1337day-Exploits

Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability. View the full article

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to create on deserialization. The cookie is processed by the application whenever it attempts to load the current user's profile data. This occurs when DNN is configured to handle 404 errors with its built-in error page (default configuration). An attacker can leverage this vulnerability to execute arbitrary code on the system. View the full article

This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, and creating a hard link to the Open VMware USB Arbitrator Service binary, we are able to launch it temporarily to start our payload with an effective UID of 0. View the full article

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr instance by first identifying a list of Solr core names. Once the core names have been identified, an attacker can send a specially crafted HTTP POST request to the Config API to toggle the params resource loader value for the Velocity Response Writer in the solrconfig.xml file to true. Enabling this parameter would allow an attacker to use the Velocity template parameter in a specially crafted Solr request, leading to remote code execution. View the full article

AIDA64 Engineer version 6.20.5300 Report File filename SEH buffer overflow exploit. View the full article

This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4. View the full article

MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities. View the full article

Oracle Coherence Fusion Middleware remote code execution exploit. Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. View the full article

DiskBoss version 7.7.14 Input Directory local buffer overflow proof of concept exploit. View the full article

This archive contains all of the 150 exploits added to Packet Storm in March, 2020. View the full article

10Strike LANState version 9.32 on x86 Host Check hostname SEH buffer overflow exploit. View the full article

DiskBoss version 7.7.14 suffers from a denial of service vulnerability. View the full article

KandNconcepts Club CMS versions 1.1 and 1.2 suffer from cross site scripting and remote SQL injection vulnerabilities. View the full article

Microsoft Windows 10 SMB version 3.1.1 SMBGhost local privilege escalation exploit. View the full article

DrayTek Vigor2960 version 1.3.1_Beta, Vigor3900 version 1.4.4_Beta, and Vigor300B versions 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta suffer from a remote command execution vulnerability. View the full article