CVE-2019-12780 Belkin Wemo UPnP – Remote Code Execution

Expliot References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12780

Read More

CVE-2019-12788 Photodex ProShow Producer – Buffer Overflow

Description An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file. Exploit References https://risataim.blogspot.com/2019/06/exploit-local-para-proshow.html

Read More

CVE-2019-11881 Rancher 2.1.4 – Web Parameter Tampering

Description A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There’s no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a “This […]

Read More

Exim CVE-2019-10149 – Remote Command Execution

Description A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Local exploitation The vulnerable code is located in deliver_message(): Because expand_string() recognizes the “${run{<command> <args>}}” expansion item, and because new->address is the recipient of the mail that […]

Read More