Fire Web Server Pre-Alpha version suffers from a denial of service vulnerability.
KiteService 1.2020.618.0 Unquoted Service Path
KiteService version 1.2020.618.0 suffers from an unquoted service path vulnerability.
OpenEMR 5.0.1 Remote Code Execution
OpenEMR version 5.0.1 suffers from a remote code execution vulnerability.
Windscribe 1.83 Unquoted Service Path
Windscribe version 1.83 suffers from an unquoted service path vulnerability.
NetPCLinker 1.0.0.0 Buffer Overflow
NetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit.
Bolt CMS 3.7.0 Authenticated Remote Code Execution
This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7.
[webapps] Reside Property Management 3.0 – 'profile' SQL Injection
Reside Property Management 3.0 – ‘profile’ SQL Injection
[webapps] Victor CMS 1.0 – 'user_firstname' Persistent Cross-Site Scripting
Victor CMS 1.0 – ‘user_firstname’ Persistent Cross-Site Scripting
BSA Radar 1.6.7234.24750 Cross Site Scripting
BSA Radar version 1.6.7234.24750 suffers from a persistent cross site scripting vulnerability.
NETGEAR R6700v3 Password Reset / Remote Code Execution
This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and […]