CVE-2013-7071

CVE-2013-7071 affects Monitorix prior to 3.4.0. The vulnerability is a Cross-site Scripting (XSS) in the handle_request function of lib/HTTPServer.pm, exploitable via PATH_INFO to inject arbitrary web scripts or HTML. Remediation in the connected data shows Fedora/monitorix updates (e.g., monitor...

CVE-2013-7070

CVE-2013-7070 affects Monitorix prior to version 3.3.1. The handle_request function in lib/HTTPServer.pm allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. Documented impact is remote code execution with high confidentiality, integrity, and availability imp...

CVE-2013-7070

The handlerequest function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI...

oXygen XML Editor 21.1.1 - XML External Entity Injection

oXygen XML Editor 21.1.1 - XML External Entity Injection Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version:...

WinRAR 5.80 XML Injection

Exploit Title: winrar External Entity Injection Exploit Author: albalawi-s Vendor Homepage: https://win-rar.com Software Link: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit https://twitter.com/testapp poc...

Moderate severity vulnerability that affects io.vertx:vertx-core

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

Episerver 7 patch 4 - XML External Entity Injection

Episerver 7 patch 4 - XML External Entity Injection Exploit Title: Episerver 7 patch 4 - XML External Entity Injection Google Dork: N/A Date: 2018-08-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.episerver.se/ Version: Episerver 7 patch 4 and below CVE : N/A episploit.py - Blind XXE...

CVE-2018-12537

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

Design/Logic Flaw

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

CVE-2018-12537

CVE-2018-12537 affects Eclipse Vert.x core: HTTP header processing in Vert.x HttpServer and HttpClient between Vert.x 3.0 and 3.5.1 does not filter CRLF characters, enabling injection of arbitrary HTTP headers in requests/responses. The issue stems from improper CRLF neutralization. Red Hat’s adv...

CVE-2018-12537

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

Insteon Hub HTTPExecuteGet Firmware Update host Parameter Buffer Overflow Vulnerability

Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET...

Insteon Hub HTTPExecuteGet Firmware Update Information Leak Vulnerability

Summary An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can sen...

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)

Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. , 'License' = MSFLICENSE, 'Author' = 'Dhiraj Mishra'...

Microsoft Office DDE Payload Delivery Exploit

This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Microsoft Office - Dynamic Data Exchange 'DDE' Payload Delivery (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office DDE Payload Delivery', 'Description' = %q This module generates an DDE command to place within a word document, that when...

DblTek Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 1...

CVE-2017-16806

CVE-2017-16806 affects Ulterius Server prior to 1.9.5.0. The vulnerability lies in the Process function of RemoteTaskServer/WebServer/HttpServer.cs, enabling HTTP directory traversal and arbitrary file access. Public references corroborate directory traversal with potential file download from ind...

Windows Browser Example Exploit

This template covers IE8/9/10, and uses the user-agent HTTP header to detect the browser version. Please note IE8 and newer may emulate an older IE version in compatibility mode, in that case the module won't be able to detect the browser correctly. This is an example Metasploit module to be used...

HttpServer 1.0 Directory Traversal

Exploit Title: HttpServer 1.0 DolinaySoft Directory Traversal Date: 2017-03-19 Exploit Author: malwrforensics Software Link: http://www.softpedia.com/get/Internet/Servers/WEB-Servers/HttpServer.shtmldownload Version: 1.0 Tested on: Windows Exploiting this issue will allow an attacker to view...