DEBIAN-CVE-2020-11047

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetectrecvbandwidthmeasureresults. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0...

CVE-2019-16653

An application plugin in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to gain admin privileges...

CVE-2019-16652

The BPM component in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to execute arbitrary commands...

Command injection

The BPM component in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to execute arbitrary commands...

CVE-2019-16653

An application plugin in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to gain admin privileges...

CVE-2019-16653

Genius Bytes Genius Server (Genius CDDS) 3.2.2 contains an elevation of privilege issue in the usrInternalUsrCRUD plugin. Remote authenticated users can gain administrator privileges. Documented across NVD and regional advisories; exploitation details and fixes are not provided in the supplied so...

CVE-2019-16652

The BPM component in Genius Bytes Genius Server Genius CDDS 3.2.2 allows remote authenticated users to execute arbitrary commands...

CVE-2019-16652

The CVE-2019-16652 entry concerns Genius Bytes Genius Server (Genius CDDS) BPM component, version 3.2.2, where remote authenticated users can execute arbitrary commands. Multiple connected sources (CNVD-2020-27220; RH: CVE-2019-16652; NVD; CVE records) corroborate that a code/injection-style path...

DEBIAN-CVE-2020-12135

bson before 0.8 incorrectly uses int rather than sizet for many variables, parameters, and return values. In particular, the bsonensurespace parameter bytesNeeded could have an integer overflow via properly constructed bson input...

Arista restricted shell escape (with privesc)

This exploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell and TACACS+ read-only account to privilage escalate. A CVSS v3 base score of 9.8 has been assigned. This module requires Metasploit: https://metasploit.com/download Current source:...

Windows/x86 - MSVCRT System + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)

644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service. Exploit Title: Windows/x86 -...

CVE-2020-7212

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

DEBIAN-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

CVE-2019-11044

A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths...

Linux/x86 - (reboot) polymorphic Shellcode (26 bytes)

Exploit Title: Linux\x86 - 'reboot' polymorphic Shellcode 26 bytes Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot. Author: Upayan a.k.a. slaeryan Contact: email protected SLAE: 1525 Vendor Homepage: None Software Link: None Tested on: Linux x86 CVE: N/A / ;...

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)

210 bytes small WinExec add-admin dynamic null-free shellcode. // Shellcode Title: WinExec Add-Admin Dynamic Null-Free Shellcode 210 Bytes // Shellcode Author: Bobby Cooke // Date: March 21st, 2020 // Tested on: Windows 10 Home - 1909 x8664, Windows 10 Pro - 1909 x86 // Description: Windows...

Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure

!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

Visma Bug Bounty Program: Unrestricted file upload when creating quotes allows for Stored XSS

An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Utilizing this exploit an attacker can upload malicious content to the web server. First the system checks the MIME-Type, and if it fails too match Content-Type: application/pdf then the upload won't be processe...

The vulnerability of the wlc_wpa_plumb_gtk driver for Broadcom Wi-Fi devices allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the wlcwpaplumbgtk driver for Broadcom Wi-Fi devices is related to buffer overflows in the “heap”. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause a service failure by sending specially crafted Wi-Fi packets containing data...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2020-04068)

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in copycompressedbytes in decoder2007.c in LibreDWG 0.9.3.2564. An attacker can exploit this vulnerability to cause a buffer overflow or heap overflow, among other things...