Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2017/12/29 12:0 a.m.24 views

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.40 views

Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.45 views

InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.43 views

Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.58 views

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.54 views

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.36 views

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description Insecure direct object references occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attacke...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.69 views

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.38 views

NS International Train Tickets v7.31.4 Reflected XSS Vulnerability

Summary NS International Train Tickets is a web application that is used by NS International Dutch railways to manage search, book, plan, buy train tickets for international travels from the Netherlands. Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable t...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.57 views

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

8.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.61 views

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.47 views

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.40 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.53 views

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.39 views

Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS

Summary Uncompromising security and performance for emerging large organizations. The NSA 6600 network security appliance delivers best-in-class protection, speed and scalability with 12 Gbps throughput and up to 6000 VPN clients. Description SonicWALL NSA suffers from a XSS issue due to a failur...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/28 12:0 a.m.120 views

Eir’s D1000 Modem Is Wide Open To Being Hacked.

Background The Eir D1000 Modem has bugs that allow an attacker to gain full control of the modem from the Internet. The modem could then be used to hack into internal computers on the network, as a proxy host to hack other computers or even as a bot in a botnet. A port scan of the the modem...

10CVSS0.63748EPSS
Exploits12
seebug.org
seebug.org
added 2017/12/28 12:0 a.m.23 views

phpcms9.6.3后台存储型xss

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/27 12:0 a.m.49 views

Trustwave SWG Unauthorized Access

Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway SWG “provides distributed enterprises effective real-time protection...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/12/27 12:0 a.m.38 views

COMTREND ADSL Router CT-5367 - Remote Code Execution

Description Any user can edit all users password and execute remote code directly without have access Proof of Concept request this page before login to ADSL panel : 192.168.1.1/password.cgi/password.cgi Username: root support user Old Password: New Password: Confirm Password: !/usr/bin/env pytho...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/27 12:0 a.m.46 views

Kingsoft Antivirus/Internet Security 9+ Privilege Escalation

Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at no cost to users. It applies cloud security...

8.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.57 views

Asus_GlobalWirteOverflow

Vulnerability: Global buffer overflow in networkmap ------------------------------------------ Exploitation: Can write data at any address in heap ------------------------------------------ Vendor of Product: Asus wireless router ------------------------------------------ Affected Products and...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.46 views

Tplink Interface Authenticated RCE

Tested product: TL-WVR450L Hardware version:V1.0 Firmware version: 20161125 The RSAEncryptionForTplink.js is use for Rsa Encryption to the password when login the web manager. You can download the RSAEncryptionForTplink.js by...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.237 views

Tplink Diagnostic Authenticated RCE

Vulnerability: Command Injection in diagnostic.lua ------------------------------------------ Exploitation: Can remote command execution on the root shell. ------------------------------------------ Vendor of Product: Tp-Link router ------------------------------------------ Affected Products and...

8.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.71 views

Tplink Bridge Authenticated RCE

Vulnerability: Command Injection in bridge.lua ------------------------------------------ Exploitation: Can remote command execution on the root shell. ------------------------------------------ Vendor of Product: Tp-Link router ------------------------------------------ Affected Products and...

8.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.927 views

Pre-auth Remote Code Execution exploit for QNAP QTS

!/usr/bin/env python -- coding: iso-8859-15 -- Pre-auth Remote Code Execution exploit for QNAP QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 2017111 Just a quick dirty RCE PoC to make your QNAP sing "XMAS" in morse. Author: Andrea Palazzo @cogitoergor00t E-mail:...

7.5CVSS0.04439EPSS
Exploits2
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.178 views

Tplink LocalePath Disclosure

Vulnerability: Path Disclosure in locale.lua ------------------------------------------ Exploitation: Can be used to verify whether a path exists on the file system. ------------------------------------------ Vendor of Product: Tp-Link router ------------------------------------------ Affected...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.22 views

Asus_serviceTypeCopyOverflow

Tested product and firmware version: RT-N12HPB1 3.0.0.4.380.3479 coding=utf-8 ROUTERIP = '192.168.2.1' asus wireless router ip IP = '192.168.2.31' attacker ip INTERACE = 'eth0' attacker host network interface import time import socket import sys import os import threading import socketserver sc =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.103 views

Asus_DeleteOfflineClientOverflow

Vulnerability: Stack buffer overflow in httpd ------------------------------------------ Exploitation: Can control the $pc. Use together with a session hijack vulnerability or in a csrf attack, can remote code execution and then get a connectback shell. ------------------------------------------...

9.3CVSS0.1AI score0.07552EPSS
Exploits6
seebug.org
seebug.org
added 2017/12/25 12:0 a.m.52 views

Remote Stack Format String in 'nsd' binary from multiple OEM

Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day PoC 1 $ curl...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/25 12:0 a.m.49 views

Vitek RCE and Information Disclosure

Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack:...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/24 12:0 a.m.1457 views

Huawei HG532 Router Remote Code Execution(CVE-2017-17215)

A Zero-Day vulnerability CVE-2017-17215 in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild. The delivered payload has been identified as OKIRU/SATORI, an updated variant of Mirai...

0.7861EPSS
Exploits2
seebug.org
seebug.org
added 2017/12/22 12:0 a.m.930 views

Oracle WebLogic wls-wsat RCE(CVE-2017-10271)

漏洞描述 黑客利用WebLogic 反序列化漏洞(CVE-2017-3248)和WebLogic WLS 组件漏洞(CVE-2017-10271)对企业服务器发起大范围远程攻击,有大量企业的服务器被攻陷,且被攻击企业数量呈现明显上升趋势,需要引起高度重视。其中,CVE-2017-10271是一个最新的利用Oracle WebLogic中WLS 组件的远程代码执行漏洞,属于没有公开细节的野外利用漏洞,大量企业尚未及时安装补丁。官方在 2017 年 10 月份发布了该漏洞的补丁。 该漏洞的利用方法较为简单,攻击者只需要发送精心构造的 HTTP...

7.5CVSS8.5AI score0.99993EPSS
Exploits56
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.76 views

Ichano AtHome IP Cameras Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute....

8.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.54 views

Windows: use-after-free in jscript!NameTbl::GetValDef(CVE-2017-11903)

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. This works...

7.6CVSS7.8AI score0.46179EPSS
Exploits4
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.57 views

Windows: Uninitialized variable in jscript!JsArraySlice(CVE-2017-11855)

There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in Internet Explorer. - currently untested An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy...

7.6CVSS7.3AI score0.47913EPSS
Exploits4
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.51 views

Outlook for Android: Directory Traversal in Attachment Download

There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to b...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.53 views

Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD(CVE-2017-11890)

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. Th...

7.9AI score0.49398EPSS
Exploits4
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.72 views

Windows: heap overflow in jscript.dll in Array.sort(CVE-2017-11907)

There is an heap overflow vulnerability in jscript.dll library used in IE, WPAD and other places. The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort. PoC for IE note: page heap might be required to obsorve the crash: var vars = new Array100; var arr = new Array1000;...

7.6CVSS8.2AI score0.64164EPSS
Exploits4
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.54 views

VMware VNC Dynamic Resolution Request Code Execution Vulnerability(CVE-2017-4933)

Summary An exploitable code execution vulnerability exists in the remote management functionality of VMware . A specially crafted set of VNC packets can cause a heap overflow resulting in heap corruption. An attacker can create a VNC session to trigger this vulnerability. Tested Versions Vase,...

9.2AI score0.03571EPSS
Exploits1
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.69 views

VMware VNC Pointer Decode Code Execution Vulnerability(CVE-2017-4941)

Summary An exploitable code execution vulnerability exists in the remote management functionality of VMware . A specially crafted set of VNC packets can cause a type confusion resulting in stack overwrite, which could lead to code execution. An attacker can initiate a VNC session to trigger this...

9.2AI score0.03157EPSS
Exploits1
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.48 views

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)

There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...

6.9AI score0.25116EPSS
Exploits4
seebug.org
seebug.org
added 2017/12/19 12:0 a.m.81 views

Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability(CVE-2017-17522)

Description Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. Vulnerable: Python Software Foundation Python 3.6...

8.4AI score0.03595EPSS
Exploits1
seebug.org
seebug.org
added 2017/12/18 12:0 a.m.27 views

bluecms guest_book注入

...

1.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/18 12:0 a.m.105 views

GOAHEAD 命令执行漏洞(CVE-2017-17562)

INTRODUCTION This blog post details CVE-2017-17562, a vulnerability which can be exploited to gain reliable remote code execution in all versions of the GoAhead web server 3.6.5. The vulnerability is a result of Initialising the environment of forked CGI scripts using untrusted HTTP request...

8.4AI score0.96327EPSS
Exploits15
seebug.org
seebug.org
added 2017/12/18 12:0 a.m.46 views

bluecms 任意文件删除漏洞导致重装getshell & XSS漏洞

...

1.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/18 12:0 a.m.158 views

Command injection vulnerability in Net::FTP(CVE-2017-17405)

There is a command injection vulnerability in Net::FTP bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17405. Details Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument...

9.4AI score0.73927EPSS
Exploits5
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.117 views

iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules(CVE-2017-13861)

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

9.3CVSS1.4AI score0.14888EPSS
Exploits11
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.50 views

MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig(CVE-2017-13875)

AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-read pointer is passed to AppleIntelFramebuffer::validateDisplayMode which will read a pointer to a C++ object from that...

7.7AI score0.04426EPSS
Exploits2
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.80 views

QNAP QTS Unauthenticated Remote Code Execution(CVE-2017-17033)

Vulnerability Summary The following advisory describes a memory corruption vulnerability that can lead to an unauthenticated remote code execution in QNAP QTS versions 4.3.x and 4.2.x, including the 4.3.3.0299. QNAP Systems, Inc. “specializes in providing networked solutions for file sharing,...

10AI score0.04439EPSS
Exploits2
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.50 views

MacOS getrusage stack leak through struct padding(CVE-2017-13869)

For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusageargs uap, unused int32t retval struct rusage rup, rubuf; struct user64rusage...

6.6AI score0.04736EPSS
Exploits3
Total number of security vulnerabilities56796