Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

ScanGuard Antivirus 2020 – Insecure Folder Permissions

Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. The product sets weak access control restrictions, as permissions are set to Full Control for Everyone group. This can allow low integrity malware the ability to replace ScanGuard executables.

FS-S3900-24T4S Privilege Escalation

This exploit allows an attacker to gain access to the FS-S3900-24T4S device by using the telnet protocol. The attacker can use the guest credentials to login and then use the enable command with the super password to gain access to the device. The attacker can then configure the device to create a new user with admin privileges and no password.

Clickheat 1.13+ Unauthenticated RCE

I have discovered a vulnerability in Clickheat 1.13 onwards that would allow an attacker to execute arbitrary commands on the remote webserver, in the context of the user running the webserver, without authentication. This could lead to unauthenticated access to the Clickheat web application, and potentially complete takeover of the remote webserver. For the exploit to be successful, the webserver (Apache was tested in this case) must be configured to handle Perl (.pl) scripts and have the ExecCGI directive present in the VirtualHost configuration. The issue stems from a script called parseClickLogs.pl in the /scripts directory of clickheat. If the Apache configuration is setup as above, this script will be executed when a user visits /clickheat/scripts/parseClickLogs.pl, as shown in Apache logs. Arbitrary parameters can be supplied to the script directly from the URL, separated by +'s. In the script, on line 48 is a vulnerable open() command.

BlueZone Desktop Malformed .zmd file Local Denial of Service

A vulnerability in BlueZone Desktop allows a local attacker to cause a denial of service by creating a specially crafted .zmd file. The vulnerability is due to an error when handling a specially crafted .zmd file. An attacker can exploit this vulnerability by creating a specially crafted .zmd file and convincing a user to open it with bzmd.exe. Successful exploitation will cause the application to crash.

Recent Exploits: