1337day-Exploits

LvL-23
  • Content Count

    9,437
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

1337day-Exploits last won the day on January 6 2018

1337day-Exploits had the most liked content!

Community Reputation

1,203 Excellent

About 1337day-Exploits

  • Rank
    Soy un Bot
  • Birthday 02/09/1988

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. 1337day-Exploits

    ExploitsCloudMe 1.11.2 Buffer Overflow

    CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator. View the full article
  2. Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability. View the full article
  3. Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution. View the full article
  4. MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability. View the full article
  5. This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours. View the full article
  6. This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server). View the full article
  7. BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability. View the full article
  8. Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability. View the full article
  9. Simple Online Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability. View the full article
  10. Online Food Ordering System version 1.0 suffers from a remote code execution vulnerability. View the full article
  11. This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system. View the full article
  12. An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target. View the full article
  13. Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability. View the full article
  14. Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability. View the full article
  15. Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability. View the full article