This Metasploit module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint….
>> ARCHIVE: 2017-03
LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.
The LastPass domain regex does not handle data and other pseudo-url schemes.
The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which…
Gr8 Gallery Script suffers from a remote SQL injection vulnerability.
Gr8 Tutorial Script suffers from a remote SQL injection vulnerability.
wifirxpower suffers from local stack-based buffer overflow vulnerability.
EON versions 5.0 and below suffer from a remote code execution vulnerability.
EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.