H2 Database 1.4.196 Remote Code Execution

Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux CVE: N/A This takes...

Brave Software: chrome://brave navigation from web

Summary: It's possible to navigate to the infamous 'chrome://brave' and all other privileged page from web, requiring only a single click. This is possible by opening popups with the 'noopener' attribute. Products affected: Brave: 0.24.0 V8: 6.9.427.23 rev: f657f15bf7e0e0c50a2b854c6b05edb59bfc556...

h1-5411-CTF: Remote Command Execution in a internal server to get the flag file

Summary: After source code disclosure using a LFI vulnerability and using PHP object injection with XXE I was able to find an internal service at port 1337. Using the SSRF through XXE I sent a HTTP request to this internal service and discovered a python object injection using status parameter,...

h1-5411-CTF: RCE via Local File Read -> php unserialization-> XXE -> unpickling

Summary: It was possible to escalate to Remote Code Execution via different bugs such as local file read, php object injection, XML External Entity and Un-Pickling of Python serialized object. Description: Using local file read it was discovered that the php code was vulnerable to php object...

Brave Software: RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context

Summary: \395737 has shown that Brave supports chrome://brave/ URLs. The Brave team introduced a patch which blocks navigation to chrome://brave and removed chrome.remote.require to prevent command execution on the machine. Navigation to chrome://brave via shortcut files From my understanding: 1...

Brave Software: chrome://brave can still be navigated to, leading to RCE

Summary: 'chrome://brave' can be navigated to using the middle mouse click or normal click with CTRL held IFF coming from a bookmark. I am also using a small bug to actually trick a user into bookmarking our crafted URL through drag and drop. Products affected: Brave: 0.24.0 V8: 6.9.427.23 rev:...

CVE-2018-14819

CVE-2018-14819 affects Fuji Electric V-Server (VPR) 4.0.3.0 and earlier. The vulnerability is an out-of-bounds read in VPR file parsing that can lead to remote code execution. Public sources describe it as exploitable remotely with conditions implying user interaction in some reports, and multipl...

PHPMailer < 5.2.10 'html2text' Library RCE Vulnerability

PHPMailer is prone to a remote code execution RCE vulnerability within the shipped Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

LG SuperSign EZ CMS 2.5 - Remote Code Execution

LG SuperSign EZ CMS 2.5 - Remote Code Execution Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution Date: 2018-09-18 Exploit Author: Alejandro Fanjul Vendor Homepage:https://www.lg.com Software Link: https://www.lg.com/ar/software-lg-supersign Version: SuperSignEZ 1.3 Tested on: LG Web...

Moodle 3.x PHP Unserialize Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...

Moodle 3.x PHP Unserialize Remote Code Execution Exploit

Exploit for php platform in category web applications ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...

Snap Creek Duplicator RCE

The Snap Creek Duplicator plugin for Wordpress enables the possibility for code execution after a backup has been created. This affects versions prior to v1.2.42. Recent assessments: space-r7 at May 09, 2019 5:57pm UTC reported: Details With over 1 million installations of this plugin in Wordpres...

SRC-2019-0020 : Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the getSingleIndex...

Old WordPress Plugin Being Exploited in RCE Attacks

Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins earlier than version 1.2.42 are vulnerable to the...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists due to a possible bypass in the BailOutOnInvalidatedArrayHeadSegment check, causing RCE attacks...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the lack of array guards used in the asmjs on x86, allowing RCE attacks...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to a remote code execution RCE attack. The library does not validate the head segment of an array before allocating memory during the deep copying of an array, leading to a use-after-free when the copied array is referenced afterwards that can cause arbitrary co...

VBScan 0.1.8 - Black Box vBulletin Vulnerability Scanner

OWASP VBScan short for VBulletin Vulnerability Scanner is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project ...

CVE-2018-8439

CVE-2018-8439 describes a remote code execution vulnerability in Microsoft Windows Hyper‑V. The issue arises when Hyper‑V on a host fails to properly validate input coming from an authenticated user on a guest operating system. Affected products include Windows Server 2012 R2, Windows RT 8.1, Win...

CVE-2018-0965

CVE-2018-0965 describes a remote code execution vulnerability in Windows Hyper‑V, triggered when a host server fails to properly validate input from an authenticated user on a guest OS. Affected products include Windows Server 2016 and Windows 10/Windows 10 servers. The root cause is improper inp...