Zen Load Balancer 3.10.1 Directory Traversal
Posted by deepcore under exploit (No Respond)
Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability.
Archive for April, 2020
Windscribe 1.83 Build 20 Unquoted Service Path
Posted by deepcore under exploit (No Respond)
Windscribe version 1.83 Build 20 suffers from an unquoted service path vulnerability.
Xeroneit Library Management System 3.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Xeroneit Library Management System version 3.0 suffers from a remote SQL injection vulnerability.
Linux 5.3 Insecure Root Path Handling
Posted by deepcore under exploit (No Respond)
Linux versions 5.3 and above appear to have an issue where io_uring suffers from insecure handling of the root directory for path lookups.
Linux Omitted TID Increment
Posted by deepcore under exploit (No Respond)
Linux has an issue where the SLUB bulk allocation slowpath omits a required TID increment.
NagiosXI 5.6.11 address Remote Code Execution
Posted by deepcore under exploit (No Respond)
NagiosXI version 5.6.11 post authentication address parameter remote code execution exploit.
Symantec Web Gateway 5.0.2.8 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Symantec Web Gateway version 5.0.2.8 post authentication remote code execution exploit.
NagiosXI 5.6.11 start / end / step Remote Code Execution
Posted by deepcore under exploit (No Respond)
NagiosXI version 5.6.11 post authentication start, end, and step parameter remote code execution exploit.
Centreon 19.11 SQL Injection
Posted by deepcore under exploit (No Respond)
Centreon version 19.11 post authentication acl_res_name parameter remote SQL injection vulnerability.
NagiosXL 5.6.11 orderby SQL Injection
Posted by deepcore under exploit (No Respond)
NagiosXL version 5.6.11 post authentication orderby parameter remote SQL injection exploit.