| Microsoft Windows DNS Server SIGRed Remote Code Execution Exploit |
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. |
April 6, 2021 |
CVE-2020-1350 |
Windows |
Exploits / Remote |
Impact |
| SmartPTT Arbitrary File Upload |
SmartPTT Arbitrary File Upload |
April 6, 2021 |
|
|
Exploits / Remote |
SCADAPRO |
| Beckhoff TwinCAT 3x EventConfigurator Remote Code Execution Vulnerability |
This module will receive HTTP requests from vulnerable clients and install agents on them. |
April 6, 2021 |
|
|
Exploits / Client Side |
SCADAPRO |
| SmartPTT Session Keys Disclosure |
SmartPTT Information Disclosure |
April 6, 2021 |
|
|
Exploits / Remote |
SCADAPRO |
| ADLINK AD-Logger V1.20 Remote Code Execution Vulnerability |
This module will receive HTTP requests from vulnerable clients and install agents on them. |
April 6, 2021 |
|
|
Exploits / Client Side |
SCADAPRO |
| ioBroker 1.5.14 Directory Traversal Vulnerability |
This module exploits a directory traversal vulnerability in ioBroker |
April 6, 2021 |
|
Windows |
Exploits / Remote |
SCADA |
| ADwin software package CD 6.00.28.03 Remote File Create Vulnerability |
This module will receive HTTP requests from vulnerable clients and install agents on them. |
April 6, 2021 |
|
|
Exploits / Client Side |
SCADA |
| Beckhoff CP-Link 3 1.7.31.0 CplGfxClient Denial of Service |
Remote Denial Beckhoff CP-Link 3 1.7.31.0 |
April 6, 2021 |
|
Windows |
Denial of Service / Remote |
SCADA |
| WebHMI_XSS |
WebHMI 4.0.7348 suffers from persistent cross site scripting vulnerability.
It is located on the page for creating a new connection.
An attacker with administrator rights can create a new connection and specify an xss injection in the name field.
XSS injection will be triggered on the 'host/setup/registers/list.php' page |
April 6, 2021 |
|
|
Exploits / Cross Site Scripting |
SCADA |
| Digitus DN-16048 Camera Remote Configuration Disclosure |
Digitus DN-16048 Camera Remote Configuration Disclosure |
April 6, 2021 |
|
|
Exploits / Client Side |
IOT |
| Y-Cam IP Cameras Denial of service |
Denial of service Y-Cam IP Cameras Exploit |
April 6, 2021 |
|
Windows |
Denial of Service / Remote |
IOT |
| Comba AC2400 Wi-Fi Access Controller Password Disclosure |
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesnt require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext. |
April 6, 2021 |
CVE-2019-15654 |
|
Exploits / Client Side |
IOT |
| ZTE C520V21 smart camera Directory Traversal Vulnerability |
This module exploits a directory traversal vulnerability in ZTE C520V21 smart IP camera |
April 6, 2021 |
CVE-2019-3423 |
Windows |
Exploits / Remote |
IOT |
| Dell KACE Systems Management Appliance (K1000) Unauthenticated RCE |
The KACE Systems Management Appliance (SMA) helps you accomplish these goals by automating complex administrative tasks and modernizing your unified endpoint management approach. This makes it possible for you to inventory all hardware and software, patch mission-critical applications and OS, reduce the risk of breach, and assure software license compliance. So youre able to reduce systems management complexity and safeguard your vulnerable endpoints. |
April 6, 2021 |
|
|
Exploits / Remote |
IOT |
| D-Link ADSL ROUTER DSL-2730U Password Disclosure |
D-Link ADSL ROUTER DSL-2730U Password Disclosure |
April 6, 2021 |
|
|
Exploits / Client Side |
IOT |
| F5 BIG-IP iControl REST API Remote Code Execution Exploit |
This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable |
March 30, 2021 |
CVE-2021-22986 |
Linux |
Exploits / OS Command Injection / Known Vulnerabilities |
Impact |
| Microsoft Exchange Proxylogon Remote Code Execution Vulnerability Exploit |
A combination of a server-side request forgery vulnerability and an arbitrary file write vulnerability, allows unauthenticated attackers to execute commands with SYSTEM privileges in Microsoft Exchange Server. |
March 26, 2021 |
CVE-2021-26855 |
Windows |
Exploits / Remote Code Execution |
Impact |
| Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Exploit Update |
The specific flaw exists within the user-mode printer driver host process splwow64.exe. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges from low integrity and execute code in the context of the current user at medium integrity.
This update improves the reliability and adds support for more patch levels. |
March 19, 2021 |
CVE-2020-0986 |
Windows |
Exploits / Local |
Impact |
| Point of View SCADA/HMI software Remote Code Execution Vulnerability |
This module will listen for HTTP requests from vulnerable clients and queue client side exploits as HTTP responses in an attempt to install an OS agent on the client. |
March 8, 2021 |
|
|
Exploits / Client Side |
SCADAPRO |
| Advantech ActiveDAQ Pro AdvButton.dll Remote Code Execution Vulnerability Exploit |
This module will receive HTTP requests from vulnerable clients and install agents on them. |
March 8, 2021 |
|
|
Exploits / Client Side |
SCADAPRO |
| Yaskawa SigmaWinPlus 7 Remote Arbitrary File Overwrite |
This module will receive HTTP requests from vulnerable clients and install agents on them. |
March 8, 2021 |
|
|
Exploits / Client Side |
SCADAPRO |
| MedDream_Server_PACS_SQLI |
MedDream PACS Server 7.1.1 suffers from Multiple SQL Injection vulnerability.
First unauthenticated injection available on the registration page in parameter 'email', types such as time-based blind and error-based,
but mysql user rights are very limited, attacker can only access the database - information_schema and read columns name in PACS database.
Second injection available for authenticated users on the search page - 'searchExport.php' in parameter 'uid', in this place attacker |
March 8, 2021 |
|
|
Exploits / SQL Injection |
MEDICAL |
| Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure |
Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure |
March 8, 2021 |
|
|
Exploits / Client Side |
IOT |
| Vanderbilt IP-Camera CCPW3025-IR and CVMW3025-IR configuration download |
Vanderbilt IP-Camera CCPW3025-IR and CVMW3025-IR configuration download |
March 8, 2021 |
|
|
Exploits / Client Side |
IOT |
| CC8800-CMTS Info Disclosure |
CC8800-CMTS credential disclosure vulnerability |
March 8, 2021 |
|
|
Exploits / Client Side |
IOT |