Code injection

An issue was discovered in Eaton xComfort Ethernet Communication Interface ECI Versions 1.07 and prior. By accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access files without authenticating...

CVE-2016-9368

An issue was discovered in Eaton xComfort Ethernet Communication Interface ECI Versions 1.07 and prior. By accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access files without authenticating...

Attacks Heating Up Against Apache Struts 2 Vulnerability

Public attacks and scans looking for exposed Apache webservers have ramped up dramatically since Monday when a vulnerability in the Struts 2 web application framework was patched and proof-of-concept exploit code was introduced into Metasploit. The vulnerability, CVE-2017-5638, was already under...

Evostream Media Server 1.7.1 (x64) - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Evostream Media Server 1.7.1 – Built-in Webserver DoS Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://evostream.com/software-downloads/ Version: 1.7.1 Tested on:...

Evostream Media Server 1.7.1 Denial Of Service

Exploit Title: Evostream Media Server 1.7.1 a Built-in Webserver DoS Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://evostream.com/software-downloads/ Version: 1.7.1 Tested on: Windows Server 2008 R2 Standard x64 CVE : CVE-2017-64...

Fully Featured Backdoor – Telegram C&C: BrainDamage

A python based backdoor which uses Telegram as C&C server. Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree...

HiSilicon ASIC Firmware Multiple Vulnerabilities (Feb 2017) - Active Check

HiSilicon ASIC firmware are prone to multiple vulnerabilities: 1. Buffer overflow in built-in webserver 2. Directory path traversal built-in webserver SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

CVE-2016-9332

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition...

Race condition

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition...

CVE-2016-9332

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition...

WordPress: Wordpress unzip_file path traversal

Summary The Wordpress unzipfile function https://codex.wordpress.org/FunctionReference/unzipfile is vulnerable to path traversal when extracting zip files. Extracting untrusted zip files using this function this could lead to code execution through placing arbitrary PHP files in the DocumentRoot ...

Directory traversal

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @psychomantis was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @psychomantis!...

EasyPHP Webserver 14.1b2 Privilege Escalation

Exploit Title: EasyPHP-Webserver Service - Privilege Escalation Date: date Exploit Author: Owais Mehtab, Tayeeb Rana Vendor Homepage: www.easyphp.org/ Software Link: http://www.easyphp.org/easyphp-webserver.php Version: 14.1b2 Tested on: Win7 Sp1 C:\Program Files...

Debian DSA-3764-1 : pdns - security update

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @hassaan was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @hassaan!...

U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

A misconfigured Department of Defense webserver improperly disclosed application information. @joshualaurencio was able to demonstrate this vulnerability by crafting specially formatted URLs...

U.S. Dept Of Defense: Blind SQLi in a DoD Website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive financial information. @akaki was able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you!...

Microsoft Edge (Windows 10) - chakra.dll Information Leak Type Confusion Remote Code Execution

Microsoft Edge Windows 10 - chakra.dll Information Leak Type Confusion Remote Code Execution Source: https://github.com/theori-io/chakra-2016-11 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40990.zip chakra.dll Info Leak + Type Confusion fo...

PHPMailer Sendmail Argument Injection Exploit

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a...