The panel for Collector Stealer malware version 2.0.0 stores the login credentials in plaintext in its MySQL database. Third-party attackers who gain access to the system can read the database username passwords without having to crack them offline.
The panel for Collector Stealer malware version 2.0.0 suffers from a man-in-the-middle vulnerability.
Backdoor.Win32.Wisell malware suffers from a remote command execution vulnerability.
Ransomware Builder Babuk malware suffers from an insecure permissions vulnerability.
VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance […]
This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was […]
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability.
Nyron version 1.0 suffers from a remote SQL injection vulnerability.
Simple Chatbot Application version 1.0 suffers from a remote blind SQL injection vulnerability.
Simple Chatbot Application version 1.0 suffers from a remote shell upload vulnerability.