Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.
This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative […]
This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.
HongCMS version 3.0.0 suffers from a remote SQL injection vulnerability.
BEESCMS version 4.0 suffers from an add administrator cross site request forgery vulnerability.
DIGISOL DG-HR3400 Wireless Router suffers from a cross site scripting vulnerability.
hycus CMS version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Android suffers from multiple race condition vulnerabilities in the media.metrics service.
Cisco Adaptive Security Appliance suffers from a path traversal vulnerability.
TP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities.