Facebook And Google Reviews System For Businesses version 1.1 suffers from a code execution vulnerability.
27b25a71e7b37c82f8af9b94139ec222Facebook And Google Reviews System For Businesses version 1.1 suffers from a remote SQL injection vulnerability.
abe1646707d467935c7ac7c16532d838GNU inetutils versions 1.9.4 and below are vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern browsers no longer support telnet:// handlers, but in instances where URI handlers are enabled to the inetutils telnet client this issue maybe remotely triggerable. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments. A heap-overflow is also present which can be triggered in a different code path due to supplying oversized environment variables during client connection code.
17d3bfcc3f5ceb86b75256a45640ade5An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group.
3572fecc2d0fb3043e6bd86755fb6b8aHuawei Router HG532e command execution exploit.
1bd1ab75cfe698ce8948f3b80e151cdfAngry IP Scanner version 3.5.3 denial of service proof of concept exploit.
f18b724a9873d2a1512dad99cef1ac23Facebook And Google Reviews System For Business version 1.0 suffers from a cross site request forgery vulnerability.
79754b5cae2b5220c3bc684604855950Zortam MP3 Media Studio version 24.15 SEH local buffer overflow exploit.
da9a9e7ebc4b79e3190486888ee7e704Responsive FileManager version 9.13.4 suffers from bypass, cross site scripting, remote file read, remote file write, and traversal vulnerabilities.
2ef45cffaee6d5b284e83ae3327d46c7Cisco RV110W suffers from password disclosure and command execution vulnerabilities.
eed52ea76fb024c920ddc2cbd7084851UltraISO version 9.7.1.3519 Output FileName denial of service proof of concept exploit.
59c7853bd2b81155cd79545047526214Double Your Bitcoin Script Automatic 2018 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0774c4503aa3fa00776704441c0f2438This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion.
c501475e6a50c14cfc8ea6a100c5476dThis Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS.
6787a588f4d46475c4bdc139c65e1b32This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached.
1f1d8c01f63d11080c272e67a3c4e711Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users.
11a292606442e6bfd769b6cbfc1505c2Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to user projects.
2833a0ff0f4c1e8179d629fddb53bdc8When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.
3e9bb4227872fd85077a0576d93fc20fHotelDruid version 2.3 suffers from a remote SQL injection vulnerability.
ff08e4b28ad90208305abee305153384Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability.
2bdc946a9fe5817a2d11a5b13c07566fWordPress AutoSuggest plugin version 0.24 suffers from a remote SQL injection vulnerability.
2ae7fec36d8cafaffee69a2b84782c6eThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability.
6b92d8a4fb370a3ceb662efb7302b3b7Huawei B315s-22 suffers from an information disclosure vulnerability.
029df3562dc9d2f68e5db5cbc790de49Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability.
5759711c3f8c6e170b72ca702ef643efTP-Link Archer C1200 suffers from a cross site scripting vulnerability.
49bd46588e1bbff2559d1240c27c9f34
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed