Cockpit 234 Server-Side Request Forgery

Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...

CVE-2020-5120

...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

CVE-2020-5095

...

CVE-2020-5043

...

CVE-2020-6904

...

Mantis Bug Tracker 2.24.3 SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

On the Evolution of Ransomware

Good article on the evolution of ransomware: Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and, unfortunately, predictable devolution. After years spent honing their...

Wynis - Audit Windows Security With Best Practice

Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDITCONF%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus...

10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH) Exploit

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow SEH Exploit Author: Florian Gassner Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.05 Tested on: Windows 10 x64...

GitLab 11.4.7 - Remote Code Execution (Authenticated)

Exploit Title: GitLab 11.4.7 Authenticated Remote Code Execution No Interaction Required Date: 15th December 2020 Exploit Author: Mohin Paramasivam Shad0wQu35t Software Link: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested on...

NZXT CAM WinRing0x64 driver IRP 0x9c402084 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

OSV-2020-2247 Stack-buffer-overflow in ot::MeshCoP::ChannelMaskEntryBase::GetEntrySize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28315 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::MeshCoP::ChannelMaskEntryBase::GetEntrySize ot::MeshCoP::ChannelMaskEntryBase::GetNext ot::MeshCoP::ChannelMaskBaseTlv::IsValid...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 CVE-2020-13942 POC by Eugene Rojavski Origi...

Gitlab 12.9.0 Arbitrary File Read

Exploit Title: Gitlab 12.9.0 - Arbitrary File Read Authenticated Google Dork: - Date: 11/15/2020 Exploit Author: Jasper Rasenberg Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Kali Linux 2020.3 You can...

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

Bumble: Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free.

Summary: On Badoo when a user wants to delete his account it prompts for a Free 3 days premium or the user can proceed to delete his account. But when user choose to get free 3 day premium he can click Get free Badoo Premium and can enjoy free premium for three days, Here i found a race condition...

KonaWiki3 cross-site scripting vulnerability

KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...

Cisco 7937G Denial Of Service / Privilege Escalation

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...

Oracle Linux 8 : libxml2 (ELSA-2020-4479)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4479 advisory. - Fix CVE-2019-19956 1793001 - Fix CVE-2020-7595 1799786 Tenable has extracted the preceding description block directly from the Oracle Linux security...