This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions,…
>> ARCHIVE: 2019-11
http://inderm.go.th notified by Scrub
Shrew Soft VPN Client 2.2.2 – ‘iked’ Unquoted Service Path
Technicolor TD5130.2 with firmware version OI_Fw_V20 suffers from a remote command execution vulnerability.
Technicolor versions TC7300.B0 through STFA.51.20 suffer from a persistent cross site scripting vulnerability.
Fastweb Fastgate version 0.00.81 suffers from a remote code execution vulnerability.
gSOAP version 2.8 suffers from a directory traversal vulnerability.
Scanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.
Siemens Desigo PX version 6.00 remote denial of service exploit.
An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible…