AdminExpress 1.2.5 - 'Folder Path' Denial of Service (PoC)

-- coding: utf-8 -- !/usr/bin/python Exploit Title: AdminExpress 1.2.5 - Denial of Service PoC Date: 2019-04-12 Exploit Author: Mücahit İsmail Aktaş Software Link: https://admin-express.en.softonic.com/ Version: 1.2.5.485 Tested on: Windows XP Professional SP2 Description: 1 Click the "System...

AdminExpress 1.2.5 - Folder Path Denial of Service (PoC)

AdminExpress 1.2.5 - Folder Path Denial of Service PoC -- coding: utf-8 -- !/usr/bin/python Exploit Title: AdminExpress 1.2.5 - Denial of Service PoC Date: 2019-04-12 Exploit Author: Mücahit İsmail Aktaş Software Link: https://admin-express.en.softonic.com/ Version: 1.2.5.485 Tested on: Windows X...

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal an...

ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...

ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...

January 15, 2019—KB4480967 (OS Build 16299.936)

January 15, 2019—KB4480967 OS Build 16299.936 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus even...

Directory traversal

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory...

GOG Galaxy elevation of privilege vulnerability (CNVD-2019-39725)

GOG Galaxy is a game client program. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy that originates from a networked system or product that does not properly validate incoming data. An attacker can exploit the vulnerability to adjust folder...

Synology Router Manager Information Disclosure Vulnerability (CNVD-2019-08958)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. An information disclosure vulnerability exists in SYNO.FolderSharing.List in Synology SRM versions prior to 1.1.7-6941-2. The vulnerability, which originates from errors su...

CVE-2018-4050

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges...

Privilege escalation

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager SRM before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager SRM before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

PortSwigger Web Security: DLL Hijacking in Burp Suite Pro 2.0.19 Installer

I've found that the latest installer of Burp Suite Pro tries to load some DLLs from an unprotected folder. After providing it with admin privileges required to install it tries to load these DLLs: C:\Users\bortto\AppData\Local\Temp\e4jA5E5.tmpdir1553882416\jre\bin\WINMM.dll...

Sql injection

A SQL Injection issue was discovered in BlueCMS 1.6. The variable $adid is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes...

CVE-2019-10262

A SQL Injection issue was discovered in BlueCMS 1.6. The variable $adid is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes...

Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns

A recently discovered vulnerability in the WinRAR file archival utility has been exploited in a slew of new campaigns, including one with a never-before-seen payload. The flurry of activity shows no sign of waning as cybercriminals continue to find success exploiting the bug. The campaigns take...

The vulnerability of the NuGet package management system allows a hacker to alter the folder structure of a package.

The vulnerability of the NuGet package management system is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor, operating remotely, to alter the package’s folder structure...