The Latest Infosec News, Tools, and Exploits – Got Root?
This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath […]
# Exploit Title: Wing FTP Server 6.3.8 – Remote Code Execution (Authenticated) # Date: 2020-06-26 # Exploit Author: v1n1v131r4 # Vendor Homepage: https://www.wftpserver.com/ # Software Link: https://www.wftpserver.com/download.htm # Version: 6.3.8 # Tested on: Windows 10 […]
# Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 – Remote Code Execution # Date: 2018-09-01 # Exploit Author: Che-Chun Kuo # Vulnerability Type: URI Parsing Command Injection # Vendor Homepage: https://www.ubisoft.com/en-us/ # Software Link: https://uplay.ubi.com/ […]
# Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer – Remote Command Execution # Date: 2018-09-05 # Exploit Author: vr_system # Vendor Homepage: https://www.fujixerox.com.cn/ # Software Link: https://www.fujixerox.com.cn/ # Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V # Tested on: DocuCentre-V 3065,ApeosPort-VI […]
# Exploit Title: ASUS DSL-N12E_C1 1.1.2.3_345 – Remote Command Execution # Date: 2018-08-02 # Exploit Author: Fakhri Zulkifli (@d0lph1n98) # Vendor Homepage: https://www.asus.com/ # Software Link: https://www.asus.com/Networking/DSLN12E_C1/HelpDesk_BIOS/ # Version: 1.1.2.3_345 # Tested on: 1.1.2.3_345\ Method […]
CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in […]
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/POLARISOFFICE-2017-v8-REMOTE-CODE-EXECUTION.txt [+] ISR: Apparition Security Vendor: ============= www.polarisoffice.com Product: =========== PolarisOffice 2017 v8 Polaris Document Solution is an integrated solution for corporate document life […]
%PDF 1 0 obj <</Pages 1 0 R /OpenAction 2 0 R>> 2 0 obj <</S /JavaScript /JS ( /* Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley (mr_me) of Source Incite […]
# Exploit Title: Git (code execution) # Date: 2018-05-29 # Exploit Author: JameelNabbo # Website: jameelnabbo.com <http://jameelnabbo.com/> # Vendor Homepage: https://github.com/git/git <https://github.com/git/git> # CVE: CVE-2018-11235 #Version: <=2.17.1 # Tested on Kali Linux P0C: Create two […]
# Exploit Title: Pivotal Spring Java Framework < 5.0 – Remote Code Execution # Date: 2018-05-28 # Exploit Author: JameelNabbo # Website: jameelnabbo.com <http://jameelnabbo.com/> # Vendor Homepage: # https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development # CVE: CVE: CVE-2018-1270 # Version: […]
