Microsoft Windows 缓冲区错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. Microsoft Windows has a buffer error vulnerability. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Windows App Client f...

Microsoft Windows NTLM 信息泄露漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. Microsoft Windows NTLM has a vulnerability that allows for information leakage. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are...

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Windows 10 Version...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability related to access control in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windo...

Microsoft Windows Kerberos 安全漏洞

Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft Corporation.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications via a key system. A security vulnerability exists i...

Microsoft Windows USB Attached SCSI Security Vulnerability

Microsoft Windows USB Attached SCSI is a protocol for USB storage devices from Microsoft USA. A security vulnerability exists in Microsoft Windows USB Attached SCSI. An attacker could exploit the vulnerability to remotely execute code. The following products and editions are affected: Windows...

Microsoft Windows Remote Procedure Call Runtime 安全漏洞

Microsoft Windows Remote Procedure Call Runtime is a powerful technology for creating distributed client/server programs from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Remote Procedure Call Runtime. An attacker could exploit this vulnerability to cause a deni...

Microsoft Windows Win32K 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32K. The following products and versions are affected:Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607...

Microsoft Windows Kerberos 安全漏洞

Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft Corporation.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications via a key system. A security vulnerability exists i...

Microsoft Windows OLE 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows OLE. The following products and editions are affected:Windows Server 2008 for 32-bit Systems Service Pack 2 Serve...

Microsoft Windows Hyper-V 信息泄露漏洞

Microsoft Windows Hyper-V is an application from Microsoft USA. A system hypervisor virtualization technology that enables desktop virtualization. An information disclosure vulnerability exists in Microsoft Windows Hyper-V. The following products and editions are affected: Windows 10 Version 21H1...

Microsoft Lightweight Directory Access Protocol 输入验证错误漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. An input validation error vulnerability exists in Microsoft Lightweight Directory Access Protocol. The following products and editions...

Build Smart ERP 21.0817 - (eidValue) SQL Injection Vulnerability

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 R2 or 8.1 &...

Metasploit Wrap-Up

Eternal Blue improvements Prior to this release Metasploit offered two separate exploit modules for targeting MS17-010, dubbed Eternal Blue. The Ruby module previously only supported Windows 7, and a separate ms17010eternalbluewin8 Python module would target Windows 8 and above. Now Metasploit...

Microsoft Windows GDI+ Information Disclosure Vulnerability

Microsoft Windows GDI+ is a graphical device interface for the Windows operating system from Microsoft USA. The software is part of the .NET Framework and is responsible for drawing graphical images and displaying information on screens and printers. An information disclosure vulnerability exists...

SMB12 Information Gathering Exploit

SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version only supported by SMB1 as per protocol definition, DNS computer name, DNS domain name, NetBIOS computer name and NetBIO...

Microsoft Windows 2012 R2 x64 - (MMC) DoS Vulnerability

Document Title: =============== Microsoft Windows 2012 R2 x64 - MMC DoS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2235 MSRC ID: 58288 Vulnerability Magazine:...

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution

!/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html Version: Oracl...

PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Vulnerability

Exploit for multiple platform in category web applications Exploit Author: bzyo CVE: CVE-2018-19936 Twitter: @bzyo Exploit Title: PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Date: 12-07-18 Vulnerable Software: PrinterOn Enterprise 4.1.4 Vendor Homepage: https://www.printeron.com/ Version...