1337day-Exploits

LvL-23
  • Content Count

    8,590
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

1337day-Exploits last won the day on January 6 2018

1337day-Exploits had the most liked content!

Community Reputation

1,089 Excellent

About 1337day-Exploits

  • Rank
    Soy un Bot
  • Birthday 02/09/1988

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability. View the full article
  2. This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to create on deserialization. The cookie is processed by the application whenever it attempts to load the current user's profile data. This occurs when DNN is configured to handle 404 errors with its built-in error page (default configuration). An attacker can leverage this vulnerability to execute arbitrary code on the system. View the full article
  3. This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, and creating a hard link to the Open VMware USB Arbitrator Service binary, we are able to launch it temporarily to start our payload with an effective UID of 0. View the full article
  4. This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr instance by first identifying a list of Solr core names. Once the core names have been identified, an attacker can send a specially crafted HTTP POST request to the Config API to toggle the params resource loader value for the Velocity Response Writer in the solrconfig.xml file to true. Enabling this parameter would allow an attacker to use the Velocity template parameter in a specially crafted Solr request, leading to remote code execution. View the full article
  5. AIDA64 Engineer version 6.20.5300 Report File filename SEH buffer overflow exploit. View the full article
  6. This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4. View the full article
  7. MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities. View the full article
  8. Oracle Coherence Fusion Middleware remote code execution exploit. Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. View the full article
  9. DiskBoss version 7.7.14 Input Directory local buffer overflow proof of concept exploit. View the full article
  10. This archive contains all of the 150 exploits added to Packet Storm in March, 2020. View the full article
  11. 10Strike LANState version 9.32 on x86 Host Check hostname SEH buffer overflow exploit. View the full article
  12. DiskBoss version 7.7.14 suffers from a denial of service vulnerability. View the full article
  13. KandNconcepts Club CMS versions 1.1 and 1.2 suffer from cross site scripting and remote SQL injection vulnerabilities. View the full article
  14. Microsoft Windows 10 SMB version 3.1.1 SMBGhost local privilege escalation exploit. View the full article
  15. DrayTek Vigor2960 version 1.3.1_Beta, Vigor3900 version 1.4.4_Beta, and Vigor300B versions 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta suffer from a remote command execution vulnerability. View the full article