1234 matches found
PHP-Fusion 9.03.60 - PHP Object Injection Exploit
Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.60 - PHP Object Injection Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 Description: PHP...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit targets the SMBGhost vulnerability in Windows operating systems, specifically Windows 10 and Windows Server 2016 and 2019. The...
UBUNTU-CVE-2020-14929
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Date: 2020-05-28 Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station 6.0.3 CVE: CVE-2019-7192, CVE-2019-7193...
Exploit for CVE-2020-11651
CVE-2020-11651 This is a POC for CVE-2020-11651, which obtain...
PT-2020-6291 · D Link · D-Link Dir-825
Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20 D-Link DIR-825/GF D-Link DIR-825/A/D1 D-Link DIR-825/AC/E1A Description: An issue was discovered in the web interface of D-Link DIR-825 devices, allowing attackers to achieve...
CVE-2018-11106
NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...
Command injection
NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...
CVE-2018-11106
NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...
CVE-2018-11106
NETGEAR devices affected: WC7500, WC7520, WC7600v1, WC7600v2, and WC9500. Issue: pre-authentication command injection in request_handler.php. Root cause: improper handling in the PHP request handler allows arbitrary commands to be executed before authentication. Impact (as stated): high confident...
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as soon as possible to 1.5.1 firmware or later This issue has been fixed in...
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices
Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices
Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 Pre-Auth POC c 2020 ZecOps, Inc. - https://ww...
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS 1.4.3 Pre Auth Template Injection Remote Code Execution', 'Description' = %q This module exploits a Preauth Server-Side Template Injectio...
CVE-2020-9054
Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...
CVE-2020-9054 ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi
Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...
VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi
” Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to...