Uniview - Remote Command Execution Export Config (PoC)

Uniview - Remote Command Execution Export Config PoC STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...

CVE-2017-5113

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

X (Formerly Twitter): OS Command Execution on User's PC via CSV Injection

Summary: Twitter is vulnerable to CSV Injection. If an attacker can successfully exploit this, then they will compromise the PC of the user. The injection point is via a tweet on the main twitter.com site while the retrieval point is via the “Export Data” option on the analytics site. Description...

TP-Link WR940N - (Authenticated) Remote Code

TP-Link WR940N - Authenticated Remote Code import urllib2 import base64 import hashlib from optparse import import sys import urllibbanner = "\n" "WR940N Authenticated Remote Code Exploit\n" "This exploit will open a bind shell on the remote target\n" "The port is 31337, you can change that in th...

CVE-2017-2880

An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability...

CVE-2017-2920

An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file t...

CVE-2017-2920

An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file t...

Article Directory Script 3.0 SQL Injection

Exploit Title: Article Directory Script 3.0 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.yourarticlesdirectory.com/ Software Link: http://www.yourarticlesdirectory.com/ Demo: http://www.yourarticlesdirectory.com/livedemo.php Version: 3.0 Category: Webapps Tested on:...

CVE-2017-14510

SugarCRM prior to 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26) contains an unauthenticated cross-site scripting (XSS) vulnerability in the WebToLeadCapture feature. The issue is mitigated by proper validation of redirect URL values. No exploitation ...

Theater Management Script - SQL Injection

Theater Management Script - SQL Injection Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo:...

Windows GDI+ Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could...

Command injection

XSS persistent on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated b...

Heap overflow

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

Logic Vulnerability in Growatt Monitoring System App for Android

Growatt Monitoring System is a remote data monitoring center system for PV power plants developed by Grunewald. The system displays PV plant operation data through intuitive charts and graphs, including power plant power generation, revenue, CO2 emission reduction benefits, equipment operation...

Analysis of Ronggolawe Ransomware and How to Block It

In the last few years ransomware attacks have been significantly on the rise. This infamous trend began by targeting end point users’ machines, such as personal desktop and laptops. Later, it evolved and broadened the attack surface to target mobile phones and servers. Web Servers Not Immune to...

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

Researchers say a new exploitable attack vector for email, one that could enable the changing of email content content post-delivery, could let attackers bypass security controls and trick victims into clicking through to a malicious site. Details of the exploit called ROPEMAKER, which stands for...

Unikrn: Non-Cloudflare IPs allowed to access origin servers

Summary: Non-Cloudflare IPs allowed to access origin servers Description: Your origin servers are not blocking access from non-Cloudflare servers. This way crawlers can find your origin servers' IPs by checking random IPs until they found your origin servers. What makes this especially easy are...

The vulnerability of the getNodeSize function in the SQLite database management system allows attackers to carry out other attacks.

The vulnerability of the getNodeSize function in the SQLite database management system arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to exert other effects using the reduced size of RTree blobs within the...

Concrete CMS: Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload

Intro "Back to the Crayons" Type of issue: Core CMS issue Level of severity: External Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 July 8th Summary There is Stored XSS vulnerability in Private Messages 'Reply' feature, when original message is quoted in...