Tag: CVE

Pentest shows Path Traversal in Mirasys Workstation < 5.12.6

During a recent pentest for one of our clients, we discovered a Camera webapplication running on port 9999, exposed to the internet. All applications which are accessible over the internet by anonymous users are interesting targets to possibly gain access to internal networks or linked systems. The webapplication identified as a somewhat older version of…

Lees meer

CVE-2017-6192 APNGDis chunk size descriptor Buffer Overflow

# Exploit Title: APNGDis chunk size descriptor Buffer Overflow # Date: 14-03-2017 # Exploit Author: Alwin Peppels # Vendor Homepage: http://apngdis.sourceforge.net/ # Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ # Version: 2.8 # Tested on: Linux Debian / Windows 7 # CVE : CVE-2017-6192 Here are the first bytes of the PoC; the chunk size descriptor at +0x8 through…

Lees meer