This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites …
Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an authentication bypass vulnerability.
Source: Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass
The post Meinberg LANTIME Web Configuration Utility 6.16….
Zivif PR115-204-P-RS cameras version 220.127.116.113 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities.
Source: Zivif PR115-204-P-RS 18.104.22.1683 Bypass / Command Injection / Hardcoded Password
The post Zivif PR115-2…
It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
Source: Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target…
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection […]
The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
Source: Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass
The post Mi…
This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way “WinSxS” works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead […]
The post Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS appeared first on MondoUnix.
This Metasploit module uploads a jsp payload and executes it.
Source: Tomcat JSP Upload Bypass Remote Code Execution
The post Tomcat JSP Upload Bypass Remote Code Execution appeared first on MondoUnix.
Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.
Source: Apache Tomcat Upload Bypass / Remote Code Execution
The post Apache Tomcat Upload Bypass / Remote Code Execution appeared firs…