1337day-Exploits

LvL-23
 View Profile  See their activity

  • Content Count

    6,791

  • Avg. Content Per Day

    3

  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. 1337day-Exploits
    This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact. View the full article
  2. 1337day-Exploits
    Lavavo CD Ripper version 4.20 license activation name SEH buffer overflow exploit. View the full article
  3. 1337day-Exploits
    osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities. View the full article
  4. 1337day-Exploits
    JioFi 4G M2S version 1.0.2 suffers from a denial of service vulnerability. View the full article
  5. 1337day-Exploits
    JioFi 4G M2S version 1.0.2 suffers from cross site scripting and html injection vulnerabilities. View the full article
  6. 1337day-Exploits
    Backup Key Recovery version 2.2.4 denial of service proof of concept exploit. View the full article
  7. 1337day-Exploits
    HeidiSQL Portable version 10.1.0.5464 denial of service proof of concept exploit. View the full article
  8. 1337day-Exploits
    AnMing MP3 CD Burner version 2.0 denial of service proof of concept exploit. View the full article
  9. 1337day-Exploits
    Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray. View the full article
  10. 1337day-Exploits
    In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell. View the full article
  11. 1337day-Exploits
    The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege. View the full article
  12. 1337day-Exploits
    Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities. View the full article
  13. 1337day-Exploits
    The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module. View the full article
  14. 1337day-Exploits
    74CMS version 5.0.1 suffers from a cross site request forgery vulnerability. View the full article
  15. 1337day-Exploits

    Exploits Linux Overflow Via FUSE

    1337day-Exploits posted a topic in Updated Exploits

    Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage. View the full article
  16. 1337day-Exploits
    This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below. View the full article
  17. 1337day-Exploits
    Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group. View the full article
  18. 1337day-Exploits
    UliCMS versions 2019.2 and 2019.1 suffers from multiple cross site scripting vulnerabilities. View the full article
  19. 1337day-Exploits
    systemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit. View the full article
  20. 1337day-Exploits
    Msvod version 10 suffers from a cross site request forgery vulnerability. View the full article
  21. 1337day-Exploits
    WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities. View the full article
  22. 1337day-Exploits
    Google Chrome version 73.0.3683.103 V8 JavaScript Engine out-of-memory in invalid table size denial of service proof of concept exploit. View the full article
  23. 1337day-Exploits
    Ease Audio Converter version 5.30 .mp4 denial of service proof of concept exploit. View the full article
  24. 1337day-Exploits
    LabF nfsAxe version 3.7 ping client buffer overflow exploit. View the full article
  25. 1337day-Exploits
    Zikula Core CMS version 2.0.13 suffers from a database disclosure vulnerability. View the full article