1337day-Exploits

Backdoor.Win32.NetBull.11.a malware suffers from a remote buffer overflow vulnerability. View the full article

Email-Worm.Win32.Agent.gi malware suffers from a remote stack buffer overflow vulnerability. View the full article

Constructor.Win32.SMWG.c malware suffers from an insecure permissions vulnerability. View the full article

Constructor.Win32.SMWG.a suffers from an insecure permissions vulnerability. View the full article

Newfuture Trojan V.1.0 BETA 1 malware suffers from an insecure permissions vulnerability. View the full article

osTicket 1.14.2 suffers from a server-side request forgery vulnerability. View the full article

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor. View the full article

Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. View the full article

Inteno IOPSYS version 3.16.4 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem. View the full article

Backdoor.Win32.Mnets malware suffers from a remote stack buffer overflow vulnerability. View the full article

Backdoor.Win32.Whgrx malware suffers from a remote host header stack buffer overflow vulnerability. View the full article

Life Insurance Management System version 1.0 suffers from a remote shell upload vulnerability. View the full article

Life Insurance Management System version 1.0 suffers from a remote SQL injection vulnerability. View the full article

Backdoor.Win32.Latinus.b malware suffers from a remote buffer overflow vulnerability. View the full article

MaskPE by yzkzero is a tool for implanting backdoors in existing PE files. The backdoor tool does not properly check the files it loads and falls victim to a file based local buffer overflow. View the full article

Xwiki CMS version 12.10.2 suffers from a cross site scripting vulnerability. View the full article

MaskPE by yzkzero is a tool for implanting backdoors in existing PE files. The backdoor tool does not properly check the files it loads and falls victim to a file based local buffer overflow. View the full article

ZynOS scanning script that exploits an unauthenticated rom-o file disclosure containing the router password. View the full article

This Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user. View the full article

Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross scripting vulnerability in this version is attributed to Valerio Alessandroni in December of 2020. View the full article

E-Learning System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and also suffers from remote code execution via file upload functionality. View the full article

Backdoor.Win32.Ncx.bt malware suffers from a remote stack buffer overflow vulnerability. View the full article

EyesOfNetwork version 5.3 suffers from a remote code execution vulnerability that leverages file upload. Original discovery of remote code execution in this version is attributed to Clement Billac in February of 2020. View the full article

Online Hotel Reservation System version 1.0 suffers from a cross site request forgery vulnerability. View the full article

Online Hotel Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version was discovered by Richard Jones in January of 2021. View the full article