VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a password.
IObit Malware Fighter version 9.2 fails to provide sufficient anti-tampering protection and that shortcoming can be leveraged to escalate to SYSTEM privileges.
Multi-Language Hotel Management 2022 version 1.0 suffers from a remote SQL injection vulnerability.
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will […]
This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.
This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.
uftpd versions 2.7 through 2.10 suffer from an authenticated directory traversal vulnerability.
uftpd versions 2.7 through 2.10 suffer from an authenticated directory traversal vulnerability.
Crime Reporting System version 1.0 suffers from a remote SQL injection vulnerability.
WordPress SeatReg plugin version 1.23.0 suffers from an open redirection vulnerability.