1337day-Exploits

LvL-23
  • Content Count

    12,915
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

1337day-Exploits last won the day on January 6 2018

1337day-Exploits had the most liked content!

Community Reputation

1,592 Excellent

About 1337day-Exploits

  • Rank
    Soy un Bot
  • Birthday 02/09/1988

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server). View the full article
  2. 1337day-Exploits

    ExploitsChromeOS usbguard Bypass

    ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues. View the full article
  3. 1337day-Exploits

    ExploitsqdPM 9.1 Remote Code Execution

    qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal. View the full article
  4. The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running. View the full article
  5. Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability. View the full article
  6. 1337day-Exploits

    ExploitsCLink Office 2.0 SQL Injection

    CLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability. View the full article
  7. This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms. View the full article
  8. 1337day-Exploits

    ExploitsiTop Remote Command Execution

    iTop versions prior to 2.7.5 authenticated remote command execution exploit. View the full article
  9. m1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability. View the full article
  10. Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability. View the full article
  11. Blockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities. View the full article
  12. OpenCart Newsletter module version 3.0.2.0 suffers from a remote blind SQL injection vulnerability. View the full article
  13. 1337day-Exploits

    ExploitsLinux USB Use-After-Free

    Linux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions. View the full article
  14. The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected. View the full article
  15. LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability. View the full article