CVE-2017-14909

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated...

Ruby: NET::Ftp allows command injection in filenames

Hi While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll note: def gettextfileremotefile, localfile = File.basenameremotefil...

WAGO PFC 200 SERIES Multiple Vulnerabilities

Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...

CRITICAL CODESYS VULNERABILITIES IN WAGO PFC 200 SERIES

VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface for any application.” Source:...

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability tha...

The vulnerability of the Vesta Control Panel server’s control panel lies in the lack of checking for the presence of a user session. This allows attackers to perform various manipulations on files and directories located on the server.

The vulnerability of the Vesta Control Panel’s control panel lies in the lack of checking for the presence of a user session in the files.php file web/file-manager/, which is responsible for the operation of the control panel’s file manager. Exploiting this vulnerability allows an attacker to...

Photo Fusion - Arbitrary File Upload

Exploit Title: Photo Fusion - Free Stock Photos Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/photo-fusion-free-stock-photos-script/20115244 Demo: http://teamworktec.com/demo/photos-fusion/ Version: N/...

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

74cms the latest version of a arbitrary file read

Any file read in C:\phpStudy\WWW\Application\Home\Controller\MembersController.class.php中的 saveavatar function ! Can be seen in Section 646 row, using the copy Function, the$path the file contents is copied to$filename. In the 638 exercise with$avatar splice form$path,in the first 643 and 644 lin...

Command injection

MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...

Dup Scout Enterprise 9.9.14 Buffer Overflow

!/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 22/08/2017 Software Link :...

EggShell - iOS/macOS Remote Administration Tool

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

Directory Traversal

contao/core-bundle is vulnerable to directory traversal attacks. A logged in, back-end user can include and exclude local PHP files through URL manipulation...

CVE-2016-6793

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service infinite loop and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a...

Design/Logic Flaw

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service infinite loop and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a...

Orangescrum 1.6.1 File Upload / Cross Site Scripting

Exploit Title: Orangescrum 1.6.1 Multiple Vulnerabilities Google Dork: NA Date: July 9 2017 Exploit Author: [email protected] Author blog : cupuzone.wordpress.com Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/free-download Version: 1.6.1 Tested on:...

Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...