Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt.
Backdoor.Win32.Visiotrol.10 malware suffers from an insecure password storage vulnerability.
Backdoor.Win32.FTP.Simpel.12 malware suffers from a man-in-the-middle vulnerability.
The Windows Explorer Preview Pane feature allows for spoofing of links contained in an HTML based file because upon moving the mouse over the link nothing happens and it cannot be right-clicked to show the actual target.
Backdoor.Win32.FTP.Simpel.12 malware uses MD5 with no salt for password storage.
Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected.
This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.
Accu-Time Systems MAXIMUS version 1.0 telnetd buffer overflow exploit that causes a denial of service condition.
WBCE CMS versions 1.5.1 and below suffer from an administrative password reset vulnerability.
phpKF CMS version 3.00 Beta y6 unauthenticated remote code execution exploit.