header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Prowise Reflect v1.0.9 – Remote Keystroke Injection

Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. The exploit works either over the network (when port 8082 is exposed) or by visiting a malicious website. The exploit allows the attacker to inject keystrokes into the target system. The provided Proof of Concept (POC) contains a malicious webpage that demonstrates the exploit.

Dixell XWEB-500 – Arbitrary File Write

Dixell XWEB-500 is affected by multiple Arbitrary File Write Vulnerability. The exploit allows an attacker to write arbitrary files on the target system using various endpoints such as logo_extra_upload.cgi, lo_utils.cgi, and cal_save.cgi. The attacker can specify the filename and content of the file to be written.

Windows MultiPoint Server 2011 SP1 – RpcEptMapper and Dnschade Local Privilege Escalation

A local non-admin user on the computer can create a Performance subkey in the HKLMSYSTEMCurrentControlSetServicesDnscache or HKLMSYSTEMCurrentControlSetServicesRpcEptMapper registry keys, populate it with values, and trigger performance monitoring, which leads to a Local System WmiPrvSE.exe process loading the attacker's DLL and executing code from it.

OpenClinic GA 5.194.18 – Local Privilege Escalation

By default, the Authenticated Users group has the modify permission to OpenClinic folders/files. A low privilege account can rename mysqld.exe or tomcat8.exe files located in bin folders and replace them with a malicious file that would connect back to an attacking computer, giving system-level privileges. This is possible because the service is running as Local System. Although a low privilege user cannot restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also has unquoted service path issues.

Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection

The CTM-200 wireless gateway suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.

Recent Exploits: