This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to […]
Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:ProgramData\Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:WindowsSystem32Printing_Admin_Scriptsen-USprnmngr.vbs is then used to add the printer to […]
Simple Image Gallery System 1.0 – ‘id’ SQL Injection
Tags:
0day,
remote exploit
easy-mock 1.6.0 – Remote Code Execution (RCE) (Authenticated)
Tags:
0day,
remote exploit
4images 1.8 – ‘limitnumber’ SQL Injection (Authenticated)
Tags:
0day,
remote exploit
Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\\Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs is then used to add the printer to […]
Trojan-Proxy.Win32.Raznew.gen malware suffers from an unauthenticated open proxy vulnerability.
Backdoor.Win32.IRCBot.gen malware suffers from a hardcoded credential vulnerability.
HackTool.Win32.Hidd.b malware suffers from a buffer overflow vulnerability.
Canon TR150 print drivers versions 3.71.2.10 and below allow local users to read/write files within the “CanonBJ” directory and its subdirectories. By overwriting the DLL at C:ProgramDataCanonBJIJPrinterCNMWINDOWSCanon TR150 seriesLanguageModules40CCNMurGE.dll with a malicious DLL at the right time whilst running the C:WindowsSystem32Printing_Admin_Scriptsen-USprnmngr.vbs script to install a new printer, a timing issue can be exploited to cause […]