This Metasploit module exploits a vulnerability in Apache Tomcat’s CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and…
>> ARCHIVE: 2019-07
Serv-U FTP Server – prepareinstallation Privilege Escalation (Metasploit)
Symantec DLP 15.5 MP1 – Cross-Site Scripting
This Metasploit module exploits a vulnerability within the “ghelp”, “help” and “man” URI handlers within Linux Mint’s “ubuntu-system-adjustments” package. Invoking any one the URI handlers will call the python script…
FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the…
CyberPanel version 1.8.4 suffers from a cross site request forgery vulnerability.
FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege…
FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application’s failure to properly sanitize user-supplied input thru the ‘msg’…
SquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.
FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.