Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48be
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.
edee6760c7f2c9ebf89f541fa00a52bf885df3f8a7630f79abf5b032785960a4
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.
a9196290400935ef3b6319c48e7689aa9a949b9efd2be8e9d8861ef419b6e001
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.
bbbed1b3bf17f683837d3fecae8f6085dee8a26a7ae1148d404cc746cff6632b
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.
5cb3107445be9dd17d7844b1475bdac38b6b7f828e25697fa092549f47228aa5
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.
e465300a0c016f04a03e4baea8fb3f12dea6565a5f3c380f365cb72843951a4e
Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. Spanish version of this paper.
50bf49894518deda534f1032b98b7e30137585abe5130ca8b0a557aa5ddf01e5
Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. English version of this paper.
9826659afad14c5aaeede84482ba6c38303eb65a202931871de20350a1ab3548
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.
ad7e67926b83c12120e3c277cb7491ca34beb0d29e83be6e3165d8265314ea5b
WordPress Ultimate Form Builder plugin suffers from a cross site scripting vulnerability.
30c734953a6cfd9df5dcae72d534c2b88c1405d19bf866e0a857c0cb8bc6351b
OpenText Documentum Content Server suffers from a privilege evaluation issue using crafted RPC save commands. Two proof of concepts included.
580ee53cae3ceeb71bd5061ead172f398e5ed685fc4484fea0430f1ba5208097
Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.
4b0dc2d246cc3a9756582983ff8531774c490e3ea2b7ddb569f8e43f1a06c2dc
Slackware Security Advisory - New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
65ed27397a070cbe6e570a99ec7f60b265e6481a766dc4e473b659efcd02c532
Red Hat Security Advisory 2017-1095-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
c4571355414950b77877a51816a24f66565ec135fb82f79a4c69cf27e893d96d
Red Hat Security Advisory 2017-1097-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.0 serves as a replacement for Red Hat JBoss Data Grid 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled.
1bd54df02b3b691ae55756f86658de99780ae24abd48d537e4ba901842bb0fa6
Dmitry (Deepmagic Information Gathering Tool) version 1.3a suffers from a local stack buffer overflow vulnerability.
014a2fe2f2202855bfad57c085ec71bcb8a2fd0c4311035acad667319a851c16
Microsoft RTF CVE-2017-0199 proof of concept exploit.
94860eb2041748a74ccdfe99ad24e8276e83a03535808e480542e01b7dde6104
VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.
f38ab6ac7db1ac5c9f60c3a076a685885892333cd88c3211cc5704218296d743
VirtualBox suffers from a guest-to-host out-of-bounds write via virtio-net.
6ce8ba01f3d08279ba5be7564eae4a3179b9004819f77937f69394a783defd7b
WebKit suffers from a universal cross site scripting vulnerability in operationSpreadGeneric.
6d9e305dd9fc16577996089d04a9e8ca38f2b5124a99b6df7e83db1c04d4e35e
Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.
430a53cd94edd4e0e498a42cca519bca58b5345139e6f34fe55a3fac5ac08ac8
This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17