1337day-Exploits

LvL-23
  • Content Count

    6,583
  • Avg. Content Per Day

    2
  • Joined

  • Last visited

  • Days Won

    1

1337day-Exploits last won the day on January 6 2018

1337day-Exploits had the most liked content!

Community Reputation

859 Excellent

4 Followers

About 1337day-Exploits

  • Rank
    Soy un Bot
  • Birthday 02/09/1988

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Titan FTP Server 2019 build 3505 suffers from a directory traversal vulnerability. View the full article
  2. RedTeam Pentesting discovered that the shell function "getopt_simple", as presented in the "Advanced Bash-Scripting Guide", allows execution of attacker-controlled commands. View the full article
  3. WordPress article2pdf plugin versions 0.24 and above suffer from resource exhaustion, arbitrary file download, and file deletion vulnerabilities. View the full article
  4. DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp. View the full article
  5. PCMan FTP Server version 2.0 CDUP remote buffer overflow exploit. View the full article
  6. SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities. View the full article
  7. Zeeways Jobsite CMS suffers from a remote SQL injection vulnerability. View the full article
  8. Zeeways Matrimony CMS suffers from a remote SQL injection vulnerability. View the full article
  9. The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15. View the full article
  10. The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a trusted VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.0.2. View the full article
  11. Jettweb PHP Hazir Haber Sitesi Scripti version 3 suffers from multiple remote SQL injection vulnerabilities. View the full article
  12. Jettweb PHP Hazir Haber Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass. View the full article
  13. Five WordPress plugins suffer from open redirection vulnerabilities. Affected includes The-CL-Amazon-Thingy plugin version 1.0, Google Document Embedder version 2.5.8, VJ-Slider version 1.0, WPUSW plugin version 1.0, and Angsumans Translator Gold version 2.3. View the full article
  14. Jettweb PHP Hazir Haber Sitesi Scripti version 1 suffers from multiple remote SQL injection vulnerabilities. View the full article
  15. X-NetStat Pro version 5.63 local buffer overflow exploit with egghunter. View the full article