Lucene search
K

85 matches found

Prion
Prion
added 2019/11/21 6:15 p.m.27 views

Hardcoded credentials

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

7.5CVSS9.3AI score0.03347EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2019/11/21 5:53 p.m.78 views

CVE-2019-19033

CVE-2019-19033 affects Jalios JCMS 10. The webdav authentication can be bypassed via a backdoor account using any username and a hardcoded dev password, granting administrative access to the site and WebDAV server. The vulnerability stems from insecure handling in the DevTools plugin (DevToolsAut...

9.8CVSS9.3AI score0.03347EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/11/21 5:53 p.m.27 views

CVE-2019-19033

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

9.4AI score0.03347EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2018/12/13 12:0 a.m.80 views

WebDAV Server Serving DLL

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Serve DLL via webdav server', 'Description' = %q This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/12/10 12:0 a.m.5 views

Apereo Bedework bw-webdav XML External Entity Injection Vulnerability

Apereo Bedework bw-webdav is a general purpose webdav server. It is primarily used to interact with the backend to access resources. A security vulnerability exists in Apereo Bedework bw-webdav versions prior to 4.0.3. An attacker can exploit this vulnerability to perform an XML external entity...

7.5CVSS7.5AI score0.01687EPSS
Exploits0References1
0day.today
0day.today
added 2018/02/20 12:0 a.m.67 views

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to...

7AI score0.02344EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/02/20 12:0 a.m.68 views

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation

Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to impersonate a lowbox SYSTEM token leading to EoP. Description:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/11/20 12:0 a.m.100 views

Microsoft Office - OLE Remote Code Execution

Microsoft Office - OLE Remote Code Execution Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

9.3CVSS8.9AI score0.99945EPSS
Exploits33
Gentoo Linux
Gentoo Linux
added 2016/12/02 12:0 a.m.43 views

DavFS2: Local privilege escalation

Background DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. Description DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system” to call “/sbin/modprobe”. While the call to “modprobe” itself cannot be manipulated, a local...

7.2CVSS6.1AI score0.01168EPSS
Exploits2
exploitpack
exploitpack
added 2016/10/31 12:0 a.m.10 views

NVIDIA Driver - NvStreamKms PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback Local Privilege Escalation

NVIDIA Driver - NvStreamKms PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=918 The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a process creation...

1AI score
Exploits0
Fedora
Fedora
added 2016/07/10 6:5 a.m.13 views

[SECURITY] Fedora 24 Update: davfs2-1.5.4-3.fc24

davfs2 is a Linux file system driver that allows you to mount a WebDAV serv er as a disk drive...

2.3AI score
Exploits0
CNVD
CNVD
added 2015/11/07 12:0 a.m.4 views

Milton Webdav Information Disclosure Vulnerability

Milton Webdav is an open source WebDAV server-side components developed by the Webdav community . A security vulnerability exists in Milton Webdav that could be exploited by remote attackers to obtain sensitive information...

9.8CVSS6.8AI score0.02936EPSS
Exploits3References1
Exploit DB
Exploit DB
added 2015/03/19 12:0 a.m.29 views

Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=222 Windows: Local WebDAV NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update, Windows 7 Class: Elevation of Privilege Summary: A default installation of Windows 7/8 can be made to perform a NTLM reflectio...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Internet Explorer Winhlp32.exe MsgBox Code Execution

No description provided by source. $Id: ms10022ievbscriptwinhlp32.rb 10504 2010-09-28 16:19:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/02/28 12:0 a.m.55 views

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'GE Proficy CIMPLICITY gefebt.exe Remote Code Execution', 'Description' = %q This module abuses the gefebt.exe component in GE Proficy...

7.5CVSS0.4AI score0.70223EPSS
Exploits5
0day.today
0day.today
added 2014/02/28 12:0 a.m.90 views

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE...

7.5CVSS6.8AI score0.70223EPSS
Exploits5
Metasploit
Metasploit
added 2014/02/25 9:7 p.m.45 views

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

This module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behavior to execute a malicious BCL and drop an arbitrary EXE. The last o...

7.5CVSS7.4AI score0.70223EPSS
Exploits5
Fedora
Fedora
added 2013/12/19 7:17 a.m.20 views

[SECURITY] Fedora 18 Update: davfs2-1.4.7-3.fc18

davfs2 is a Linux file system driver that allows you to mount a WebDAV serv er as a disk drive...

7.2CVSS2.3AI score0.01168EPSS
Exploits2
Fedora
Fedora
added 2013/12/19 7:15 a.m.22 views

[SECURITY] Fedora 19 Update: davfs2-1.4.7-3.fc19

davfs2 is a Linux file system driver that allows you to mount a WebDAV serv er as a disk drive...

7.2CVSS2.3AI score0.01168EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/11/22 12:0 a.m.21 views

BlackBerry Link Multiple Vulnerabilities

The remote host has a version of BlackBerry Link installed that is prior to version 1.2.1.31. Such versions are affected by multiple vulnerabilities : - A WebDAV server that listens on an IPv6 address allows remote access to the host's file system. It may also be possible to utilize this...

6.8CVSS6.2AI score0.01853EPSS
Exploits1References4
Rows per page
Query Builder