1337day-Exploits

LvL-23
  • Content Count

    6,791
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact. View the full article
  2. Lavavo CD Ripper version 4.20 license activation name SEH buffer overflow exploit. View the full article
  3. osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities. View the full article
  4. JioFi 4G M2S version 1.0.2 suffers from a denial of service vulnerability. View the full article
  5. JioFi 4G M2S version 1.0.2 suffers from cross site scripting and html injection vulnerabilities. View the full article
  6. Backup Key Recovery version 2.2.4 denial of service proof of concept exploit. View the full article
  7. HeidiSQL Portable version 10.1.0.5464 denial of service proof of concept exploit. View the full article
  8. AnMing MP3 CD Burner version 2.0 denial of service proof of concept exploit. View the full article
  9. Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray. View the full article
  10. In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell. View the full article
  11. The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege. View the full article
  12. Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities. View the full article
  13. The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module. View the full article
  14. 74CMS version 5.0.1 suffers from a cross site request forgery vulnerability. View the full article
  15. 1337day-Exploits

    Exploits Linux Overflow Via FUSE

    Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage. View the full article
  16. This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below. View the full article
  17. Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group. View the full article
  18. UliCMS versions 2019.2 and 2019.1 suffers from multiple cross site scripting vulnerabilities. View the full article
  19. systemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit. View the full article
  20. Msvod version 10 suffers from a cross site request forgery vulnerability. View the full article
  21. WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities. View the full article
  22. Google Chrome version 73.0.3683.103 V8 JavaScript Engine out-of-memory in invalid table size denial of service proof of concept exploit. View the full article
  23. Ease Audio Converter version 5.30 .mp4 denial of service proof of concept exploit. View the full article
  24. LabF nfsAxe version 3.7 ping client buffer overflow exploit. View the full article
  25. Zikula Core CMS version 2.0.13 suffers from a database disclosure vulnerability. View the full article