com

CentOS-WebPanel.com Control Web Panel 0.9.8.846 Cross Site Scripting

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.846 suffers from a reflective cross site scripting vulnerability.




com

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.




com

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.




com

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.




com

rConfig 3.9.2 Command Injection

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).




com

DHS Completes Live Test Of E-Passports




com

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass

WordPress WooCommerce CardGate Payment Gateway plugin version 3.1.15 suffers from a payment process bypass vulnerability.




com

Magento WooCommerce CardGate Payment Gateway 2.0.30 Bypass

Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.




com

QRadar Community Edition 7.3.1.6 Authorization Bypass

QRadar Community Edition version 7.3.1.6 suffers from an authorization bypass vulnerability.




com

TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.




com

TrixBox CE 2.8.0.4 Command Execution

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap.




com

QRadar Community Edition 7.3.1.6 Path Traversal

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.




com

Intel's Commitment To Making Its Stuff Secure Is Called Into Question




com

Intel Fixes High-Severity Flaws In NUC, Discontinues Buggy Compute Module







com

Complaint Management System 4.2 Cross Site Scripting

Complaint Management System version 4.2 suffers from a persistent cross site scripting vulnerability.




com

WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.







com

FreeSWITCH Event Socket Command Execution

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).




com

Sagemcom Fast 3890 Remote Code Execution

This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.






com

Top Infectious Disease Expert Does Not Rule Out Supporting Temporary National Lockdown To Combat COVID-19





com

Solving Computer Forensic Case Using Autopsy

Whitepaper called Solving Computer Forensic Case Using Autopsy.




com

From Zero Credentials To Full Domain Compromise

Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.




com

NagiosXI 5.6 Remote Command Execution

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.




com

Symantec Web Gateway 5.0.2.8 Remote Command Execution

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.




com

NagiosXI 5.6.11 Remote Command Execution

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.




com

Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.




com

Packet Storm Advisory 2013-0827-1 - Oracle Java ByteComponentRaster.verify()

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.




com

Packet Storm Exploit 2013-0917-1 - Oracle Java ShortComponentRaster.verify() Memory Corruption

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.




com

Packet Storm Advisory 2013-0917-1 - Oracle Java ShortComponentRaster.verify()

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.




com

QRadar Community Edition 7.3.1.6 Insecure File Permissions

QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.




com

Microsoft Windows Desktop Bridge Virtual Registry Incomplete Fix

The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.




com

Microsoft Windows 10 UAC Bypass By computerDefault

This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe (auto elevate windows binary) execution.




com

VMware Host VMX Process COM Class Hijack Privilege Escalation

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.




com

Suspected Commonwealth Games DDoS Was Only A Fortnite Update




com

Broadcom Wi-Fi KR00K Proof Of Concept

Broadcom Wi-Fi device KR00K information disclosure proof of concept exploit. It works on WPA2 AES CCMP with Frequency 2.4GHz WLANs.




com

Cisco Data Center Network Manager 11.2.1 Command Injection

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.




com

Irix LPD tagprinter Command Execution

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.






com

CA Common Services casrvc Privilege Escalation

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.




com

Bull / IBM AIX Clusterwatch / Watchware File Write / Command Injection

Bull / IBM AIX Clusterwatch / Watchware suffers from having trivial admin credentials, system file writes, and OS command injection vulnerabilities.