[local] Backup Manager Module 3.0.0.99 – 'IScheduleSvc.exe' Unquoted Service Path
Backup Manager Module 3.0.0.99 – ‘IScheduleSvc.exe’ Unquoted Service Path
Tags: 0day, remote exploitBackup Manager Module 3.0.0.99 – ‘IScheduleSvc.exe’ Unquoted Service Path
Tags: 0day, remote exploitBackdoor.Win32.RMFdoor.c malware suffers from bypass and code execution vulnerabilities.
Backdoor.Win32.DarkMoon.a malware suffers from having a weak hardcoded password.
Backdoor.Win32.DarkMoon.a malware suffers from an insecure transit vulnerability.
EgavilanMedia PHPCRUD version 1.0 suffers from a remote SQL injection vulnerability.
Microsoft Exchange 2019 unauthenticated email download exploit.
Backdoor.Win32.Delf.aez malware suffers from a code execution vulnerability.
This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server’s MvcUtil.valueStringToObject() method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x before 12.02 are vulnerable. Tested against 12.01.09045 on Windows Server 2016.
NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.