NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (root:root) are never exposed to the end-user and cannot be changed through any normal operation of the camera.
75afdba7df6115f0fcf582aeaa5d0f0235301fc2dbb1e912b582b5293b9e51f6
IKEView.exe is vulnerable to local stack based buffer overflow when parsing an malicious (internet key exchange) ".elg" file. Vulnerability causes nSEH & SEH pointer overwrites at 4432 bytes after IKEView parses our malicious file, which may result then result in arbitrary attacker supplied code execution.
3523ab1269c0f4187c4a7efd81aecbce5f6a22206941e828961c579c48b6285c
Openfire version 3.10.2 suffers from a cross site request forgery vulnerability.
0e24b5cc34f5f30e0f92cdca09e38caa5c6a3aa1e7231a61f43ed26e5a092d1c
The Windows Kernel is subject to two related kernel-mode type-confusion vulnerabilities inside win32k!xxxRemoteReconnect. In both cases, a user-mode parameter passed to the syscall is incorrectly resolved to its underlying kernel representation via ObReferenceObjectByHandle passing NULL as the "ObType" field (rather than *IoFileTypeObject and *IoDeviceTypeObject respectively). Because the type is not checked, if a handle of a type other than a HANDLE to a file and a device are passed, the kernel incorrectly uses the underlying representation of the object as a PFILE_OBJECT and a PDEVICE_OBJECT, causing memory corruption in the kernel.
1fc87129199a0c6cd9e6a9fa146cc6e891c7331266896538d14fc884c57013ba
The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two proxy objects to an IFInstallRunner and calling [IFInstallRunner makeReceiptDirAt:asRoot:] in the first and passing a custom object as the directory name we can get a callback to our code just after the makeReceiptDirAt code has called seteuid(0);setguid(0) to regain privs. Since BSD priviledges are per-process this means that our other proxy object will now have euid 0 without having to provide an authorization reference. In this second proxy we can then just call runTaskSecurely and get a root shell before returning from the first proxy's callback function which will then drop privs.
1fd4f2bf985f7460d71d17680841dc5c059fe7c05b9a7ac1a776291868ff74e3
Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability.
5fe660afc121bc98f78855bc4c8a79507bdd0980f0cc631158e37e50937cd828
The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root and exploitable.
a34aa2485110ffeff9b63cf7063d71e3ac6548549f001e7517073b7f1ffaa5ca
Monsta FTP version 1.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
9e2f6e57e61d7dfed914ab5ebf4683e9e1336d21bab66f7429ecdcdf9b40f933
Install.framework has a suid root binary at /System/Library/PrivateFrameworks/Install.framework/Resources/runner that allows for arbitrary mkdir, unlink, and chown.
4b9ea14e8540ddbdec18fe305074224119369e420b4ed663a1f2bac393fa7f15
IKEView.exe is vulnerable to local stack based buffer overflow when parsing an malicious (internet key exchange) ".elg" file.
c258823e04d1c5912714ecf6c5d251c4962d8a64211d99317db61683332eab73
This is the ninth issue of POC || GTFO.
8ad70d4dd0c0f53e8c479d1d573e5a365ea673acafa9fd61fa5231e18502a6ad
Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.
fc7990f532774d8eb7b6c58646a4184c066856b3fb99521ec6baa6859a83e854
OpenLDAP versions 2.4.42 and below suffer from a remote denial of service vulnerability.
0c1bf0a1bcf96cdd744d44d9297e87b79b407bd844d5d254ee0ba7ef0957f829
Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.
36799a3c7e2af82faa6d01908af9360ddba720c30151c46a004891b6be136f05
Shopify suffered from an input validation vulnerability.
3b22718ee3a691098c84a1145c3a76387a4be88f853e0df123706369b26b2ff9
Magento suffered from a cross site scripting vulnerability.
1f9abe773c72fc70b1cfb69868ae0352dbc9344a10814fdaedb052f41ced7505