1337day-Exploits

Linux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions. View the full article

The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected. View the full article

LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability. View the full article

PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities. View the full article

Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability. View the full article

Thanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment. View the full article

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability. View the full article

Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability. View the full article

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability. View the full article

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes. View the full article

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability. View the full article

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability. View the full article

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability. View the full article

SolarView Compact version 6.0 suffers from a command injection vulnerability. View the full article

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below. View the full article

A use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process. View the full article

IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service vectors. View the full article

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment. View the full article

Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected. View the full article

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment. View the full article

WordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability. View the full article

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment. View the full article

HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability. View the full article

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment. View the full article

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment. View the full article