ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: ManageEngine Desktop Central 10 Build 100087 RCE Date: 24-07-2017 Software Link: https://www.manageengine.com/products/desktop-central/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website:...

ManageEngine Desktop Central 10 Build 100087 Remote Code Execution

Exploit Title: ManageEngine Desktop Central 10 Build 100087 RCE Date: 24-07-2017 Software Link: https://www.manageengine.com/products/desktop-central/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ CVE: CVE-2017-11346 Category: remote ...

Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings RCE

Remote command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Citrix CloudBridge RCE

Remote command execution vulnerability in Citrix CloudBridge Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Trend Micro InterScan Web Security Virtual Appliance SSHConfig Remote Root RCE

Remote command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance SSHConfig Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Trend Micro InterScan Web Security Virtual Appliance LogSettingHandler RCE

Remote command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance LogSettingHandler mountdevice parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Remote Code Execution (RCE)

OrientDB Core is vulnerable to remote code execution RCE attacks. Permissions are not enforced on a user executing a statement to the ORole structure containing a where, fetchplan or order by statement. By executing a groovy function where the groovy wrapper doesn't have a sandbox, any system...

Cisco WebEx Extension for Chrome < 1.0.12 'atgpcext' Library GPC Sanitization RCE (cisco-sa-20170717-webex)

The Cisco WebEx Extension for Chrome installed on the remote host is a version prior to 1.0.12. It is, therefore, affected by a remote code execution vulnerability in the 'atgpcext' library due to incomplete GPC sanitization. An unauthenticated, remote attacker can exploit this, by convincing a...

Cisco WebEx Extension for Firefox < 1.0.12 'atgpcext' Library GPC Sanitization RCE (cisco-sa-20170717-webex)

The Cisco WebEx Extension for Firefox installed on the remote host is a version prior to 1.0.12. It is, therefore, affected by a remote code execution vulnerability in the 'atgpcext' library due to incomplete GPC sanitization. An unauthenticated, remote attacker can exploit this, by convincing a...

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don't care to apply patches on time. Late last year, Cisco's Talos intelligence and research group discovered three critical remote code execution RC...

Google Chrome RCE + Sandbox Escape 0day Exploit

Item name: Google Chrome RCE + Sandbox Escape 0day Exploit 2. Affected OS : Windows 10 3. Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable? The vulnerability is present in the 32-bit and 64-bit versions of Google Chrome. With this vulnerability, you...

Fedora 26 : php-horde-Horde-Image (2017-28387b61fd)

HordeImage 2.5.1 - mjr SECURITY: Fix more potential places for command injections. ---- HordeImage 2.5.0 - mjr SECURITY: Prevent DOS attack by preventing an infinite loop in certain conditions CVE-2017-9773, reported by Fariskhi Vidyan. - mjr SECURITY: Prevent RCE attacks by properly sanitizing...

openSUSE: Security Advisory for ncurses (openSUSE-SU-2017:1882-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft Security Essentials RCE Vulnerability (Jul 2017)

Security Essentials is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9791: Analysis of RCE in the Struts Showcase App in Struts 1 Plugin

On July 7th, a new security vulnerability was published in Apache Struts 2 CVE-2017-9791 S2-0481. Struts 2.3.x users with Struts 1 plugin, which includes the Showcase app, are vulnerable. Once again, this vulnerability enables a Remote Code Execution RCE, which is the most commonly exploited Apac...

Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass RCE

The remote Cisco Prime Collaboration Provisioning server is affected by a remote command execution vulnerability in the ScriptMgr servlet due to a failure to restrict the HTTP HEAD method. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands...

Juniper Networks Junos OS SNMPD RCE Vulnerability

Junos OS is prone to a remote code execution vulnerability when receiving a crafted SNMP packet. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Patch Tuesday - July 2017

Most of the critical vulnerabilities patched this month concern client-side systems, with 14 separate Remote Code Execution RCE issues being addressed for the Microsoft Edge browser and five for Internet Explorer. One of the three Adobe Flash Player vulnerabilities being patched is also a critica...

Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities

Microsoft today released patches for 19 critical vulnerabilities, one of which was publicly known prior to the update. In all, 54 vulnerabilities were patched in Windows, Edge, Internet Explorer, Office and Exchange as part of Microsoft’s monthly Patch Tuesday release; 32 flaws were rated importa...

Shenzhen C-Data CD7201 Command Injection / Cross Site Scripting

Title: Shenzhen C-Data CD7201 / Multiple Vulnerabilities Date: 10/09/2016 Discovered by: @codexlynx Vendor: Shenzhen C-Data Vendor homepage: cdatatec.com Model: CD7201 Software Version: 2.4.6b Firmware Version: 7.1.0 Category: hardware, web, rce, xss 1Authentication Bypass...