There exists a command injection vulnerability in the WordPress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wp_db_exclude_table parameter in a POST request to the wp-database-backup page. The names of […]
This Metasploit module exploits inadequate access controls within the Schneider Electric Pelco Endura NET55XX webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.
http://nonthaburi.rid.go.th notified by Z3z3-HaCkEr
Tags:
defacement
Apple Security Advisory 2019-7-23-1 – iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2019-7-23-2 – iTunes for Windows 12.9.6 is now available and addresses code execution and cross site scripting vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2019-7-23-3 – iCloud for Windows 10.6 is now available and addresses code execution and cross site scripting vulnerabilities.
Tags:
Apple,
ios,
osx
WordPress Hybrid Composer plugin version 1.4.6 suffers from an unauthenticated configuration access vulnerability.
Comtrend AR-5310 suffers from a restricted shell escape vulnerability.
Proof of concept instructions to exploit a Docker container escape vulnerability.
BACnet Stack version 0.8.6 suffers from a denial of service vulnerability.