Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution

Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE Date: 27.09.2017 Software Link: https://www.netgear.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $GET'uploaddir' is not escaped a...

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities, including a critical remote code execution vulnerability CVE-2017-9805 that could let an attacker take control of an affected system, late last week. The Apache Software Foundation patched the RCE...

Western Digital My Cloud Products Dropbox App RCE Vulnerability

The Dropbox App of Western Digital My Cloud products is prone to an unauthenticated remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apple OS X Server Denial of Service And RCE Vulnerabilities (HT208102)

Apple OS X Server is prone to denial of service DoS and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Zomato: Potential server misconfiguration leads to disclosure of vendor/ directory

Hi, Apologies for the weakness label, it was the closest I could find for what appears to be a server misconfiguration. Typically, in MVC frameworks like Slim which I see you are using here, Symfony, Laravel, etc., the front controller is the only thing exposed, leaving vendor/, logs/, and others...

WordPress VaultPress plugin <=1.9 - Unauthenticated RCE vulnerability

Unauthenticated Remote Code Execution RCE vulnerability found by Slavco in WordPress VaultPress plugin version 1.89-1.9. Solution Update the VaultPress plugin to the latest available version at least 1.9.1...

ScrumWorks Pro 6.7.0 RCE Vulnerability

ScrumWorks Pro is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-14705

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...

CVE-2017-14632

Xiph.Org libvorbis 1.3.5 is vulnerable to CVE-2017-14632: remote code execution via freeing uninitialized memory in vorbis_analysis_headerout() when vi-&gt;channels

CVE-2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout in info.c when vi-channels=0, a similar issue to Mozilla bug 550184...

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

CVE-2017-12611

CVE-2017-12611 is an Apache Struts vulnerability where an unintentional Freemarker expression in a tag can lead to remote code execution (RCE). The initial description specifies affected releases from Struts 2.0.0–2.3.33 and 2.5–2.5.10.1, due to using a Freemarker expression instead of string lit...

Trend Micro Mobile Security for iOS/Android Proxy.php RCE

Remote command execution vulnerability in Trend Micro Mobile Security for iOS/Android Proxy.php T parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apps industrial OT over Server: Anti-Web Remote Command Execution(CVE-2017-17888)

Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Remote Command Execution Date: 15/05/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: RCE REMOTE...

Tecnovision DLX Spot - Arbitrary File Upload Vulnerability

Exploit for multiple platform in category remote exploits Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage:...

DlxSpot Shell Upload

Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

TerraMaster TOS < 3.0.34 RCE Vulnerability - Active Check

TerraMaster TOS is prone to a remote command execution RCE vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...