TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow

TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow Author Grzegorz Wypych - h0rac TP-LINK TL-WR940N/TL-WR941ND buffer overflow remote shell exploit import requests import md5 import base64 import string import struct import socket password = md5.new'admin'.hexdigest cookie =...

Exodus Android Spyware Detection

The remote Android device seems to be infected by the Exodus spyware. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Fr...

[SECURITY] [DLA 1728-1] openssh security update

Package : openssh Version : 1:6.7p1-5+deb8u8 CVE ID : CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Debian Bug : 793412 919101 923486 Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer...

AutoRDPwn v4.8 - The Shadow Attack Framework

AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply...

Memu Play 6.0.7 - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7...

WordPress Booking Calendar 8.4.3 Plugin - Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version...

WordPress Booking Calendar 8.4.3 SQL Injection

Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...

DEBIAN-CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

How CB LiveOps Helps with Incident Response

Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...

PT-2019-6235 · Netkit · Netkit

Name of the Vulnerable Software and Affected Versions: NetKit versions through 0.17 Description: The issue allows a malicious rsh server or a Man-in-The-Middle attacker to overwrite arbitrary files in a directory on the rcp client machine due to the rcp client only performing cursory validation o...

WordPress WP-Ajax-Form-Pro 5.0.2 Shell Upload

Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org ajaxformpro.com Software Download Link : ajaxformpro.com Software Script Owner and...

WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Shell Upload

Exploit Title : WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org/support/plugin/fckeditor-for-wordpress-plugin Software Download Link :...

WordPress Monsters-Editor-10-For-WP-Super-Edit 2.3.1 Shell Upload

Exploit Title : WordPress Monsters-Editor-10-For-WP-Super-Edit Plugins 2.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : thedevcouple.com wordpress.org/plugins/monsters-editor-10-for-wp-super-edit/...

WordPress Sem-Wysiwyg 1.0 Shell Upload

Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress ChenPress 3.1.1 Shell Upload

Exploit Title : WordPress ChenPress Plugins 3.1.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org groups-beta.google.com/group/ChenPress Software Download Link :...

Apache Superset 0.23 - Remote Code Execution

Apache Superset 0.23 - Remote Code Execution Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' +...

OCS Inventory NG <= 2.5.0 Remote Shell Upload Vulnerability

OCS Inventory NG is prone to a remote shell upload vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the Remote Shell (RSH) service on the JunOS operating system allows a hacker to gain access to devices with root privileges.

The vulnerability of the Remote Shell RSH service in the JunOS operating system is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to gain access to the device with root privileges...