Cisco AnyConnect Privilege Escalation

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows […]

October 1, 2020
[webapps] Typesetter CMS 5.1 – 'Site Title' Persistent Cross-Site Scripting

Typesetter CMS 5.1 – ‘Site Title’ Persistent Cross-Site Scripting

[webapps] GetSimple CMS 3.3.16 – Persistent Cross-Site Scripting (Authenticated)

GetSimple CMS 3.3.16 – Persistent Cross-Site Scripting (Authenticated)

[webapps] WebsiteBaker 2.12.2 – 'display_name' SQL Injection (authenticated)

WebsiteBaker 2.12.2 – ‘display_name’ SQL Injection (authenticated)

[webapps] MonoCMS Blog 1.0 – Arbitrary File Deletion (Authenticated)

MonoCMS Blog 1.0 – Arbitrary File Deletion (Authenticated)

[webapps] SpinetiX Fusion Digital Signage 3.4.8 – Cross-Site Request Forgery (Add Admin)

SpinetiX Fusion Digital Signage 3.4.8 – Cross-Site Request Forgery (Add Admin)

[webapps] SpinetiX Fusion Digital Signage 3.4.8 – Username Enumeration

SpinetiX Fusion Digital Signage 3.4.8 – Username Enumeration

[webapps] BrightSign Digital Signage Diagnostic Web Server 8.2.26 – File Delete Path Traversal

BrightSign Digital Signage Diagnostic Web Server 8.2.26 – File Delete Path Traversal

[webapps] SpinetiX Fusion Digital Signage 3.4.8 – Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 – Database Backup Disclosure

[remote] Sony IPELA Network Camera 1.82.01 – 'ftpclient.cgi' Remote Stack Buffer Overflow

Sony IPELA Network Camera 1.82.01 – ‘ftpclient.cgi’ Remote Stack Buffer Overflow