Spidermonkey IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusion vulnerabilities.
SuperDoctor5 NRPE Remote Code Execution
SuperDoctor5 implemented a remote command execution plugin in their implementation of NRPE that can be leveraged without authentication.
SAPIDO RB-1732 Remote Command Execution
SAPIDO RB-1732 version 2.0.43 suffers from a remote command execution vulnerability.
WordPress iLive 1.0.4 Cross Site Scripting
WordPress iLive plugin version 1.0.4 suffers from a cross site scripting vulnerability.
WordPress Live Chat Unlimited 2.8.3 Cross Site Scripting
WordPress Live Chat Unlimited plugin version 2.8.3 suffers from a persistent cross site scripting vulnerability.
Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution
Fortinet FCM-MB40 suffers from remote command execution and cross site request forgery vulnerabilities.
BlogEngine.NET 3.3.6 / 3.3.7 path Directory Traversal
BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from a path directory traversal vulnerability.
Nagios XI Magpie_debug.php Root Remote Code Execution
This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.
[remote] Nagios XI 5.5.6 – Magpie_debug.php Root Remote Code Execution (Metasploit)
Nagios XI 5.5.6 – Magpie_debug.php Root Remote Code Execution (Metasploit)
[dos] Mozilla Spidermonkey – IonMonkey 'Array.prototype.pop' Type Confusion
Mozilla Spidermonkey – IonMonkey ‘Array.prototype.pop’ Type Confusion