Backdoor.Win32.Wollf.16 malware creates and runs a service named contime.exe with SYSTEM integrity and listens on port 5240. The malware uses a weak hardcoded password of 12345678 which can easily be viewed in the binary using strings utility.
This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running […]
This Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint.
Backdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.
Tenda AC5 AC1200 Wireless – ‘WiFi Name & Password’ Stored Cross Site Scripting
Tags: 0day, remote exploitSimple College Website 1.0 – ‘name’ Sql Injection (Authentication Bypass)
Tags: 0day, remote exploitCemetry Mapping and Information System 1.0 – ‘user_email’ Sql Injection (Authentication Bypass)
Tags: 0day, remote exploit