Remote code execution

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit...

CVE-2022-1519

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit...

Unspecified vulnerability in qutebrowser (CNVD-2021-100609)

qutebrowser is an open source keyboard browser based on Python and PyQt5. A security vulnerability exists in qutebrowser, which can be exploited by attackers to execute arbitrary code...

Inefficient Regular Expression Complexity in tapjs/tap-mocha-reporter

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in tap-mocha-reporter. The ReDoS vulnerability is mainly due to the regex /^\s+|\s+$|/g and can be exploited with the following code. Proof of Concept // PoC.js var tapMochaReporter =...

CVE-2021-39181

OpenOlat (web-based LMS) is affected prior to versions 15.3.18, 15.5.3, and 16.0.0. The vulnerability lets an attacker with an authoring-role OpenOlat account instantiate any Java class on the classpath via a prepared import XML file (e.g., a course), enabling arbitrary code execution. The underl...

FileCOPA FTP Server 1.01 Denial Of Service Exploit

!/usr/bin/perl e-mail: email protected Date: 04/06/2021 Version Vulnerable: FileCOPA FTP Server 1.01 OS Tested: Windows XP PACK 3 Brazilian e Windows 2000 Youtube video: https://youtu.be/A9cEoyY9Bd4 badchars \0x00\0x0a use Net::FTP; use Term::ANSIColor; $sis="$^O"; print $sis; if $sis eq "windows...

FFmpeg Buffer Overflow Vulnerability (CNVD-2021-25376)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A buffer overflow vulnerability exists in the sniffchannelorder function in aacdectemplate.c in FFmpeg 3.1.2. An attacker can exploit this...

Online Faculty Clearance System 1.0 Shell Upload

Exploit Title: Online Faculty Clearance System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/onlineclearance0.zip Version: 1.0 Tested on Windows 10 @Vulnerable Source Code...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307 Remote Code Exploit in Lucee Admin

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307

CVE-2021-21307 : Lucee Admin has an unauthenticated remote code execution vulnerability in Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. The issue is fixed in those versions; a workaround is to block access to the Lucee Administrator. Public exploitation templates (e.g., an unordere...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2020-3681

CVE-2020-3681 affects HPAV2 systems according to multiple sources in the provided documents. The vulnerability allows forging authenticated and encrypted payload MMEs that can be remotely sent to the device over the network, enabled by a jailbreak key recoverable from code. The root cause and aff...

Mozilla Firefox < 72.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 72.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-01 advisory. - Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard, and Christian Holler reported...

KLA11533 Multiple vulnerabilities in Microsoft Browsers

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in Microsoft...

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)

include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize = SizeofResourcehMod, res; void dllBuff = LoadResourcehMod, res; HANDLE...

Wages table actually into hacking weapons Flash emergency patch-bug warning-the black bar safety net

6 month 7 day night, the official Adobe announcement, announced the emergency release security patches fix latest be found the Flash of high-risk vulnerabilities, and the discovery of this vulnerability using the 360 core security advanced Threat Response Team public Acknowledgements. As the...

Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...

Netis WF2419 Router - Cross-Site Request Forgery

Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on: Windows 10 Technical Details & Descriptio...