Gemalto Sentinel License Manager 18.0.1 Directory Traversal
Posted by deepcore under exploit (No Respond)
Gemalto Sentinel License Manager version 18.0.1 suffers from a directory traversal vulnerability.
Archive for June, 2016
op5 7.1.9 Configuration Command Execution
Posted by deepcore under exploit (No Respond)
The configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
[webapps] – phpATM 1.32 – Multiple Vulnerabilities
Posted by deepcore under Security (No Respond)
[remote] – op5 v7.1.9 Configuration Command Execution
Posted by deepcore under Security (No Respond)
[webapps] – phpATM 1.32 – Remote Command Execution (Shell Upload) on Windows Servers
Posted by deepcore under Security (No Respond)
[webapps] – WordPress Gravity Forms Plugin 1.8.19 – Arbitrary File Upload
Posted by deepcore under Security (No Respond)
[webapps] – Vicidial 2.11 – Scripts Stored XSS
Posted by deepcore under Security (No Respond)
DDN SFA Default SSH Keys
Posted by deepcore under exploit (No Respond)
DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.
FibeAir IP-10 Authentication Bypass
Posted by deepcore under exploit (No Respond)
FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named “ALBATROSS” with the value “0-4-11”.
jbFileManager Path Traversal
Posted by deepcore under exploit (No Respond)
jbFileManager suffers from a path traversal vulnerability.