1337day-Exploits

LvL-23
  • Content Count

    10,880
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance. View the full article
  2. OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe. View the full article
  3. Human Resource Information System version 0.1 suffers from a persistent cross site scripting vulnerability. View the full article
  4. Microweber CMS versions 1.1.20 and below suffer from a remote code execution vulnerability. View the full article
  5. Backdoor.Win32.Antilam.13.a malware suffers from a code execution vulnerability. View the full article
  6. Backdoor.Win32.MotivFTP.12 malware suffers from bypass and code execution vulnerabilities. View the full article
  7. TFTP Broadband version 4.3.0.1465 suffers from an unquoted service path vulnerability. View the full article
  8. BOOTP Turbo version 2.0.0.1253 suffers from an unquoted service path vulnerability. View the full article
  9. DHCP Broadband version 4.1.0.1503 suffers from an unquoted service path vulnerability. View the full article
  10. PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability. View the full article
  11. PHP Timeclock version 1.04 suffers from multiple cross site scripting vulnerabilities. View the full article
  12. 1337day-Exploits

    ExploitsmacOS Gatekeeper Check Bypass

    This Metasploit module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If the user visits the site in another browser, the user must click once to unzip the app, and click again in order to execute the payload. View the full article
  13. Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability. View the full article
  14. WifiHotSpot version 1.0.0.0 suffers from an unquoted service path vulnerability. View the full article
  15. Android suffers from memory disclosure, out-of-bounds write, and double-free vulnerabilities in NFC's Felica tag handling. View the full article
  16. 1337day-Exploits

    ExploitsVoting System 1.0 Shell Upload

    Voting System version 1.0 suffers from a remote shell upload vulnerability. View the full article
  17. Human Resource Information System version 0.1 suffers from a remote code execution vulnerability. View the full article
  18. Voting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Syed Sheeraz Ali in May of 2021. View the full article
  19. Sandboxie Plus version 0.7.4 suffers from an unquoted service path vulnerability. View the full article
  20. Sandboxie version 5.49.7 suffers from a denial of service vulnerability. View the full article
  21. b2evolution version 7-2-2 suffers from a remote SQL injection vulnerability. View the full article
  22. WordPress WP Super Edit plugin version 2.5.4 suffers from an arbitrary file upload vulnerability. View the full article
  23. Schlix CMS version 2.2.6-6 suffers from a remote code execution vulnerability. View the full article
  24. Schlix CMS version 2.2.6-6 suffers from a persistent cross site scripting vulnerability. View the full article
  25. Xmind version 2020 suffers from a cross site scripting vulnerability that can lead to remote code execution. View the full article