This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3…
>> ARCHIVE: 2020-05
Gym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were…
VUPlayer version 2.49 .m3u local buffer overflow exploit with DEP and ASLR.
Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability.
This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The…
This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in…
Apple Security Advisory 2020-05-20-1 – Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information to…
http://charoenrat.go.th notified by 1K4lL_*
Online Discussion Forum Site 1.0 – Remote Code Execution