Oracle Weblogic Server Deserialization RCE - MarshalledObject

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object weblogic.corba.utils.MarshalledObject to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

Cisco RV110W - Password Disclosure / Command Execution Exploit

!/usr/bin/env python2 Cisco RV110W Password Disclosure and OS Command Execute. Tested on version: 1.1.0.9 maybe useable on 1.2.0.9 and later. Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute Date: 2018-08 Exploit Author: RySh Vendor Homepage: https://www.cisco.com/ Version:...

Responsive FileManager 9.13.4 - Multiple Vulnerabilities

Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.4/responsivefilemanager.zip Responsive FileManag...

SolarWinds User Device Tracker (UDT) Detection (Windows SMB Login)

SMB login-based detection of SolarWinds User Device Tracker UDT. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1000819

...

Mail.ru: сервант статус

Apache server status was available at jw-cn-test-1.ext.terrhq.ru...

WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit

WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit / When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of ever...

RubyGems: 65534 times efficient, Brute-force attack for api_key

I have found that type checking for apikey is insufficient in rubygems.org's source code. https://github.com/rubygems/rubygems.org/blob/master/app/controllers/applicationcontroller.rbL63 ruby def authenticatewithapikey apikey = request.headers"Authorization" || params:apikey @apiuser =...

libaom/av1_dec_fuzzer: Heap-buffer-overflow in read_uncompressed_header

Detailed report: https://oss-fuzz.com/testcase?key=5630956925353984 Project: libaom Fuzzer: libFuzzerlibaomav1decfuzzer Fuzz target binary: av1decfuzzer Job Type: libfuzzerasanlibaom Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address: 0x7f69291a30a7 Crash State:...

BitZoom 1.0 - 'rollno' SQL Injection

Exploit Title: BitZoom 1.0 - 'rollno' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://bitzoom.sourceforge.io/ Software Link: https://excellmedia.dl.sourceforge.net/project/bitzoom/bitzoom-master.zip Version: 1.0 Category: Webapps Tested on:...

CVE-2018-19270

...

OCS Inventory NG ocsreports Shell Upload Vulnerability

OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. OCS Inventory NG ocsreports Shell Upload Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST...

Cross site request forgery (csrf)

ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...

Novahot - A Webshell Framework For Penetration Testers

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals...

OpenSLP 2.0.0 - Multiple Vulnerabilities

OpenSLP 2.0.0 - Multiple Vulnerabilities / | | | / / | . | . | -| | -| | . | ||/ || |||||| | || || 2018-11-07 MORE BUGS IN OPENSLP-2.0.0 ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June...

helha.be Improper Access Control vulnerability

Open Bug Bounty ID: OBB-695395 Description| Value ---|--- Affected Website:| helha.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| hidden unt...

max-bikes.com XSS vulnerability

Open Bug Bounty ID: OBB-693793 Description| Value ---|--- Affected Website:| max-bikes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

ID Systems Throughout the 50 States

Jim Harper at CATO has a good survey of state ID systems in the US...

Improper access control checks for single share previews (NC-SA-2018-014)

A missing check could give unauthorized access to the previews of single file password protected shares...

Microsoft Windows 10 UAC Bypass By computerDefault Exploit

This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe auto elevate windows binary execution. !/usr/bin/env python Exploit Title: Windows 10 UAC Bypass by computerDefault Date: 2018-10-18 Exploit Author: Fabien DROMAS - Security consultant @ Synetis...