CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code...

CVE-2020-5741

Plex Media Server on Windows prior to version 1.19.3 is affected by CVE-2020-5741: an authenticated attacker can trigger unsafe Python pickle deserialization (Dict file) during camera-upload related processing, leading to remote code execution as the OS user who runs Plex. Public references descr...

PT-2020-6851 · Plex · Plex Media Server

Name of the Vulnerable Software and Affected Versions: Plex Media Server affected versions not specified Description: The issue concerns the deserialization of untrusted data in Plex Media Server, allowing a remote, authenticated attacker to execute arbitrary Python code. This can be exploited by...

CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Recent assessments: zeroSteiner at November 11, 2020 6:24pm UTC reported: A vulnerability exists within Plex that allows an authenticated attacker to submit...

Plex Media Server Input Validation Error Vulnerability

Plex Media Server is a media player and media server software. A security vulnerability exists in Plex Media Server Windows that stems from faulty access control. A local attacker can exploit the vulnerability to execute arbitrary Python code with SYSTEM privileges...

Input validation

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges...

CVE-2020-5740

Plex Media Server (Windows) is affected by CVE-2020-5740 due to improper input validation. The vulnerability allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges through the Plex update service/related input handling. This is a local privilege-escalatio...

CVE-2020-5740

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges...

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption

import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and 3 versions now, tested successfully. Sample test password LOOOOONGPASSWORD! =...

Remote Code Execution (RCE)

Cobbler is vulnerable to Remote Code Execution RCE. A code injection flaw was found in the way Cobbler processed templates for kickstart files. A remote, authenticated user, that has the Configuration Administrator role privilege, could use this flaw to create a specially-crafted kickstart templa...

DiskBoss 7.7.14 Local Buffer Overflow

Exploit Title: DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow PoC Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Exploit Author: Paras Bhatia Discovery Date: 2020-04-01 Vulnerable...

DiskBoss 7.7.14 Denial Of Service

Exploit Title: DiskBoss 7.7.14 - Denial of Service PoC Date: 2020-04-01 Exploit Author: Paras Bhatia Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Vulnerable Software: DiskBoss Version: 7.7.14...

FlashFXP 4.2.0 Build 1730 - Denial of Service Exploit

Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Vulnerable Software: FlashFXP Version: 4.2.0 Build 1730 Vulnerability Type:...

Odin Secure FTP Expert 7.6.3 - (Site Info) Denial of Service Exploit

Exploit Title: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service PoC Discovery by: Ivan Marmolejo Vendor Homepage: https://odin-secure-ftp-expert.jaleco.com/ Software Link Download : http://tr.oldversion.com/windows/odin-secure-ftp-expert-7-6-3 Version : Odin Secure FTP Expert 7.6.3...

Everest 5.50.2100 Denial Of Service

Exploit Title: Everest 5.50.2100 - 'Open File' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-24 Software Link : http://www.lavalys.com/ Tested Version: 5.50.2100 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10 Home Single Language Steps to...

AnyBurn 4.8 - Buffer Overflow (SEH) Exploit

Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterprise x64 Vulnerability Type: Buffer...

Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution

Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Date: 2020-02-28 Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...

AbsoluteTelnet 11.12 - "license name" Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Typ...

RarmaRadio 2.72.4 - username Denial of Service (PoC)

RarmaRadio 2.72.4 - username Denial of Service PoC Exploit Title: RarmaRadio 2.72.4 - 'username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.e...

P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)

Exploit Title: P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-02-02 Vendor Homepage: https://apps.apple.com/mx/app/p2pwificam2/id663665207 Software Link: App Store for iOS devices Tested Version: 10.4.1 Vulnerability Type: Denial o...