This Metasploit module exploits a stack buffer overflow in the Cisco RV series router’s SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a […]
College Management System 1.0 – ‘course_code’ SQL Injection (Authenticated)
Tags: 0day, remote exploitRoyal Event Management System 1.0 – ‘todate’ SQL Injection (Authenticated)
Tags: 0day, remote exploitSpring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set […]
A “Creation of Temporary Files in Directory with Insecure Permissions” vulnerability in PrintixService.exe in Printix’s “Printix Secure Cloud Print Management” versions 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the creation of the Installer’s temp.ini file.
An “Incorrect Use of a Privileged API” vulnerability in PrintixService.exe in Printix’s “Printix Secure Cloud Print Management” versions 1.3.1106.0 and below allows a local or remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.
https://area2.kkzone1.go.th/resize-image-class.php notified by AnonCoders
Tags: defacementhttps://area3.kkzone1.go.th/resize-image-class.php notified by AnonCoders
Tags: defacement