1337day-Exploits

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance. View the full article

OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe. View the full article

Human Resource Information System version 0.1 suffers from a persistent cross site scripting vulnerability. View the full article

Microweber CMS versions 1.1.20 and below suffer from a remote code execution vulnerability. View the full article

Backdoor.Win32.Antilam.13.a malware suffers from a code execution vulnerability. View the full article

Backdoor.Win32.MotivFTP.12 malware suffers from bypass and code execution vulnerabilities. View the full article

TFTP Broadband version 4.3.0.1465 suffers from an unquoted service path vulnerability. View the full article

BOOTP Turbo version 2.0.0.1253 suffers from an unquoted service path vulnerability. View the full article

DHCP Broadband version 4.1.0.1503 suffers from an unquoted service path vulnerability. View the full article

PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability. View the full article

PHP Timeclock version 1.04 suffers from multiple cross site scripting vulnerabilities. View the full article

This Metasploit module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If the user visits the site in another browser, the user must click once to unzip the app, and click again in order to execute the payload. View the full article

Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability. View the full article

WifiHotSpot version 1.0.0.0 suffers from an unquoted service path vulnerability. View the full article

Android suffers from memory disclosure, out-of-bounds write, and double-free vulnerabilities in NFC's Felica tag handling. View the full article

Voting System version 1.0 suffers from a remote shell upload vulnerability. View the full article

Human Resource Information System version 0.1 suffers from a remote code execution vulnerability. View the full article

Voting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Syed Sheeraz Ali in May of 2021. View the full article

Sandboxie Plus version 0.7.4 suffers from an unquoted service path vulnerability. View the full article

Sandboxie version 5.49.7 suffers from a denial of service vulnerability. View the full article

b2evolution version 7-2-2 suffers from a remote SQL injection vulnerability. View the full article

WordPress WP Super Edit plugin version 2.5.4 suffers from an arbitrary file upload vulnerability. View the full article

Schlix CMS version 2.2.6-6 suffers from a remote code execution vulnerability. View the full article

Schlix CMS version 2.2.6-6 suffers from a persistent cross site scripting vulnerability. View the full article

Xmind version 2020 suffers from a cross site scripting vulnerability that can lead to remote code execution. View the full article