Clik here to view.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.MD5 |...
View ArticleClik here to view.
Lenovo SU 5.07 Buffer Overflow
Lenovo SU version 5.07 suffers from a buffer overflow vulnerability that allows for code execution.MD5 | ed2d00e979893df235dcdf59331f72a3DownloadDocument Title:===============Lenovo SU v5.07 - Buffer...
View ArticleClik here to view.
Chrome V8 KeyAccumulator Bug
Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash.MD5 | 9fee601d9a1d2470bc41cfa501ef0dbcDownloadChrome: V8: A bug with KeyAccumulator PoC:for (let i = 0; i < 10; i++) { let [tmp]...
View ArticleClik here to view.
Microsoft Edge Chakra JIT Out-Of-Bounds Reads/Writes
Microsoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.MD5 | b73c99e652b5ab40ccfdf43c9715573bDownloadMicrosoft Edge: Chakra: JIT: OOB reads/writes CVE-2018-8145It seems that...
View ArticleClik here to view.
Dicoogle PACS 2.5.0 Directory Traversal
Dicoogle PACS version 2.5.0 suffers from a directory traversal vulnerability.MD5 | cbc3f0a669566d78f741038e80ff473fDownload# Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal# Date: 2018-05-25#...
View ArticleClik here to view.
Linux Kernel Local Privilege Escalation
Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.MD5 | 337790c3978495619119dc00e3b271c4Download/* Credit @bleidl, this is a slight modification to his...
View ArticleClik here to view.
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
Microsoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments...
View ArticleClik here to view.
Microsoft Edge Chakra JIT SetConcatStrMultiItemBE Type Confusion
Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.MD5 | 9b384b361e8b141c4703603f10a6db28DownloadMicrosoft Edge: Chakra: JIT: Type...
View ArticleClik here to view.
RSA Identity Governance And Lifecycle Bypass / XSS
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user...
View ArticleClik here to view.
phpMyAdmin Authenticated Remote Code Execution
phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.MD5...
View ArticleClik here to view.
Apache CouchDB Arbitrary Command Execution
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by...
View ArticleClik here to view.
Manage Engine Exchange Reporter Plus Unauthenticated Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servletMD5 |...
View ArticleClik here to view.
Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure
Zeta Producer Desktop CMS versions 14.2.0 and below suffers from code execution and file disclosure vulnerabilities.MD5 | 639bb7a760add6a45ef566c6a24fd2a2DownloadSEC Consult Vulnerability Lab Security...
View ArticleClik here to view.
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
EDB-ID: 45015Author: Core SecurityPublished: 2018-07-13CVE: CVE-2018-0706... Type: WebappsPlatform: HardwareVulnerable App: N/A http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple...
View ArticleClik here to view.
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
EDB-ID: 45017Author: Filipe Xavier OliveiraPublished: 2018-07-13CVE: CVE-2018-10018 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: N/ATags: Denial of Service (DoS)Vulnerable App: N/A =====[...
View ArticleClik here to view.
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
EDB-ID: 45014Author: SEC ConsultPublished: 2018-07-13CVE: CVE-2018-12979... Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: N/ATags: Cross-Site Scripting (XSS)Vulnerable App: N/A...
View ArticleClik here to view.
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File...
EDB-ID: 45016Author: SEC ConsultPublished: 2018-07-13CVE: CVE-2018-13980... Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: N/ATags: TraversalVulnerable App: N/A...
View ArticleClik here to view.
phpMyAdmin - Authenticated Remote Code Execution (Metasploit)
EDB-ID: 45020Author: MetasploitPublished: 2018-07-13CVE: CVE-2018-12613 Type: RemotePlatform: PHPAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF), RemoteVulnerable App: # This module...
View ArticleClik here to view.
Manage Engine Exchange Reporter Plus - Unauthenticated RCE (Metasploit)
EDB-ID: 45018Author: MetasploitPublished: 2018-07-13CVE: N/A Type: RemotePlatform: JavaAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF), RemoteVulnerable App: N/A # This module...
View ArticleClik here to view.
Apache CouchDB - Arbitrary Command Execution (Metasploit)
EDB-ID: 45019Author: MetasploitPublished: 2018-07-13CVE: CVE-2017-12635... Type: RemotePlatform: LinuxAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF), RemoteVulnerable App: # This...
View Article