ZTE ADSL ZXV10 W300 Authorization / Disclosure / Backdoor
ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.
ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.
This Metasploit module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the Joomla administrator backend. […]
SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.
The Help Forum on LinkedIn suffered from a cross site scripting vulnerability.
Netwin SurgeFTP server version 23d6 suffers from multiple stored cross site scripting vulnerabilities.
SuperScan version 4.1 suffers from multiple buffer overflow vulnerabilities. Three exploits included.
There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere’s an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used […]
Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.
Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default.