Suggested description
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.
Vulnerability Type
Buffer Overflow
from pip._internal import main | |
import sys | |
inst = {'y','yes'} | |
try: | |
import numpy as np | |
print("Everything seems OK. No need for setup.") | |
except ImportError: |
# -*- coding: utf-8 -*- | |
# Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump | |
# Vendor Notification: 03-03-2018 - No response | |
# Initial CVE: 04-04-2018 | |
# Disclosure: 21-04-2018 | |
# Exploit Author: Berk Cem Göksel | |
# Contact: twitter.com/berkcgoksel || bgoksel.com | |
# Vendor Homepage: http://www.ipecs.com/ |
#!/usr/bin/env python | |
# coding: utf-8 | |
############ Description: ########## | |
# The vulnerability was discovered during a vulnerability research lecture. | |
# This is meant to be a PoC. | |
#################################### | |
# Exploit Title: Core FTP LE v2.2 Build 1921 (Client) - Buffer Overflow PoC | |
# Date: 12 Jun 2018 |
Suggested description
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.
Vulnerability Type
Buffer Overflow
<!-- PaleMoon Browser - Proof of Concept --> | |
<!-- Exploit Title: Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept --> | |
<!-- Date: 13 Jun 2018 --> | |
<!-- Author - Berk Cem Goksel --> | |
<!-- Contact: twitter.com/berkcgoksel || bgoksel.com --> | |
<!-- Vendor Homepage: https://www.palemoon.org/ --> | |
<!-- Software Link: https://www.palemoon.org/palemoon-win32.shtml --> | |
<!-- Version: Versions prior to 27.9.3 (Tested versions: 27.9.0, 27.9.1, 27.9.2) --> | |
<!-- Tested on: Windows 10 --> |
Suggested description
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject on Pale Moon Browser versions before 27.9.3.
Additional Information
The vulnerability has been confirmed and patched by the vendor.
from sys import argv | |
import sys | |
import os | |
import time | |
import requests | |
import re | |
if len(argv) != 3: |
Test | |
123 |
Suggested description
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
Vulnerability Type
Suggested description
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.