TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution

TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution Source: https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/ !/usr/bin/python coding: utf8 Exploit: Unauthenticated RCE as root. Vendor: TerraMaster Product: TOS import sys import requests def upload...

Multiple VMware Workstation Products DLL Loading Local Privilege Escalation Vulnerability - Linux

VMware Workstation and Horizon View Client are prone to a remote code execution RCE vulnerability Windows. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Zabbix Server Active Proxy Trapper RCE Vulnerability (CVE-2017-2824)

Zabbix is prone to a remote code execution RCE vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2017-8540

CVE-2017-8540 affects Microsoft Malware Protection Engine (MMPE) across Forefront/Defender deployments. The weakness arises from a use-after-free in the garbage collection system managing JavaScript objects during scanning of specially crafted files, enabling memory corruption and potential remot...

Samba 4.4.x < 4.4.14 / 4.5.x < 4.5.10 / 4.6.x < 4.6.4 RCE (SambaCry)

Binary data 700127.prm...

Postfix 2.x Mail Message Date Field RCE (ENTERSEED)

According to its banner, the Postfix mail server running on the remote host is version 2.x from 2.0.8 to 2.1.5 inclusively. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of the email date field. An unauthenticated, remote attacker can exploit thi...

Dell SonicWALL Secure Remote Access gencsr RCE

Remote command execution vulnerability in Dell SonicWALL Secure Remote Access /cgi-bin/gencsr Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Dell SonicWALL Secure Remote Access viewcert RCE

Remote command execution vulnerability in Dell SonicWALL Secure Remote Access /cgi-bin/viewcert Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Raritan PowerIQ Rails RCE Vulnerability

Raritan PowerIQ is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress: Stored self-XSS in mercantile.wordpress.org checkout

Hello Team, Summary after i read this 221893 report, i try to find more security issue there, and i was surprise i found an RCE Via Template Injection. Since on that report i see ng-bindable word, its possible the site also effect by RCE. Step To Reproduce 1. open https://mercantile.wordpress.org...

PlaySMS 1.4 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: PlaySMS 1.4 Remote Code Execution to Poisoning admin log Date: 19-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

Tecnovision DLX Spot - Arbitrary File Upload

Tecnovision DLX Spot - Arbitrary File Upload Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...

Apple iTunes < 12.6.1 WebKit Memory Corruption RCE (credentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.6.1. It is, therefore, affected by a remote code execution vulnerability due to memory corruption caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convinci...

Tecnovision DLX Spot - Arbitrary File Upload

Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

Apple iTunes < 12.6.1 WebKit Memory Corruption RCE (uncredentialed check)

The version of Apple iTunes running on the remote host is prior to 12.6.1. It is, therefore, affected by a remote code execution vulnerability due to memory corruption caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user ...

Oracle PeopleSoft Enterprise PeopleTools 8.55 - Remote Code Execution Via Blind XML External Entity

Oracle PeopleSoft Enterprise PeopleTools 8.55 - Remote Code Execution Via Blind XML External Entity !/usr/bin/python3 Oracle PeopleSoft SYSTEM RCE https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce cf 2017-05-17 import requests import urllib.parse import re import string import random...

Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution

!/usr/bin/python3 Oracle PeopleSoft SYSTEM RCE https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce cf 2017-05-17 import requests import urllib.parse import re import string import random import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...

WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress PHPMailer Host Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in WordPress version...

Oracle PeopleSoft Enterprise PeopleTools &lt; 8.55 - Remote Code Execution Via Blind XML External Entity

!/usr/bin/python3 Oracle PeopleSoft SYSTEM RCE https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce cf 2017-05-17 import requests import urllib.parse import re import string import random import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...

Nextcloud: (Authenticated) RCE by bypassing of the .htaccess blacklist

Storage::copyFromStorage doesn't check the content of a folder it copies against the list of blacklisted files. Meaning that if a user has access to an external storage inc. fed. shares that contains a .htaccess file, he can move the .htaccess file to the local data directory. The attack works on...