[webapps] TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE)
[webapps] Feehi CMS 2.1.1 – Remote Code Execution (RCE) (Authenticated)
WiFiMouse 1.8.3.4 Remote Code Execution
WiFiMouse version 1.8.3.4 suffers from a remote code execution vulnerability.
Unified Remote Authentication Bypass / Code Execution
This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the […]
Trojan-Dropper.Win32.Corty.10 MVID-2022-0639 Insecure Credential Storage
Trojan-Dropper.Win32.Corty.10 malware suffers from an insecure credential storage vulnerability.
Bookwyrm 0.4.3 Authentication Bypass
Bookwyrm versions 0.4.3 and below suffer from an authentication bypass vulnerability due to a lack of rate limiting on OTP checks.
Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution
Trojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. Once loaded the exploit dll will check if the current directory is “C:WindowsSystem32” and if not, we grab our process ID and terminate. All basic tests […]
Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass
Buffalo TeraStation Network Attached Storage (NAS) version 1.66 suffers from an authentication bypass vulnerability.
ProcessMaker Privilege Escalation
ProcessMaker versions prior to 3.5.4 were discovered to be susceptible to a remote privilege escalation vulnerability.