RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device’s web interface due to an inadequate fix by the vendor.
RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device’s web interface due to an inadequate fix by the vendor.
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.
Fat Free CRM version 0.19.0 suffers from an html injection vulnerability.
This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS.
A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement (OSR) allows the compilation of JITed functions that cause type confusions between arbitrary objects.
This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.
This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with “Use Showtime2” privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class “class.showtime2_image.php” does not ensure that a watermark file […]
Microsoft Visio 2016 16.0.4738.1000 – ‘Log in accounts’ Denial of Service
Tags: 0day, remote exploit