Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Reolink E1 Zoom Camera Vendor URL: https://reolink.com/product/e1-zoom/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2021-08-26 Date published:...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:1768-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1768-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES12 Security Update : php7 (SUSE-SU-2022:1764-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1764-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES12 Security Update : php72 (SUSE-SU-2022:1714-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1714-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

php: Local privilege escalation via PHP-FPM

php-fpm has a vulnerability which may lead to local privilege escalation. This vulnerability is hard to exploit as the attack needs to escape the FPM sandbox mechanism. When a complete attack is achieved it may lead to risk for confidentiality, data integrity, and system availability...

Cross-site Scripting (XSS)

Overview std/net/http/fcgi is a Go standard library package std/net/http/fcgi Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which...

DEBIAN-CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...

PHP 缓冲区错误漏洞

PHP is a scripting language that executes on the server side. PHP suffers from a buffer error vulnerability that could allow an attacker to bypass PHP's access restrictions via FPM in order to read or alter data...

Mail.ru: SSRF + RCE через fastCGI в POST /api/nr/video

Domain, site, application -- app.nativeroll.tv Steps to reproduce -- 1. Традиционно нужен аксес токен от аккаунта паблишера, можно зарегистрировать здесь https://seedr.ru/register-user/publisher 2. Войти как паблишер https://seedr.ru/login/publisher 3. Поперехватывать запросы, получить токен. 4...

Gopherus

This is an analysis of the provided repository, specifically focusing on the Gopherus tool. Classification: The Gopherus tool is a proof-of-concept exploit for various vulnerabilities, including SSRF Server-Side Request Forgery and RCE Remote Code Execution. Primary Vulnerability: The primary...

Gopherus

This is a Python script for a tool called Gopherus, which is used to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...

D-Link DIR-3060 授权RCE漏洞（CVE-2021-28144）

Advisory: D-Link DIR-3060 Authenticated RCE CVE-2021-28144 MARCH 11, 2021 Overview The D-Link DIR-3060 running firmware versions below v1.11b04 is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary syst...

PT-2022-6828 · Haproxy +6 · Haproxy +6

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.1 through 2.7 before 2.7.1 HAProxy version 2.2 before 2.2.27 HAProxy version 2.3 HAProxy version 2.4 before 2.4.21 HAProxy version 2.5 before 2.5.11 HAProxy version 2.6 before 2.6.8 Description: An information leak issue wa...

golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS

A flaw was found in the Go standard library packages before upstream versions 1.15 and 1.14.8. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". This flaw allows an attacker to exploit this issue in...

WonderCMS 3.1.3 Code Execution / Server-Side Request Forgery

Exploit Title: WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu...

WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu...

Exploit for Out-of-bounds Write in Php

CVE-2019-11043 PHP-FPM Remote Code Execution Screencast: htt...

Gopherus

This is a Python script for a tool called Gopherus, which is used to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...

Go CGI / FastCGI Transport Cross Site Scripting

Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return...

Quiz and Survey Master < 7.0.2 - Unauthenticated Arbitrary File Upload

Because the plugin doesn't validate the name of the uploaded file, an unauthenticated user could upload a PHP script with a double extension, e.g., script.php.jpg, and execute it on HTTP servers running a configuration such as Apache + PHP FastCGI. Edit WPScanTeam: This appears to be due to an...