February 23, 2019 · exploit
HanYazilim Paper Submission System .NET version 1.0 suffers from a remote shell upload vulnerability.   Read the rest of the entry...
February 23, 2019 · exploit
Quest NetVault Backup Server versions prior to 11.4.5 suffer from process manager service SQL injection and remote code execution vulnerabilities.   Read the rest of the entry...
February 23, 2019 · exploit
Tautulli version 2.1.26 suffers from a cross site scripting vulnerability.   Read the rest of the entry...
February 22, 2019 · exploit
Kanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to disable an account's 2FA configuration. A lack of integrity checking or transport layer encryption enforced on plugins enables remote code execution by a malicious admin. Other vulnerabilities include: session privilege retention, 2FA bypass, database user_id and pre-2FA information disclosure.   Read the rest of the entry...
February 22, 2019 · exploit
Advanced Comment System version 1.0 suffers from a cross site scripting vulnerability.   Read the rest of the entry...
February 22, 2019 · exploit
Teracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities.   Read the rest of the entry...
February 22, 2019 · exploit
VertrigoServ version 2.17 suffers from a cross site scripting vulnerability.   Read the rest of the entry...
February 22, 2019 · exploit
A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.   Read the rest of the entry...
February 22, 2019 · exploit
Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities.   Read the rest of the entry...
February 22, 2019 · exploit
EI-Tube version 3.0 suffers from a remote SQL injection vulnerability.   Read the rest of the entry...