exploits wetw0rk metasploit.com Rukovoditel Project Management CRM 2.3.1 Remote Code Execution http://www.qvwaow.tw/art/20181220/15038.html ### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'uri'class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Expl 2018-12-20 Exploits AkkuS metasploit.com LanSpy 2.0.1.159 Local Buffer Overflow http://www.qvwaow.tw/art/20181220/15037.html #!/usr/bin/python#------------------------------------------------------------------------------------------------------------------------------------## Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCE(PoC) ## Date: 2018-12-16 ## Author: Juan P 2018-12-20 Exploits Prescotto vfocus.net PDF Explorer 1.5.66.2 SEH Buffer Overflow http://www.qvwaow.tw/art/20181220/15036.html # Exploit Title: PDF Explorer SEH Local Exploit# Original Discovery:Gionathan John Reale (DoS exploit)# Exploit Author: Achilles# Date: 18-12-2018# Vendor Homepage: http://www.rttsoftware.com/# Software Link: https://www.rttsoftware.com/files/PDFExp 2018-12-20 Exploits Achilles vfocus.net PassFab RAR 9.3.4 SEH Buffer Overflow http://www.qvwaow.tw/art/20181220/15035.html # Exploit Title: PassFab RAR Password Recovery SEH Local Exploit# Date: 16-12-2018# Vendor Homepage:https://www.passfab.com/products/rar-password-recovery.html# Software Link: https://www.passfab.com/downloads/passfab-rar-password-recovery.exe# Expl 2018-12-20 Exploits Achilles vfocus.net Linux Kernel 4.4 rtnetlink Stack Memory Disclosure http://www.qvwaow.tw/art/20181220/15034.html /* * [ Briefs ] * - CVE-2016-4486 has discovered and reported by Kangjie Lu. * - This is local exploit against the CVE-2016-4486. * * [ Tested version ] * - Distro : Ubuntu 16.04 * - Kernel version : 4.4.0-21-generic * - Arch : x86_64 * * [ Prerequi 2018-12-20 Exploits Park github.com/jinb-park Microsoft Windows jscript!JsArrayFunctionHeapSort Out-Of-Bounds Write http://www.qvwaow.tw/art/20181219/15033.html Windows: out-of-bounds write in jscript!JsArrayFunctionHeapSort CVE-2018-8631There is an out-of-bounds write vulnerability in jscript.dll in JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potential 2018-12-19 Exploits ifratric Google Security Research AnyBurn 4.3 Buffer Overflow / Denial Of Service http://www.qvwaow.tw/art/20181219/15032.html # Exploit Title: AnyBurn# Date: 15-12-2018=20# Vendor Homepage: http://www.anyburn.com/# Software Link : http://www.anyburn.com/anyburn_setup.exe# Exploit Author: Achilles# Tested Version: 4.3 (32-bit)# Tested on: Windows 7 x64# Vulnerability Type: 2018-12-19 Exploits Achilles vfocus.net Exel Password Recovery 8.2.0.0 Buffer Overflow / Denial Of Service http://www.qvwaow.tw/art/20181219/15031.html # Exploit Title: Excel Password Recovery Professional # Date: 15-12-2018 # Vendor Homepage:https://www.recoverlostpassword.com/# Software Link :https://www.recoverlostpassword.com/downloads/excel_password_recovery_pro_trial.exe# Exploit Author: Achi 2018-12-19 Exploits Achilles vfocus.net MegaPing Buffer Overflow / Denial Of Service http://www.qvwaow.tw/art/20181219/15030.html # Exploit Title: MegaPing# Date: 15-12-2018 # Vendor Homepage: http://www.magnetosoft.com/# Software Link: http://www.magnetosoft.com/downloads/win32/megaping_setup.exe# Exploit Author: Achilles# Tested Version: # Tested on: Windows 7 x64# Vulnerabi 2018-12-19 Exploits Achilles vfocus.net Nsauditor 3.0.28.0 Buffer Overflow http://www.qvwaow.tw/art/20181219/15029.html # Exploit Title: Nsauditor Local SEH Buffer Overflow# Date: 15-12-2018# Vendor Homepage:http://www.nsauditor.com# Software Link: http://www.nsauditor.com/downloads/nsauditor_setup.exe# Exploit Author: Achilles# Tested Version: 3.0.28.0# Tested on: W 2018-12-19 Exploits Achilles vfocus.net Windows Persistent Service Installer http://www.qvwaow.tw/art/20181218/15028.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'metasploit/framework/compiler/windows'class MetasploitModule Msf::Exploit::Local Rank = ExcellentRanking i 2018-12-18 Exploits Green-m metasploit.com Huawei Router HG532e Command Execution http://www.qvwaow.tw/art/20181217/15027.html #!/bin/python''' Author : Rebellion Github : @rebe11ion Twitter : @rebellion'''import urllib2,requests,os,sysfrom requests.auth import HTTPDigestAuthDEFAULT_HEADERS = {User-Agent: Mozilla, }DEFAULT_TIMEOUT = 5def fetch_url(url): global DEFAULT_HEADE 2018-12-17 Exploits Rebellion @rebellion Angry IP Scanner 3.5.3 Denial Of Service http://www.qvwaow.tw/art/20181217/15026.html #!/usr/bin/python# -*- coding: cp1252 -*-# Exploit Title: Angry IP Scanner 3.5.3 Denial of Service (PoC)# Author: Fernando Cruz# Date: 13/12/2018# Vendor Homepage: https://angryip.org# Tested Version: 3.11# Tested on Windows 10 Pro, 64-bit# Steps to 2018-12-17 Exploits Cruz vfocus.net Zortam MP3 Media Studio 24.15 Local Buffer Overflow http://www.qvwaow.tw/art/20181217/15025.html #Exploit Title: Zortam MP3 Media Studio Version 24.15 Exploit (SEH)#Version: 24.15#Exploit Author: Manpreet Singh Kheberi#Date: December 13 2018#Download Link: https://www.zortam.com/download.html#Vendor Homepage: https://www.zortam.com#Tested on: W 2018-12-17 Exploits Kheberi vfocus.net Cisco RV110W Password Disclosure / Command Execution http://www.qvwaow.tw/art/20181217/15024.html #!/usr/bin/env python2####### Cisco RV110W Password Disclosure and OS Command Execute.### Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)# Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute# Date: 2018-08# Exploi 2018-12-17 Exploits RySh vfocus.net 湖北11选5任选分布走势图一定牛
排列五走势图500 期 时时彩四码计划软件 新疆时时五星综合走势图 11选5胆拖复式投注表 河北时时开奖号码走势图 赌大小怎样玩 pk10技巧实战 飞艇免费计划7码 幸运飞艇必中计划软件手机 双色球开奖下载安装