D-Link DIR-868L StarHub Firmware RCE Vulnerability

D-Link DIR-868L devices are prone to a pre-authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

H2 Database - 'Alias' Arbitrary Code Execution

''' Exploit Title: H2 Database Alias Abuse Date: 05/04/2018 Exploit Author: gambler Vendor Homepage:www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux, Mac OS ''' import sys import argparse import html import requests Blogpost abo...

LineageOS 14.1 Blueborne - Remote Code Execution Vulnerability

Exploit for Android platform in category remote exploits Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing...

LineageOS 14.1 Blueborne - Remote Code Execution

LineageOS 14.1 Blueborne - Remote Code Execution Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and...

LineageOS 14.1 Blueborne - Remote Code Execution

Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing purposes ONLY. Code in exp4.py More info in...

Microsoft Malware Protection Engine on Windows Defender RCE Vulnerability (Apr 2018)

This host is missing a critical security update according to Microsoft Security Updates released for Microsoft Malware Protection Engine dated 03-04-2018 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Microsoft Security Essentials RCE Vulnerability (Apr 2018)

This host is missing a critical security update according to Microsoft Security Updates released for Microsoft Malware Protection Engine MPE dated 03-04-2018 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)

According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108811;...

CVE-2018-9156

AXIS P1354 IP camera (Firmware 5.90.1.1) is affected by CVE-2018-9156 due to an upload page that does not verify file types, enabling a webshell upload via fileUpload.shtml for a custom .shtml file. The shell can be interpreted by Apache mod_include (

Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow

Exploit for windows platform in category remote exploits !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...

Advantech WebAccess webvrpcs Buffer Overflow

!/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...

Drupal 8.5.x < 8.5.1 RCE

Binary data 700230.prm...

Drupal 7.x < 7.58 RCE

Binary data 700224.prm...

Exodus Wallet (ElectronJS Framework) - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code...

TestLink Open Source Test Management Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

Shopware Server Side Template Injection RCE

Remote command execution vulnerability in Shopware getTemplateName Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

MikroTik RouterOS < 6.41.3 RCE Vulnerability

MikroTik RouterOS is prone to a remote code execution RCE vulnerability in the SMB service. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

HPE Operations Orchestration RCE Vulnerability (hpesbgn03767)

HPE Operations Orchestration is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

An application deserialization vulnerability was found in a misconfigured Department of Defense DoD website by @joaomatosf via POST/GET request. Impressive work. This showcases your skills! Thank you for supporting the DoD Vulnerability Disclosure Program!...

Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor...