2019 February

Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload

Posted by deepcore under exploit (No Respond)

The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal (..\..\) characters. Therefore, this function can be abused to overwrite any files in the installation drive of CMS Server. This vulnerability is exploitable in CMS […]

Apple macOS 10.13.5 Local Privilege Escalation

Posted by deepcore under Apple (No Respond)

Apple macOS version 10.13.5 local privilege escalation exploit.

Tags: Apple, ios, osx

[dos] Valentina Studio 9.0.5 Linux – 'Host' Buffer Overflow (PoC)

Posted by deepcore under Security (No Respond)

Valentina Studio 9.0.5 Linux – ‘Host’ Buffer Overflow (PoC)

Tags: 0day, remote exploit

[webapps] C4G Basic Laboratory Information System (BLIS) 3.4 – SQL Injection

Posted by deepcore under Security (No Respond)

C4G Basic Laboratory Information System (BLIS) 3.4 – SQL Injection

Tags: 0day, remote exploit

[remote] MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) – Firewall and NAT Bypass

Posted by deepcore under Security (No Respond)

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) – Firewall and NAT Bypass

Tags: 0day, remote exploit

[dos] AirDrop 2.0 – Denial of Service (DoS)

Posted by deepcore under Security (No Respond)

AirDrop 2.0 – Denial of Service (DoS)

Tags: 0day, remote exploit

[webapps] EI-Tube 3 – SQL Injection

Posted by deepcore under Security (No Respond)

EI-Tube 3 – SQL Injection

Tags: 0day, remote exploit

[local] Memu Play 6.0.7 – Privilege Escalation

Posted by deepcore under Security (No Respond)

Memu Play 6.0.7 – Privilege Escalation

Tags: 0day, remote exploit

[dos] ScreenStream 3.0.15 – Denial of Service

Posted by deepcore under Security (No Respond)

ScreenStream 3.0.15 – Denial of Service

Tags: 0day, remote exploit

[local] RealTerm Serial Terminal 2.0.0.70 – 'Echo Port' Buffer Overflow (SEH)

Posted by deepcore under Security (No Respond)

RealTerm Serial Terminal 2.0.0.70 – ‘Echo Port’ Buffer Overflow (SEH)

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload

Apple macOS 10.13.5 Local Privilege Escalation

[dos] Valentina Studio 9.0.5 Linux – 'Host' Buffer Overflow (PoC)

[webapps] C4G Basic Laboratory Information System (BLIS) 3.4 – SQL Injection

[remote] MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) – Firewall and NAT Bypass

[dos] AirDrop 2.0 – Denial of Service (DoS)

[webapps] EI-Tube 3 – SQL Injection

[local] Memu Play 6.0.7 – Privilege Escalation

[dos] ScreenStream 3.0.15 – Denial of Service

[local] RealTerm Serial Terminal 2.0.0.70 – 'Echo Port' Buffer Overflow (SEH)

Tabs Switcher

Categories

Archives

Meta

BLOGROLL