Ajenti Remote Command Execution
Ajenti suffers from a remote command execution vulnerability.
View ArticlePodman / Varlink Remote Code Execution
Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.
View ArticleAjenti 2.1.31 Command Injection
This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
View ArticleErlang Bytecode String Converter
estr2bc is a python script to convert arbitrary string input to Erlang bytecode.
View ArticleStratodesk NoTouch Center Privilege Escalation
Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.
View ArticleCassandra Web 0.5.0 Remote File Read
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the...
View ArticleHPE Edgeline Infrastructure Manager Improper Authorization
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
View ArticleOpenpilot Default SSH Key Scanner
Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.
View ArticleZoom 4.6.239.20200613 Meeting Connector Post-Auth Remote Root
Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue...
View ArticlePIMT 1.0
PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords...
View ArticleF5 BIG-IQ VE 8.0.0-2923215 Remote Root
F5 BIG-IQ VE version 8.0.0-2923215 post-authentication remote root code execution exploit.
View ArticleCisco Modeling Labs 2.1.1-b19 Remote Command Execution
Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.
View ArticleHPE RDA-CAS 1.23.826 Denial Of Service
HPE RDA-CAS version 1.23.826 remote denial of service exploit.
View ArticleDocker Dashboard Remote Command Execution
Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.
View ArticleOkta Access Gateway 2020.5.5 Authenticated Remote Root
Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.
View ArticleRiak Insecure Default Configuration / Remote Command Execution
Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.
View ArticleShoutcast Server 2.6.0.753 Crash
Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability.
View ArticleUlfius Web Framework Remote Memory Corruption
Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or...
View Articlelitefuzz 1.0
litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.
View ArticleGtkRadiant 1.6.6 Buffer Overflow
GtkRadiant version 1.6.6 suffers from a buffer overflow vulnerability.
View ArticleComma Openpilot Insecure Default Configuration
Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in...
View ArticlelibMeshb Buffer Overflow
libMeshb suffers from a buffer overflow vulnerability. Version 7.62 has been released to address this issue.
View ArticleIIPImage Remote Memory Corruption
IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi...
View ArticleNVIDIA Data Center GPU Manager Remote Memory Corruption
NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network...
View ArticleApple macOS Remote Events Memory Corruption
This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.
View Article
More Pages to Explore .....