Microsoft Excel 2016 RCE Vulnerability (KB4011627)

This host is missing an important security update according to Microsoft KB4011627 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

AWStats < 7.7 Directory Traversal Vulnerability - Active Check

AWStats is vulnerable to a path traversal flaw in the handling of the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle WebLogic wls-wsat Component Deserialization RCE

The Oracle WebLogic WLS WSAT Component is vulnerable to a XML Deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Discovered by Alexey Tyurin of ERPScan and Federico Dotta of Media Service. Please note th...

Advantech WebAccess webvrpcs drawsrv SQLExecute Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27ea IOCTL in the webvrpcs process. The issue results...

Oracle WebLogic &lt; 10.3.6 - &#039;wls-wsat&#039; Component Deserialisation Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github: https://github.com/kkirsche/CVE-2017-10271 Exploit is based off of POC by Luffin fr...

Updated ncurses packages fix security vulnerabilities

Possible RCE via stack-based buffer overflow in the fmtentry function CVE-2017-10684. Possible RCE with format string vulnerability in the fmtentry function CVE-2017-10685. Illegal address access in appendacs CVE-2017-11112. Dereferencing NULL pointer in ncparseentry CVE-2017-11113. Fix infinite...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CVE-2017-10271 identification and exploitation. Unauthenticated...

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-28...

Tplink Interface Authenticated RCE

Tested product: TL-WVR450L Hardware version：V1.0 Firmware version: 20161125 The RSAEncryptionForTplink.js is use for Rsa Encryption to the password when login the web manager. You can download the RSAEncryptionForTplink.js by...

Tplink Bridge Authenticated RCE

Vulnerability: Command Injection in bridge.lua ------------------------------------------ Exploitation: Can remote command execution on the root shell. ------------------------------------------ Vendor of Product: Tp-Link router ------------------------------------------ Affected Products and...

Tplink Diagnostic Authenticated RCE

Vulnerability: Command Injection in diagnostic.lua ------------------------------------------ Exploitation: Can remote command execution on the root shell. ------------------------------------------ Vendor of Product: Tp-Link router ------------------------------------------ Affected Products and...

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-280 Date found: 2016-05-24 Date published: 2017-12-20 CVSS...

Vitek RCE and Information Disclosure

Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack:...

Vitek Remote Code Execution / Information Disclosure

STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack...

Ubiquiti UniFi Video 3.7.3 (Windows) Local Privilege Escalation

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-280 Date found: 2016-05-24 Date published: 2017-12-20 CVSS...

Vitek Remote Code Execution / Information Disclosure Vulnerabilities

Exploit for php platform in category remote exploits STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Ful...

Vitek - Remote Command Execution Information Disclosure (PoC)

Vitek - Remote Command Execution Information Disclosure PoC STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22,...

Trend Micro InterScan Messaging Security Virtual Appliance WizardSetting_sys.imss RCE

Remote command execution vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance WizardSettingsys.imss sysdesname parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Oracle WebLogic wls-wsat RCE(CVE-2017-10271)

漏洞描述 黑客利用WebLogic 反序列化漏洞（CVE-2017-3248）和WebLogic WLS 组件漏洞（CVE-2017-10271）对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-10271是一个最新的利用Oracle WebLogic中WLS 组件的远程代码执行漏洞，属于没有公开细节的野外利用漏洞，大量企业尚未及时安装补丁。官方在 2017 年 10 月份发布了该漏洞的补丁。 该漏洞的利用方法较为简单，攻击者只需要发送精心构造的 HTTP...

Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - NET::Ftp Command Injection Exploit

Exploit for ruby platform in category local exploits While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll note: def...