Wireless Repeater BE126 - Remote Code Execution

Exploit Title: WIFI Repeater BE126 – Remote Code Execution Date Publish: 09/09/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-13713 1...

A2billing 2.x - Backup File Download / Remote Code Execution

Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain multiple flaws which can be chained together to achieve shell...

AlienVault OSSIM 5.3.4 RCE

Remote command execution vulnerability in AlienVault OSSIM 5.3.4 nfsen.php customfmt parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Trend Micro OfficeScan Proxy.php RCE

Remote command execution vulnerability in Trend Micro OfficeScan Proxy.php T parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Symantec Messaging Gateway RestoreAction.performRestore() RCE

Remote command execution vulnerability in Symantec Messaging Gateway RestoreAction.performRestore localBackupFileSelection parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

CVE-2017-11455

CVE-2017-11455 affects Pulse Connect Secure diag.cgi and Pulse Policy Secure diag.cgi, enabling remote attackers to hijack administrator authentication for requests to start tcpdump due to missing anti-CSRF tokens. Affected: Pulse Connect Secure versions 8.2R1–8.2R5 and 8.1R1–8.1R10; Pulse Policy...

CVE-2015-3653

Aruba Networks ClearPass Policy Manager (CPPM) environments are affected by CVE-2015-3653 for CPPM versions prior to 6.4.7 and 6.5.x prior to 6.5.2. The issue allows remote authenticated administrators to write to arbitrary files in the underlying OS due to incorrect permission checking, potentia...

WordPress: Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general

Background This report is mainly about how a user with the role of editor, expectedly can post unfiltered content but unexpectedly can pwn an administrator with a RCE chain due to same origin frame scripting. Secondarily the report wants to highlight the technique used and the severity of it...

WordPress: Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE.

Description This report is very similar to https://hackerone.com/bugs?subject=user&reportid=203515 so I will not go into too much details. When uploading a avatar or profile background image thats larger than allowd, the error containing the filename will be output unsanitized leading to XSS...

CVE-2017-1000034

Akka versions =2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem...

Zerodium Offers $500K for Secure Messaging App Zero Days

Zerodium, a vendor operating in the nebulous exploit acquisition market, has put a premium on zero-day vulnerabilities in secure messaging applications in a new pricing structure announced today. Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp,...

Remote Code Execution (RCE)

zend-mail is vulnerable to remote code execution RCE attacks. The library does not properly sanitize input, allowing a malicious user to inject and execute arbitrary code using a \ character...

Windows 10 RCE (Sendbox Escape/Bypass ASLR/Bypass DEP) 0day Exploit

Affected OS: Windows 10 x86 x64 2 Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable? The vulnerability is present in the 32-bit and 64-bit versions of Windows 10 1507, 1511, 1607, 1703. With this vulnerability, you can remote code execute in the target...

Juniper Junos snmpd SNMP Packet Handling RCE (JSA10793)

According to its self-reported version number and configuration, the remote Juniper Junos device is affected by a remote code execution vulnerability in the snmpd daemon due to improper handling of SNMP packets. An unauthenticated, remote attacker can exploit this, via a specially crafted SNMP...

Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution

!/usr/bin/env python -- coding: utf8 -- Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior ALC WebCTRL, SiteScan Web 6.1 and...

Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE(CVE-2017-6327)

Bug 1: Web authentication bypass The web management interface is available via HTTPS, and you can't do much without logging in. If the current session identified by the JSESSIONID cookie has the user attribute set, the session is considered authenticated. The file LoginAction.class defines a numb...

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...

CVE-2017-10811

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors...

Shocked! Google not going to fix the Chrome in the RCE vulnerability-vulnerability warning-the black bar safety net

Chrome 60 before all the old versions are affected by a remote code execution vulnerability. An anonymous researcher through Beyongd Security's SecuriTeam secure disclosure program will issue to inform Google. Google responded that it does not plan to solve this problem, because it does not affec...

Copy Buffer Overflow

OpenCV is vulnerable to copy buffer overflows. If the length of AutoBuffer src in modules/imgcodecs/src/grfmtpxm.cpp is smaller than expected, it will cause a copy buffer overflow further down the line. Using this flaw, attackers can trigger remote code execution RCE attacks or denial of service...