LanSend 3.2 - Buffer Overflow (SEH)

Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w'...

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software, a business automation system within the Oracle E-Business Suite. This component allows attackers to access, modify, add, or delete data, or gain unauthorized access to protected information.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software, a business automation system within the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or...

CVE-2020-10916

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P120191213-rel60361 Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechani...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P120191213-rel60361 Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechani...

CVE-2020-10916

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P120191213-rel60361 Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechani...

CVE-2020-7473

In certain situations, all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on th...

SolarWinds MSP PME Cache Service Insecure File Permissions / Code Execution Exploit

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities. Title: SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG GitHub:...

TP-Link TL-WA855RE login.json Authentication Privilege Elevation Improper Vulnerability

The TP-Link TL-WA855RE is a wireless network signal extender from China P&L TP-Link. A security vulnerability exists in the initial setup process in the TP-Link TL-WA855RE, which stems from the program failing to properly validate the initial setup request. The vulnerability can be exploited by a...

TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

CVE-2020-11964

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

Code Blocks 16.01 - Buffer Overflow (SEH) UNICODE

Exploit Title: Code Blocks 16.01 - Buffer Overflow SEH UNICODE Date: 2020-04-17 Exploit Author: T3jv1l Software Link: https://sourceforge.net/projects/codeblocks/files/Binaries/16.01/Windows/codeblocks-16.01-setup.exe Software version: 16.01 buffer="A"536 buffer buffer+="\x61\x41" POPAD + Aligned...

Easy MPEG To DVD Burner 1.7.11 Buffer Overflow

Exploit Title: Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow SEH + DEP Date: 2020-04-15 Exploit Author: Bailey Belisario Tested On: Windows 7 Ultimate x64 Software Link: https://www.exploit-db.com/apps/32dc10d6e60ceb4d6e57052b6de3a0ba-easympegtodvd.exe Version: 1.7.11 Exploit Length: 1015 Byte...

kubernetes kubeadm-ha-setup kubeadm-upgrade security update

kubernetes 1.12.10-1.0.11 - CVE-2019-11254 kube-apiserver Denial of Service vulnerability from malicious YAML payloads 1.12.10-1.0.10 - CVE-2019-16276 Kubernetes Vulnerabilities Allow Authentication Bypass, DoS 1.12.10-1.0.9 - Define rolling update for flannel 1.12.10-1.0.8 - Modify...

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

CVE-2020-2877

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Attribute Admin Setup. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner...

Design/Logic Flaw

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge...