Thomson Reuters Concourse And Firm Central Local File Inclusion / Directory Traversal

Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Date: 02/13/2019 Exploit Author: 0v3rride Vendor Homepage: https://www.thomsonreuters.com/en.html Software Link: Firm Central...

Thomson Reuters Concourse & Firm Central 2.13.0097 Directory Traversal / Local File Inclusion

Exploit for windows platform in category web applications ''' Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Exploit Author: 0v3rride Vendor Homepage: https://www.thomsonreuters.com/en.html Software Link: Firm Central...

Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion

Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion ''' Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Date: 02/13/2019 Exploit Author: 0v3rride Vendor Homepage:...

Semmle: Unprotected Api EndPoints

Summary: I am able to automate the get/post requests of the following api end-points with a python script which can lead to heavy load to server resulting in dos attack or buffer overflow. /internalapi/v0.2/getSuggestedProjects /internalapi/v0.2/getLanguages /internalapi/v0.2/getLoggedInUser...

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service

Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit Date: 16.03.2019 Vendor Homepage:http://www.winavi.com Software Link: http://www.winavi.com/user/download/WinAVIiPod3GPMP4PSPConverter.exe Exploit Author: Achilles Tested Version: 4.4.2 Tested on: Windows XP SP3 EN Windows 7...

Mail Carrier 2.5.1 Buffer Overflow

Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None !/usr/bin/python This script started from PWK, Chapter 6 I a...

TransMac 12.3 Denial Of Service

-- coding: utf-8 -- Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service PoC Date: 27/02/2019 Author: Alejandra SA!nchez Vendor Homepage: https://www.acutesystems.com/ Software Link: https://www.acutesystems.com/tmac/tmsetup.exe Version: 12.3 Tested on: Windows 10 Proof of Concept: 1.-...

FTP Server 1.32 - Denial of Service

!/usr/bin/env python coding: utf-8 Author: Marcelo Vázquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo Vázquez aka s4vitar Vendor: The Olive Tree Software Link:...

MGASA-2019-0102 Updated libreoffice packages fix security vulnerability

Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document CVE-2018-16858. The libreoffice package has been updated to version 6.1.5.2, fixing this issue, and including several other bug fixes and...

WinRAR 5.61 - Path Traversal

!/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below targetfilename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Sta...

Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max Version .0a Tested on: Win XP SP3 CVE : N/A...

Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)

-- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudiox64lin-deb?format=raw Version:...

Virtual VCR Max .0a - .vcr Buffer Overflow (PoC)

Virtual VCR Max .0a - .vcr Buffer Overflow PoC !/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max...

Virtual VCR Max .0a Buffer Overflow

!/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max Version .0a Tested on: Win XP SP3 CVE : N/A...

Valentina Studio 9.0.5 Linux - Host Buffer Overflow (PoC)

Valentina Studio 9.0.5 Linux - Host Buffer Overflow PoC -- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link:...

NBMonitor 1.6.5.0 - Key Denial of Service (PoC)

NBMonitor 1.6.5.0 - Key Denial of Service PoC -- coding: utf-8 -- Exploit Title: NBMonitor 1.6.5 - 'Key' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Version: 1.6.5....

Digi TransPort LR54 Restricted Shell Escape Vulnerability

Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell. CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry,...

VSCO 1.1.1.0 - Denial of Service (PoC)

Exploit Title: VSCO 1.1.1.0 - Denial of Service PoC Date: 2/14/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NC1RLNH76PB Version: 1.1.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file...

VSCO 1.1.1.0 Denial Of Service

Exploit Title: VSCO 1.1.1.0 - Denial of Service PoC Date: 2/14/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NC1RLNH76PB Version: 1.1.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file...

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...