An independent vulnerability laboratory researcher discovered an auth bypass vulnerability in the official WebComIndia Content Management System (web-application).
>> AUTHOR: deepcore
Zope Management Interface 4.3.7 – CSRF Vulnerabilities
An independent vulnerability laboratory researcher discovered a remote cross site request forgery issue in the official W150D wireless N 150 ADSL2+ Modem Routers.
An independent vulnerability laboratory researcher discovered a local buffer overflow vulnerability in the official Free Youtube To MP3 Converter v4.0.1 software.
Secure MFT versions 2013 R3, 2014 R1/R2, and 2015 R1 suffer from a cross site request forgery vulnerability.
Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability.
ManageEngine ServiceDesk allows for remote code execution via an arbitrary file upload vulnerability. Builds prior to 9103 are affected.
ZTE GPON F427 and possibly the F460/F600 models suffer from authorization bypass and cleartext password storage vulnerabilities.
The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic…
This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.