ThinkPHP 5.X - Remote Command Execution

ThinkPHP 5.X - Remote Command Execution Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None...

ThinkPHP 5.X - Remote Command Execution

Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection...

ThinkPHP 5.x Remote Command Execution

Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection...

ThinkPHP 5.X - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: thinkphp 5.X RCE Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None...

Fedora 28 : php-horde-Horde-Image (2019-944ff52ce6)

HordeImage 2.5.4 - mjr SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. - mjr SECURITY: Sanitize image type parameter PR: 2, Fariskhi Vidyan. - mjr Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend...

Fedora 29 : php-horde-Horde-Image (2019-89c1abeac9)

HordeImage 2.5.4 - mjr SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. - mjr SECURITY: Sanitize image type parameter PR: 2, Fariskhi Vidyan. - mjr Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend...

Authentication flaw

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

CVE-2018-5403

CVE-2018-5403 affects Imperva SecureSphere gateway (GW) running v13. The vulnerability allows remote code execution via specially crafted requests to the web access management interface, applicable for both pre-First Time Login and post-First Time Login (FTL) when an attacker knows the basic auth...

Remote Code Execution (RCE)

xterm is vulnerable to remote code execution attacks. The vulnerability exists when xterm mishandles special characters, allowing RCE attacks...

Juniper Junos Packet Forwarding Engine Potential RCE (JSA10906)

According to its self-reported version number, the remote Junos device is affected by a potential remote code execution vulnerability due to how the Packet Forwarding Engine manager FXPC handles HTTP packets. An attacker could potentially crash the fxpc daemon or execute code. C Tenable Network...

CVE-2019-0581

CVE-2019-0581 is a Windows Jet Database Engine remote code execution vulnerability arising from improper handling of objects in memory. Affected products include multiple Windows versions (e.g., Windows 7, Server 2008/2012/R2, 8.1, 10, and server editions). The connected documents corroborate tha...

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

Zerodium Raises Zero-Day Payout Ceiling to $2M

Exploit acquisition vendor Zerodium said Monday that it is upping its payouts for full, working exploits across its entire program. It’s now paying $2 million for remote iOS jailbreaks, $1 million for WhatsApp/iMessage/SMS/MMS remote code-execution RCE and a half-million for Google Chrome RCEs. T...

CVE-2018-1000878

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be...

WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

WordPress UserPro Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

Wordpress UserPro < 4.9.21 Plugin - User Registration Privilege Escalation Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

Deserialisation Of Untrusted Data

jackson-databind can deserialize untrusted data. The vulnerability exists as the SubtypeValidator blacklist did not deny the axis2-transport-jms class from polymorphic deserialization, allowing issues such as remote code execution RCE to exist...

Fedora 28 : perl-Dancer2 (2018-ded377a782)

Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...

Ruby on Rails: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)

Since ActiveSupport::MessageVerifier and ActiveSupport::MessageEncryptor use Marshal as the default serializer, I confirmed that RCE is possible by object injection. ruby https://github.com/rails/rails/blob/v5.2.2/activesupport/lib/activesupport/messageverifier.rbL110 def initializesecret, option...