Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.
>> ARCHIVE: 2020-03
Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.
Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities.
PHPKB Multi-Language 9 – ‘image-upload.php’ Authenticated Remote Code Execution
PHPKB Multi-Language 9 – Authenticated Remote Code Execution
MiladWorkShop VIP System 1.0 – ‘lang’ SQL Injection
PHPKB Multi-Language 9 – Authenticated Directory Traversal
Enhanced Multimedia Router 3.0.4.27 – Cross-Site Request Forgery (Add Admin)
Revive Adserver versions 5.0.4 and below suffer from bypass and open redirection vulnerabilities.
Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities.
This Metasploit module exploits a Java deserialization vulnerability in the getChartImage() method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64.