FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
>> AUTHOR: deepcore
REDDOXX Appliance versions 2032-SP2 up to hotfix 51 suffer from an information disclosure vulnerability.
FaceSentry Access Control System version 6.4.8 credentials used for accessing the web front end are stored unencrypted on the device in /faceGuard/database/FaceSentryWeb.sqlite.
This archive contains all of the 110 exploits added to Packet Storm in June, 2019.
Mac OS X TimeMachine – ‘tmdiagnose’ Command Injection Privilege Escalation (Metasploit)
Centreon 19.04 – Remote Code Execution
This Metasploit module exploits a command injection in TimeMachine on macOS
Linux/ARM64 – Jump Back Shellcode + execve(“/bin/sh”, NULL, NULL) Shellcode (8 Bytes)
Linux/ARM64 – execve(“/bin/sh”, [“/bin/sh”], NULL) Shellcode (48 Bytes)
Linux Mint 18.3-19.1 – ‘yelp’ Command Injection (Metasploit)