1337day-Exploits

ElasticSearch version 7.13.3 memory disclosure exploit. View the full article

Microsoft SharePoint Server 2019 remote code execution exploit. View the full article

WordPress Simple Post plugin version 1.1 suffers from a persistent cross site scripting vulnerability. View the full article

This Metasploit module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. View the full article

This Metasploit module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/.php. View the full article

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory. View the full article

Ampache version 4.4.2 suffers from a cross site scripting vulnerability. View the full article

CSZ CMS version 1.2.9 suffers from an arbitrary file deletion vulnerability. View the full article

News Portal Project version 3.1 suffers from multiple remote time-based SQL injection vulnerabilities. View the full article

Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020. View the full article

Vehicle Parking Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to gh1mau in July of 2020. View the full article

Vehicle Parking Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Tushar Vaidya in February of 2021. View the full article

KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. View the full article

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism. View the full article

KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely. View the full article

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. View the full article

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege. View the full article

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell. View the full article

WordPress KN Fix Your Title plugin version 1.0.1 suffers from a cross site scripting vulnerability. View the full article

Backdoor.Win32.IRCBot.gen malware suffers from an unauthenticated remote command execution vulnerability. View the full article

WordPress Mimetic Books plugin version 0.2.13 suffers from a persistent cross site scripting vulnerability. View the full article

Trojan-Spy.Win32.SpyEyes.hqd malware suffers from an insecure permissions vulnerability. View the full article

Trojan-Spy.Win32.SpyEyes.abdb malware suffers from an insecure permissions vulnerability. View the full article

Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit. View the full article

Backdoor.Win32.Agent.bjev malware suffers from an insecure permissions vulnerability. View the full article