This Metasploit module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without proper validation. This Metasploit module was tested against 4.4.2 […]
LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.
The LastPass domain regex does not handle data and other pseudo-url schemes.
The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force […]
Gr8 Gallery Script suffers from a remote SQL injection vulnerability.
Gr8 Tutorial Script suffers from a remote SQL injection vulnerability.
wifirxpower suffers from local stack-based buffer overflow vulnerability.
EON versions 5.0 and below suffer from a remote code execution vulnerability.
EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.