CVE-2018-19999

CVE-2018-19999 affects SolarWinds Serv-U FTP Server 15.1.6.25, where broken access controls in the local management interface allow an authenticated local attacker to bypass authentication and execute code with SYSTEM privileges. Exploitation requires local access and an active Serv-U admin conso...

The vulnerability of the Microsoft XML Core Services MSXML on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft XML Core Services MSXML in the Windows operating system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote...

iSCSI unauthorized access vulnerability, tens of thousands of iSCSI are likely to be affected-vulnerability warning-the black bar safety net

! Overview iSCSI Internet Small Computer System Interface Internet small computer system interface, also known as IP-SAN, is an Internet-based and SCSI-3 protocols storage technology, by the IETF, proposed, and 2003 2 May 11, became the official standard. 2019 4 December 17, white cap sinks a...

SolarWinds Serv-U FTP 15.1.6 Privilege Escalation

CVE: CVE-2018-15906 Attack type: Remote, authenticated Discovered by: Chris Moberly @ The Missing Link Security Operating Systems: Verified on Win10 and Win2016 Vulnerable version: Tested on 15.1.6 current as of August 2018. Fixed in: Serv-U 15.1.6 Hotfix 2 Description SolarWinds Serv-U FTP Serve...

CVE-2018-0671

Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors...

Privilege escalation

Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors...

Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CNVD-2018-20739)

Microsoft Excel Viewer 2007 SP3 is a product of Microsoft Corporation.Microsoft Excel Viewer 2007 SP3 is a spreadsheet program.Windows 10 is a set of operating systems for personal computers.Graphics Windows 10 is an operating system for personal computers.Graphics Components is one of the graphi...

CVE-2018-12608

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...

Debian DLA-1482-1 : libx11 security update

Several issues were discovered in libx11, the client interface to the X Windows System. The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable to an off-by-one override on malicious server responses. A malicious server could also send a reply in which the first string overflow...

Idisagree - Control Remote Computers Using Discord Bot

Control remote computers using discord bot and python 3. ! If your target is a windows system, you may want to compile your payload. Do this with py2exe or pyinstaller. MAINTAINERS Alisson Moretto | Twitter: @A1S0N Github: @A1S0N PREREQUISITES Python 3.x pip3 subprocess from python3 Discord from...

KB4073065: Surface guidance to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities

None None...

Vulnerability to cause a Windows system crash, hardware experts published PoC exploit code-exploit warning-the black bar safety net

Bitdefender company researcher Marius Tivadar on GitHub released a PoC code, even if the computer is locking the case in a few seconds cause Windows computers to crash. ! The PoC code is the use of Microsoft processing an NTFS file system image process in the presence of a vulnerability, the code...

AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution

http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege: SYSTEM Type: Arbitrary File Execution Notes: Second minor bug allow...

Path Traversal

rubyzip is vulnerable to a path traversal vulnerability. Through the use of ..\ in file names within a zip folder, attackers can traverse folders outside of the intended directory on a Windows based system...

Microsoft Edge and ChakraCore Remote Memory Corruption Vulnerability (CNVD-2018-03522)

Microsoft Windows is a series of operating systems released by Microsoft Corporation.Edge is one of the browsers that comes with the system.ChakraCore is the core of an open source JavaScript engine used in Edge, and can also be used as a stand-alone JavaScript engine. A memory corruption...

One-Lin3r - Gives you one-liners that aids in penetration testing operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser: Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper: Give it an...

Security update for Adobe Flash Player: January 9, 2018

Security update for Adobe Flash Player: January 9, 2018 Summary This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server Version 1709, Windows Server 2016, Windows 10 Version 1709 Fall Creators Update, Windows 10 Version 1703...

Design/Logic Flaw

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...

CVE-2017-17099

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...

CVE-2017-17099

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...