>> ARCHIVE: 2017-07

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote…

RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032…

MAWK versions 1.3.3-17 and below are susceptible to a stack-based buffer overflow vulnerability.

RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include…

RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network…

RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032…

WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.

WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.

MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.