11234 matches found
Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE
Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I...
Webgrind 1.1 Cross Site Scripting / Remote Code Execution
Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...
CVE-2023-25868 Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Adobe Substance 3D Stager versions 2.0.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
WebTareas 2.4 Remote Shell Upload
Exploit Title: WebTareas 2.4 - RCE Authorized Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10...
WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit
Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...
Zentao Project Management System 17.0 - Authenticated Remote Code Execution Exploit
Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution RCE Exploit Author: mister0xf Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit Tested Using: Pyth...
Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution Vulnerability
Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 10 using XAMPP Vulnerability...
Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)
Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...
Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)
Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution RCE Exploit Author: mister0xf Date: 2022-10-8 Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit...
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)
Exploit Title: MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution RCE Exploit Author: LiquidWorm MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP svdrpsend.sh Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4...
WebTareas 2.4 - RCE (Authorized)
Exploit Title: WebTareas 2.4 - RCE Authorized Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Unauthenticated RCE in Open Web Analytics versi...
Waf-Bypass - Check Your WAF Before An Attacker Does
WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...
Metasploit Weekly Wrap-Up
Zxyel Routers Beware This week we've released a module written by first time community contributor shr70 that can exploit roughly 45 different Zyxel router and VPN models. The module exploits a buffer overflow vulnerability that results in unauthenticated remote code execution on affected devices...
XSS to RCE found in Trilium
Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...
Joomla! 4.2.7 Unauthenticated Information Disclosure
!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...
KLA48688 RCE vulnerability in LibreOffice
Remote code execution vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Empty entry in Java class path risks arbitrary code execution Related products LibreOffice CVE list CVE-2022-38745 critical Solution Update t...
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Impact There is a Remote Code Execution RCE Vulnerability on the management system of baserCMS. Target baserCMS 4.7.3 and earlier versions Patches Update to the latest version of baserCMS Credits 島峰泰平@三井物産セキュアディレクション株式会社...
CVE-2023-25654
The CVE-2023-25654 entry affects baserCMS prior to version 4.7.5, revealing a Remote Code Execution (RCE) vulnerability in the management system. The incident is documented across multiple sources (NVD/Red Hat/EUVD/GHSA) indicating a total impact if exploited, with a released patch in baserCMS 4....