Mozilla Firefox ESR Security Advisories (MFSA2018-08, MFSA2018-08) - Mac OS X

Mozilla Firefox ESR is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...

CVE-2017-0915

CVE-2017-0915 affects GitLab Community Edition 10.2.4, due to a lack of input validation in GitlabProjectsImportService, enabling remote code execution. Public/connected sources confirm arbitrary code execution via project import; remediations in the supplied docs point to upgrading to fixed GitL...

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

Remote Code Execution (RCE)

apache-syncope is vulnerable to remote code execution RCE attacks. A malicious administrator user can with report and template permissions can use XSL Transformations XSLT to inject and execute arbitrary code...

Unitrends UEB 10.0 - Root Remote Code Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

Cross-site Request Forgery (CSRF)

ajenti is vulnerable to cross-site request forgery CSRF attacks. Using this vulnerability, attackers can perform remote code execution RCE attacks and any other action that a user of that level may be able to do on a server...

Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

// Exploit Title: RCE in PATCH requests in Spring Data REST // Date: 2018-03-10 // Exploit Author: Antonio Francesco Sardella // Vendor Homepage: https://pivotal.io/ // Software Link: https://projects.spring.io/spring-data-rest/ // Version: Spring Data REST versions prior to 2.6.9 Ingalls SR9,...

CVE-2018-0934

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872,...

Microsoft Office Web Apps Server 2013 RCE And Information Disclosure Vulnerabilities (KB4011692)

This host is missing an important security update according to Microsoft KB4011692 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux

Adobe Flash Player is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X

Adobe Flash Player is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities (APSB18-05) - Windows

Adobe Flash Player is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash Player Multiple Remote Code Execution Vulnerabilities (APSB18-05) - Windows

Adobe Flash Player is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net

! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...

Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution Exploit

Exploit for windows platform in category web applications !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.3 webvrpcs Directory Traversal RCE Vulnerability Date: 03-11-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...

MikroTik RouterOS &lt; 6.38.4 (MIPSBE) - &#039;Chimay Red&#039; Stack Clash Remote Code Execution

!/usr/bin/env python3 Mikrotik Chimay Red Stack Clash Exploit by BigNerd95 Tested on RouterOS 6.38.4 mipsbe using a CRS109 Used tools: pwndbg, rasm2, mipsrop for IDA I used ropper only to automatically find gadgets ASLR enabled on libs only DEP NOT enabled import socket, time, sys, struct, re fro...

CVE-2017-17146

CVE-2017-17146 affects Huawei DP300 V500R002C00. The vulnerability is a buffer overflow in the XML parser caused by insufficient input validation. An authenticated local attacker can craft specific XML payloads to the device, which may lead to DoS or remote code execution. The issue is documented...

PostgreSQL RCE Vulnerability (Feb 2018) - Windows

PostgreSQL is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...