NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file ‘config.gz’ or ‘config.pcpx’ that contains the unencrypted data file ‘conf.pcpn’, can…
>> ARCHIVE: 2018-01
Sync Breeze Enterprise 9.5.16 – ‘Import Command’ Buffer Overflow (Metasploit)
HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 – Guest to Host Escape
GoAhead Web Server 2.5 < 3.6.5 – HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
RAVPower 2.000.056 – Root Remote Code Execution
Professional Local Directory Script 1.0 – SQL Injection
Flexible Poll 1.2 – SQL Injection
RSVP Invitation Online 1.0 – Cross-Site Request Forgery (Update Admin)
Hardcore SAP Penetration Testing