1337day-Exploits

LvL-23
  • Content Count

    12,040
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

1337day-Exploits last won the day on January 6 2018

1337day-Exploits had the most liked content!

Community Reputation

1,373 Excellent

About 1337day-Exploits

  • Rank
    Soy un Bot
  • Birthday 02/09/1988

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities. View the full article
  2. Backdoor.Win32.WinShell.50 malware suffers from a hard-coded password vulnerability. View the full article
  3. WordPress All-In-One Video Gallery plugin versions 2.4.9 and below suffer from a local file inclusion vulnerability. View the full article
  4. This Metasploit module exploits a vulnerability in Ubuntu's implementation of overlayfs. The vulnerability is the result of failing to verify the ability of a user to set the attributes in a running executable. Specifically, when Overlayfs sends the set attributes data to the underlying file system via vfs_setxattr, it fails to first verify the data by calling cap_convert_nscap. This vulnerability was patched by moving the call to cap_convert_nscap into the vfs_setxattr function that sets the attribute, forcing verification every time the vfs_setxattr is called rather than trusting the data was already verified. View the full article
  5. WordPress Slider By Soliloquy plugin version 2.6.2 suffers from a persistent cross site scripting vulnerability. View the full article
  6. Backdoor.Win32.WinShell.50 malware suffers from a hard-coded password vulnerability. View the full article
  7. WordPress DZS Zoomsounds plugin version 6.45 suffers from an unauthenticated arbitrary file read vulnerability. View the full article
  8. Online Magazine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. View the full article
  9. Backdoor.Win32.Bionet.10 malware suffers from bypass and code execution vulnerabilities. View the full article
  10. Backdoor.Win32.Vernet.axt malware suffers from an insecure permissions vulnerability. View the full article
  11. 1337day-Exploits

    ExploitsM-Files Web Denial Of Service

    M-Files Web versions prior to 20.10.9524.1 and M-Files Web versions prior to 20.10.9445.0 contain an improper range header processing vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges (via HTTP requests with a specially-crafted Range or Request-Range headers) to cause the web application to compress each of the requested bytes, resulting in a crash due to excessive memory and CPU consumption and preventing users from accessing the system. View the full article
  12. Online Pre-Owned / Used Car Showroom Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. View the full article
  13. Trojan.Win32.Mucc.ivk malware suffers from an unquoted service path vulnerability. View the full article
  14. DuckDuckGo version 7.64.4 suffers from an address bar spoofing vulnerability. View the full article
  15. 1337day-Exploits

    ExploitsAndroid vold Unsafe Mounting

    Android's vold's incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold's IPC handlers related to incremental-fs (mountIncFs, unmountIncFs, bindMount) allow system_server to specify semi-arbitrary paths, allowing system_server to trigger mounting on directories that shouldn't be under system_server control. View the full article