11233 matches found
Integer Overflow
OpenCV is vulnerable to integer overflows. The PxMDecoder::readData has a flaw which allows attackers to cause an integer overflow when calculating srcpitch. Using this flaw, attackers can launch remote code execution RCE attacks and denial of service DoS attacks...
Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS
I'd like to submit an RCE issue within Git SVN and Mercurial, the CVEs are: CVE-2017-9800 Subversion CVE-2017-1000116 Mercurial hg CVE-2017-1000117 Git Further Info can be found at: http://blog.recurity-labs.com/2017-08-10/scm-vulns And product specific:...
RPi Cam Control < 6.3.14 - Remote Command Execution
RPi Cam Control = v6.3.14 RCE preview.php Multiple Vulnerabilities A web interface for the RPi Cam Vendor github: https://github.com/silvanmelchior/RPiCamWebInterface Date 16/08/2017 Discovered by @nopernik https://www.linkedin.com/in/nopernik http://www.korznikov.com RPi Cam Control = v6.3.14 is...
Metasploit Wrapup
Slowloris: SMB edition Taking a page from the Slowloris HTTP DoS attack, the aptly named SMBLoris DoS attack exploits a vuln contained in many Windows releases back to Windows 2000 and also affects Samba a popular open source SMB implementation. Through creation of many connections to a target's...
Symantec Messaging Gateway RCE and CSRF
SUMMARY Symantec has released an update to address two issues that were discovered in the Symantec Messaging Gateway SMG. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2017-6327 CVE-2017-6328 | Prior to 10.6.3-267 | Upgrade to 10.6.3-267 ISSUES...
Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow
@nahamsec found a test Jenkins instance where they could login with any valid Google account. Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources. Methodology Here is the...
Microsoft Patches Critical Windows Search Vulnerability
Microsoft patched more than two dozen remote code execution vulnerabilities today, many of them rated critical. One was a RCE bug that allowed an attacker to take complete control of a server or workstation via Windows Search. The fixes were part of Microsoft’s August Patch Tuesday update that...
Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution
Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted ||...
Synology Photo Station Unauthenticated Remote Code Execution
Vulnerability Summary The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier. Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo...
Unitrends UEB 9.1 - Privilege Escalation
Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
Unitrends UEB 9.1 - Privilege Escalation
Unitrends UEB 9.1 - Privilege Escalation Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage:...
Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution
Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Jared Arave, Cale Smith, Benny Husted Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
From the SSRF implementation chain to the RCE, see How do I use the GitHub Enterprise version of the four vulnerability-vulnerability warning-the black bar safety net
In the past few months, I have been seriously preparing for the 2017 America the Black Hat hacker conference and DEF CON 25 lecture content, and become a Black Hat and DEFCON speaker has always been in my life a very important goal. In addition, this is also my first time in such a formal occasio...
Juniper Junos libgd Compressed GD2 Data RCE (JSA10798)
According to its self-reported version number, the remote Juniper Junos device is affected by an integer signedness error in the included GD Graphics Library libgd when handling compressed GD2 data due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...
Remote Code Execution (RCE)
Symfony is vulnerable to remote code execution RCE. A malicious user can pass a serialized PHP object to YAML:parse or Yaml\Parser::parse functions to inject and execute arbitrary code...
Remote Code Execution (RCE)
Slim is vulnerable to Remote Code Execution RCE through PHP Object Injections. A malicious user can inject and execute arbitrary code when deserialising a SessionCookie object...
CVE-2016-10402
Affected software: Avira Antivirus engine. Vulnerable component: PE file processing (section header with very large RVA). Root cause: integer overflow leading to a heap-based buffer underflow. Impact: remote code execution with NT AUTHORITY\SYSTEM privileges. Affected versions: prior to 8.3.36.60...
Ipswitch IMail Server SMTPD RCE Vulnerability (ETRE/ETCETERABLUE)
Ipswitch Collaboration Suite/IMail Server is prone to remote code execution RCE. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Remote Code Execution (RCE)
Moodle is vulnerable to remote code execution RCE attacks. A malicious user can inject arbitrary code through a calculated questions on a quiz which would then be executed on the server...