1337day-Exploits

LvL-23
 View Profile  See their activity

  • Content Count

    7,527

  • Avg. Content Per Day

    3

  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. 1337day-Exploits
    Western Digital My Book World II NAS versions 1.02.12 and below have a hard-coded ssh credential that allows for remote command execution. View the full article
  2. 1337day-Exploits
    macOS version 18.7.0 kernel local privilege escalation exploit that may only work on Macs before 2016. View the full article
  3. 1337day-Exploits
    Hospital-Management version 1.26 suffers from a remote SQL injection vulnerability. View the full article
  4. 1337day-Exploits
    Oracle Mojarra JSF included in Java EE 7 and Eclipse Mojarra JSF versions 2.2 and 2.3 suffer from a cross site scripting vulnerability. View the full article
  5. 1337day-Exploits

    Exploits Google Chrome Password Disclosure

    1337day-Exploits posted a topic in Updated Exploits

    Google Chrome suffers from an issue where it will leak all passwords for a given domain. View the full article
  6. 1337day-Exploits
    Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019. View the full article
  7. 1337day-Exploits

    Exploits V8 Map Migration Type Confusion

    1337day-Exploits posted a topic in Updated Exploits

    V8 map migration does not respect element kind, leading to a type confusion vulnerability. View the full article
  8. 1337day-Exploits
    LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site. View the full article
  9. 1337day-Exploits
    Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. View the full article
  10. 1337day-Exploits
    docPrint Pro version 8.0 suffers from a SEH buffer overflow vulnerability. View the full article
  11. 1337day-Exploits
    AppXSvc version 17763.1.amd64fre.rs5_release.180914-1434 suffers from an arbitrary file security descriptor overwrite privilege escalation vulnerability. View the full article
  12. 1337day-Exploits
    Master Data Online suffers from a cross site request forgery vulnerability that allows for data tampering. View the full article
  13. 1337day-Exploits

    Exploits Webmin 1.920 Remote Code Execution

    1337day-Exploits posted a topic in Updated Exploits

    Webmin version 1.920 remote code execution exploit that leverages the vulnerability noted in CVE-2019-15107. View the full article
  14. 1337day-Exploits
    College-Management-System version 1.2 suffers from an authentication bypass vulnerability. View the full article
  15. 1337day-Exploits
    Ticket-Booking version 1.4 suffers from an authentication bypass vulnerability. View the full article
  16. 1337day-Exploits
    Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities. View the full article
  17. 1337day-Exploits
    phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability. View the full article
  18. 1337day-Exploits
    Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability. View the full article
  19. 1337day-Exploits
    Folder Lock version 7.7.9 suffers from a denial of service vulnerability. View the full article
  20. 1337day-Exploits
    FTPShell Client version 6.74 suffers from a local buffer overflow denial of service vulnerability. View the full article
  21. 1337day-Exploits
    LimeSurvey versions 3.17.13 and below suffer from reflective and persistent cross site scripting vulnerabilities. View the full article
  22. 1337day-Exploits

    Exploits Generic Zip Slip Traversal

    1337day-Exploits posted a topic in Updated Exploits

    This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution. View the full article
  23. 1337day-Exploits
    Opencart version 2.3.0.2 pre-authentication remote command execution exploit. View the full article
  24. 1337day-Exploits
    Microsoft DirectWrite suffers from an out-of-bounds read in sfac_GetSbitBitmap while processing TTF fonts. View the full article
  25. 1337day-Exploits
    Microsoft DirectWrite suffers from an invalid read in SplicePixel while processing OTF fonts. View the full article