VENOM 1.0.15 - Metasploit Shellcode Generator/Compiler/Listener

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh injects the shellcode generated into one template example: python "the python funtion will execute the shellcode into ram" and uses compilers like gcc gnu cross compiler or...

CVE-2018-6569

West Wind Web Server 6.x does not require authentication for /ADMIN.ASP...

Debian: Security Advisory (DLA-1021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the...

CVE-2018-6460

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the...

CVE-2018-6460

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the...

CVE-2018-6460

Summary: CVE-2018-6460 affects Hotspot Shield, where a local web server (127.0.0.1:895) serves JSONP endpoints. The root cause is insufficient input filtering on the /status.js endpoint, allowing an unauthenticated POST with func=$_APPLOG.Rfunc to disclose sensitive machine data, including VPN st...

Hotspot Shield Information Disclosure

Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.”...

CVE-2018-4837

A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...

CVE-2018-4837

The connected sources confirm CVE-2018-4837 affects Siemens TeleControl Server Basic versions prior to 3.1, where a vulnerability in the webserver (ports 80/443) can cause a Denial-of-Service without affecting other functionality. The ICSA advisory reiterates this as a DoS risk via the webserver,...

OTRS 5.0.x/6.0.x - Remote Command Execution (1)

Exploit Title: OTRS 5.0.x/6.0.x - Remote Command Execution 1 Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-169...

EmbedThis GoAhead Null Pointer Dereference Vulnerability

EmbedThis GoAhead is small embedded web server. A null pointer dereference vulnerability exists in the CGI handler in EmbedThis GoAhead Webserver 4.0.0. An attacker could exploit this vulnerability to cause a memory corruption or denial of service...

CVE-2017-1000471

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...

Null pointer dereference

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...

CVE-2017-1000470

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...

CVE-2017-1000470

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...

Integer overflow

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...

CVE-2017-1000470

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...

CVE-2017-1000471

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...

CVE-2017-1000471

CVE-2017-1000471 affects EmbedThis GoAhead Webserver 4.0.0. Root cause: NULL pointer dereference in the CGI handler, leading to memory corruption or denial of service. Documents do not provide patch/version remediation details or explicit exploitation status.