Jump to content
YOUR-AD-HERE

BOT1337day-Exploits

BOTBots
  • Posts

    15,190
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary executable as SYSTEM. If the current user is a local admin, the system will attempt impersonation and the exploit will fail.View the full article
  2. RoyalTSX version 6.0.1 suffers from an RTSZ file handling heap memory corruption vulnerability. The application receives SIGABRT after the RAPortCheck.createNWConnection() function is handling the SecureGatewayHost object in the RoyalTSXNativeUI. When the hostname has an array of around 1600 bytes and the Test Connection is clicked the application crashes instantly.View the full article
  3. OPNsense versions 23.1.11_1, 23.7.3, and 23.7.4 suffer from cross site scripting vulnerabilities that can allow for privilege escalation.View the full article
  4. LogoBee CMS version 0.2 suffers from a cross site scripting vulnerability.View the full article
  5. Lamano LMS version 0.1 suffers from an ignored default credential vulnerability.View the full article
  6. Elasticsearch version 8.5.3 stack overflow proof of concept exploit.View the full article
  7. Taskhub version 2.8.8 suffers from a cross site scripting vulnerability.View the full article
  8. Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running - which is typically root.View the full article
  9. Luxcal Event Calendar version 3.2.3 suffers from a cross site request forgery vulnerability.View the full article
  10. Lamano CMS version 2.0 suffers from a cross site request forgery vulnerability.View the full article
  11. WordPress Theme My Login 2FA plugin versions prior to 1.2 suffer from a brute forcing vulnerability.View the full article
  12. This Metasploit module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow version 1.10.10. The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any authenticated user to run arbitrary OS commands as the user running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's Experimental REST API to perform malicious actions such as creating the vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation and command injection, leading to unauthenticated remote code execution.View the full article
  13. An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.View the full article
  14. WordPress Essential Blocks plugin versions 4.2.0 and below and Essential Blocks Pro versions 1.1.0 and below suffer from multiple PHP object injection vulnerabilities.View the full article
  15. Taskhub version 2.8.7 suffers from a remote SQL injection vulnerability.View the full article
  16. Packers and Movers Management System version 1.0 suffers from a remote blind SQL injection vulnerability. Proof of concept exploit written in python included.View the full article
  17. Super Store Finder versions 3.7 and below suffer from a remote command execution vulnerability.View the full article
  18. Lamano CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.View the full article
  19. Lacabane version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.View the full article
  20. Free and Open Source Inventory Management System version 1.0 suffers from a remote SQL injection vulnerability.View the full article
  21. Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versions before 10 R10.10.0 are affected.View the full article
  22. PTC - Codebeamer versions 22.10-SP7 and below, 22.04-SP5 and below, and 21.09-SP13 and below suffer from a cross site scripting vulnerability.View the full article
  23. This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs during the processing of 3/5/8/100/101/102 item data types. The program tries to copy the item data using qmemcopy to a fixed size data buffer on stack. Upon successful exploitation the attacker gains full access to the target system. This vulnerability has been tested against Ivanti Avalanche MDM version 6.4.0.0 on Windows 10.View the full article
  24. Razer Synapse versions before 3.8.0428.042117 (20230601) suffer from multiple vulnerabilities. Due to an unsafe installation path, improper privilege management, and a time-of-check time-of-use race condition, the associated system service "Razer Synapse Service" is vulnerable to DLL hijacking. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.View the full article
  25. KPOT Stealer CMS 2.0 suffers from a directory traversal vulnerability.View the full article
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.