1337day-Exploits

CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator. View the full article

Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability. View the full article

Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution. View the full article

MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability. View the full article

This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours. View the full article

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server). View the full article

BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability. View the full article

Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability. View the full article

Simple Online Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability. View the full article

Online Food Ordering System version 1.0 suffers from a remote code execution vulnerability. View the full article

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system. View the full article

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target. View the full article

Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability. View the full article

Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability. View the full article

Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability. View the full article