WebLog Expert Enterprise 9.4 Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Date: 03-31-2018 Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link: https://www.weblogexpert.com/download.htm Tested On:...

CVE-2018-7581

CVE-2018-7581 concerns WebLog Expert Web Server Enterprise 9.4. The vulnerability stems from weak file permissions on the WebServer.cfg in ProgramData\WebLog Expert\WebServer, allowing a local user to set a plaintext password and log in as admin (authentication bypass). Affected product is WebLog...

CVE-2018-7582

WebLog Expert Web Server Enterprise 9.4 is affected by a Remote Denial of Service vulnerability triggered by a long HTTP Accept header sent to TCP port 9991, causing daemon crashes. Public writeups and the NVD entry confirm the impact is a denial of service; an exploit exists (e.g., Exploit-DB pa...

WebLog Expert Enterprise 9.4 - Denial of Service

WebLog Expert Enterprise 9.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: ======= www.weblogexpert.c...