WebDAV Server Serving DLL

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Serve DLL via webdav server', 'Description' = %q This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module...

CyberArk 9.7 - Memory Disclosure

CyberArk 9.7 - Memory Disclosure Exploit Title: CyberArk 9.7 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 200...

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit

Exploit for asp platform in category web applications Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link:...

Security update for ghostscript (important)

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V Tested on...

CVE-2018-16367

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a include...

Improper access control

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a include...

CVE-2018-16367

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a include...

Code injection

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files...

Directory traversal

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed...

CVE-2018-14281

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Directory traversal

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002205

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002207

CVE-2018-1002207 affects the mholt/archiver Go package. The vulnerability stems from directory traversal in archive extraction ("../" path components), enabling an attacker to write to arbitrary files on the host. Affected: versions prior to the commit e4ef56d48eb029648b0e895bb0b6a393ef0829c3. Im...

Arbitrary File Writing

DotNetZip.Semverd is vulnerable to arbitrary file writing aka zip-slip vulnerability. The vulnerability is possible because it does not check that the relative paths in a zip file don't go outside of the target directory...

CVE-2018-7771

CVE-2018-7771 affects Schneider Electric U.motion Builder (versions prior to v1.3.4). The vulnerability is a directory traversal in editscript.php that allows a caller with standard user privileges to write arbitrary PHP files anywhere in the web service directory tree. Reported impact includes p...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

FreeBSD : KWallet-PAM -- Access to privileged files (83a548b5-4fa5-11e8-9a8e-001e2a3f778d)

The KDE Community reports : kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. C Tenable Network Security, Inc. The descriptive tex...

KWallet-PAM -- Access to privileged files

The KDE Community reports: kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system...