This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. […]
Transmission – RPC DNS Rebinding
Tags:
0day,
remote exploit
Seagate Personal Cloud – Multiple Vulnerabilities
Tags:
0day,
remote exploit
macOS – ‘process_policy’ Stack Leak Through Uninitialized Field
Tags:
0day,
remote exploit
phpCollab 2.5.1 – Unauthenticated File Upload (Metasploit)
Tags:
0day,
remote exploit
Microsoft Windows – NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Tags:
0day,
remote exploit
Microsoft Windows – NTFS Owner/Mandatory Label Privilege Bypass
Tags:
0day,
remote exploit
Linux/ARM (Raspberry Pi) – Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
Tags:
0day,
remote exploit
http://bet.obec.go.th notified by Sons of Anarchy
Tags:
defacement
Microsoft SharePoint suffers from a Limited Access permission bypass vulnerability.