ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to […]
F5 BIG-IP version 16.0.x suffers from an iControl REST remote code execution vulnerability.
Latrix version 0.6.0 suffers from a remote SQL injection vulnerability.
Company Crime Tracking Software version 1.0 suffers from a persistent cross site scripting vulnerability.
phpPgAdmin version 7.13.0 suffers from an authenticated command execution vulnerability.
School Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.
School Registration and Fee System version 1.0 suffers from persistent cross site scripting vulnerabilities.
ScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.
This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt’s REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the master, including custom grain modules in the Extension Module […]
This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API’s /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.