Subscribe via feed.
Archive for November, 2020

Fortinet FortiOS 6.0.4 Password Modification

Posted by deepcore under exploit (No Respond)

Fortinet FortiOS version 6.0.4 suffers from an unauthenticated SSL VPN user password modification vulnerability.

Gitlab 12.9.0 Arbitrary File Read

Posted by deepcore under exploit (No Respond)

Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.

M/Monit 3.7.4 Privilege Escalation

Posted by deepcore under exploit (No Respond)

M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.

M/Monit 3.7.4 Password Disclosure

Posted by deepcore under exploit (No Respond)

M/Monit version 3.7.4 suffers from a password disclosure vulnerability.

Nagios Log Server 2.1.7 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.

Internet Download Manager 6.38.12 Buffer Overflow

Posted by deepcore under exploit (No Respond)

Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.

Gemtek WVRTM-127ACN 01.01.02.141 Command Injection

Posted by deepcore under exploit (No Respond)

Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.

TestBox CFML Test Framework 4.1.0 Directory Traversal

Posted by deepcore under exploit (No Respond)

TestBox CFML Test Framework version 4.1.0 suffers from a directory traversal vulnerability.

TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution

Posted by deepcore under exploit (No Respond)

TestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.

Sokrates SOWA SowaSQL Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Sokrates SOWA SowaSQL suffers from a cross site scripting vulnerability. The module SOWA.WWW was fixed in version 4.8.16, whereas the module SOWA.OPAC was fixed in version 5.6.2.