Sun, 20 May 2018 16:16:13 GMT
Oracle Cross Site Scripting
eventreg.oracle.com suffers from a cross site scripting vulnerability.
Sun, 20 May 2018 16:15:00 GMT
Adobe Experience Manager (AEM) Remote Code Execution
Default credentials in Adobe Experience Manager (AEM) versions prior to 6.3 can lead to remote code execution.
Sun, 20 May 2018 16:13:27 GMT
D-Link DSL-3782 Authentication Bypass
D-Link DSL-3782 suffers from an authentication bypass vulnerability.
Sun, 20 May 2018 16:11:48 GMT
Easy MPEG To DVD Burner 1.7.11 Buffer Overflow
Easy MPEG to DVD Burner version 1.7.11 local buffer overflow SEH exploit with DEP bypass.
Sun, 20 May 2018 16:10:29 GMT
Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection
Joomla EkRishta component version 2.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
Sat, 19 May 2018 06:48:01 GMT
mySCADA myPRO 7 Hardcoded Credentials
mySCADA myPRO version 7 has a hardcoded FTP username and password.
Fri, 18 May 2018 17:02:22 GMT
Reliable Datagram Sockets (RDS) Privilege Escalation
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 18.104.22.168-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
Fri, 18 May 2018 14:44:44 GMT
Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting
Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
Fri, 18 May 2018 14:32:22 GMT
HPE iMC 7.3 Remote Code Execution
This Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).
Fri, 18 May 2018 14:02:22 GMT
SAP B2B / B2C CRM Local File Inclusion
SAP B2B / B2C CRM versions 2.x up to 4.x suffer from a local file inclusion vulnerability.
Fri, 18 May 2018 13:22:22 GMT
DynoRoot DHCP Command Injection
DynoRoot DHCP suffers from a client command injection vulnerability.
Fri, 18 May 2018 13:02:22 GMT
Infinity Market Classified Ads Script 1.6.2 Cross Site Request Forgery
Infinity Market Classified Ads Script version 1.6.2 suffers from a cross site request forgery vulnerability.
Fri, 18 May 2018 12:22:22 GMT
Prime95 29.4b8 Stack Buffer Overflow
Prime95 version 29.4b8 SEH buffer overflow exploit.
Fri, 18 May 2018 11:11:11 GMT
Cisco SA520W Security Appliance Path Traversal
Cisco SA520W Security Appliance suffers from a path traversal vulnerability.
Fri, 18 May 2018 08:04:11 GMT
Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting
Multiple Siemens SIMATIC panels suffer from cross site request forgery and cross site scripting vulnerabilities.
Fri, 18 May 2018 08:03:14 GMT
Linux 4-Byte Information Leak
Linux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.
Fri, 18 May 2018 04:44:44 GMT
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.
Fri, 18 May 2018 03:33:33 GMT
SAP NetWeaver Web Dynpro Information Disclosure
SAP NetWeaver Web Dynpro versions 6.4 up to 7.5 suffer from an information disclosure vulnerability.
Thu, 17 May 2018 20:42:59 GMT
Monstra CMS Cross Site Scripting
Monstra CMS versions prior to 3.0.4 suffer from a cross site scripting vulnerability.
Thu, 17 May 2018 20:25:25 GMT
AF_PACKET packet_set_ring Privilege Escalation
This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.
Thu, 17 May 2018 20:20:47 GMT
Intelbras NCLOUD 300 1.0 Authentication Bypass
Intelbras NCLOUD 300 version 1.0 suffers from an authentication bypass vulnerability.
Thu, 17 May 2018 20:18:27 GMT
Nanopool Claymore Dual Miner 7.3 Remote Code Execution
Nanopool Claymore Dual Miner version 7.3 suffers from a remote code execution vulnerability.
Thu, 17 May 2018 20:13:16 GMT
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
Powerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.
Thu, 17 May 2018 20:10:15 GMT
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
SuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.
NodAPS 4.0 Cross Site Request Forgery / SQL Injection
NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.
view page: 209