A proof-of-concept exploit for CVE-2017-18344. Includes KASLR and SMEP bypasses. No SMAP bypass. No support for 1 GB pages or 5 level page tables. Tested on Ubuntu xenial 4.4.0-116-generic and 4.13.0-38-generic and on CentOS 7 3.10.0-862.9.1.el7.x86_64.
A heap overflow can be triggered in the reSIProcate SIP stack when TLS is enabled. Abuse of this vulnerability may cause a denial of service of software using reSIProcate and may also lead to remote code execution. No SIP user authentication is required to trigger the vulnerability on the client or server side. Execution of the code can be triggered by sending a partial SIP message over TLS with a Content-Length header field, followed by sending a packet over TLS with its associated SIP message body. By setting the Content-Length field to a value that is lower than the length of the SIP message body which followed, a malicious user could trigger a heap buffer overflow.
A Cross-Site Request Forgery (CSRF) vulnerability exists in TP-Link C50 Wireless Router 3, which allows an attacker to disclose sensitive information. The vulnerability exists due to insufficient validation of user-supplied input in the web-based management interface. An attacker can send a specially crafted request to the web-based management interface and disclose sensitive information.
This module extracts winbox credentials in winbox versions 6.29 - 6.42. It needs metasploit framework.
An attacker can cause a denial of service (DoS) condition on the TP-Link Wireless N Router WR840N by connecting to the network, opening BurpSuite, intercepting the connection, going to Quick setup, and pasting a string consisting of 2000 zeros into the Authorization: Basic field. This will cause the router to log out and the network connection to be lost, requiring a reboot of the router before it becomes available again.
iSmartViewPro 1.5 is vulnerable to a buffer overflow in the 'Account' field. An attacker can exploit this vulnerability by running a python code to generate a malicious file, copying the content of the file to the clipboard, and then pasting it into the 'Account' field. This will cause a buffer overflow and allow the attacker to execute arbitrary code.
iSmartViewPro 1.5 is vulnerable to a buffer overflow in the 'Device Alias' field. An attacker can exploit this vulnerability by running a python code to generate a malicious file, copying the content of the file to the clipboard, and then pasting it into the 'Device Alias' field. This will cause a buffer overflow and allow the attacker to execute arbitrary code.
CSRF vulnerability in admin/user/edit in Monstra-dev 3.0.4 allows an attacker to take over a user account by modifying user's data such as email and password. To exploit this vulnerability, victim need to be logged in at target site namely victim.com and visit crafted site made by attacker namely attacker.com. Then an authenticated POST request will be generated from victim browser and it will be submit to victim.com to modify user's data to attacker desired value.
OpenEMR 5.0.1.3 is vulnerable to authenticated Remote Code Execution. An attacker can exploit this vulnerability by sending a maliciously crafted POST request to the vulnerable server. This will allow the attacker to execute arbitrary code on the server.
Cross-site scripting (XSS) vulnerability on Groups Page in Open-AudIT Community edition in 2.2.6 allows remote attackers to inject arbitrary web script or HTML in group name, as demonstrated in the Proof of Concept.
Services By CQR