188 matches found
mad-metasploit
This is a Metasploit custom module repository, mad-metasploit, which contains a collection of exploits and plugins for various vulnerabilities. The repository is maintained by hahwul and is available on GitHub. The repository includes a variety of exploits, including: AIX Calendar Manager Service...
Discourse < 2.5.0.beta6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
ENTTEC Lighting Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control...
exploit-database
This is an official Exploit Database repository, a collection of public exploits and vulnerable software. The repository is updated daily with the most recently added submissions. It includes a search utility called "searchsploit" that allows users to search through the exploits using one or more...
KLA11662 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An elevation...
KLA11615 PE vulnerability in PostgreSQL
Multiple serious vulnerabilities have been found in PostgreSQL. Vulnerabilities in core server and contrib module components can be exploit remotely to gain privileges. Original advisories https://www.postgresql.org/about/news/1998/ Related products PostgreSQL CVE list CVE-2019-3466 high Solution...
Western Digital My Book World II NAS 1.02.12 Hardcoded Credential Vulnerability
Western Digital My Book World II NAS versions 1.02.12 and below have a hard-coded ssh credential that allows for remote command execution. Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Exploi...
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, Nationa...
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...
Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs
More than a hundred vulnerabilities have been found in small office/home office SOHO routers and network-attached storage devices NAS from vendors that include Asus, Zyxel, Lenovo, Netgear and other top names, which open them up to remote attackers. That’s according to Independent Security...
Updated webmin packages fix security vulnerability
Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled CVE-2019-15107. Note that it is only vulnerable if changing of expired passwords is enabled, which is not the case by default...
ICSA-19-192-04 Siemens SIMATIC RF6XXR
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Siemens Equipment : SIMATIC RF6XXR Vulnerabilities : Improper Input Validation, Cryptographic Issues 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow access to...
Delta Industrial Automation CNCSoft
1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Delta Equipment: Delta Industrial Automation CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition that may...
OpenSSL Releases Security Advisory
OVERVIEW On June 5, 2014, OpenSSL announcedOpenSSL Security Advisory 05 Jun 2014, https://www.openssl.org/news/secadv20140605.txt, web site last accessed June 05, 2014. that they were releasing new versions that mitigate several additional vulnerabilities that were discovered since the last OpenS...
Synology Photo Station Multiple Vulnerabilities (Synology_SA_18_15)
Multiple vulnerabilities allow remote attackers to hijack the authentication of administrators or to conduct privilege escalation attacks via a susceptible version of Photo Station. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
Git < 2.17.1 - Remote Code Execution Exploit
Exploit for linux platform in category remote exploits...
Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars
Chinese security researchers have discovered more than a dozen vulnerabilities in the onboard compute units of BMW cars, some of which can be exploited remotely to compromise a vehicle. The security flaws have been discovered during a year-long security audit conducted by researchers from Keen...
WHP - Microsoft Windows Hacking Pack
M$ Windows Hacking Pack =========== Tools here are from different sources. The repo is generally licensed with WTFPL, but some content may be not eg. sysinternals. "pes" means "PE Scambled". It's useful sometimes. Remote Exploits =========== Windows 2000 / XP SP1 MS05-039 Microsoft Plug and Play...
Microsoft Windows Remote Assistance XXE Injection
Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident ------------------------ /xxe.xml" %remote;%root;%oob; xxe.xml ----------------------...
Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit
Exploit for windows platform in category remote exploits...