[shellcode] Linux/x86 – Bind TCP Shell + fork() Shellcode (113 bytes)
Posted by deepcore under Security (No Respond)
Archive for May, 2018
HWiNFO 5.82-3410 Denial Of Service
Posted by deepcore under exploit (No Respond)
HWiNFO version 5.82-3410 suffers from a denial of service vulnerability.
PlaySMS sendfromfile.php Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub’s Dina […]
PlaySMS import.php Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the […]
WordPress User Role Editor Plugin Privilege Escalation
Posted by deepcore under exploit (No Respond)
The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality (“update” function, contained within the “class-user-other-roles.php” module). Instead of verifying whether the current user has the right to edit other users’ profiles (“edit_users” WP capability), the vulnerable function verifies whether the current user has the […]
DeviceLock Plug And Play Auditor 5.72 Buffer Overflow
Posted by deepcore under exploit (No Respond)
DeviceLock Plug and Play Auditor version 5.72 suffers from a unicode buffer overflow vulnerability.
GNU Wget 1.19.4 Cookie Injection
Posted by deepcore under exploit (No Respond)
GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.
Palo Alto Networks readSessionVarsFromFile() Session Corruption
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by […]
Apple Security Advisory 2018-05-04-1
Posted by deepcore under Apple (No Respond)
[remote] PlaySMS 1.4 – 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)
Posted by deepcore under Security (No Respond)
PlaySMS 1.4 – ‘sendfromfile.php?Filename’ Authenticated ‘Code Execution (Metasploit)
Tags: 0day, remote exploit