ElasticSearch 1.6.0 – Arbitrary File Download
>> AUTHOR: deepcore
ElasticSearch 1.6.0 – Arbitrary File Download
WinRar < 5.30 beta 4 – Settings Import Command Execution
An independent vulnerability laboratory researcher discovered a client-side url redirect web vulnerability in the official PayPal Inc Notify online service web-application.
WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability.
Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from a command injection vulnerability.
Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.
Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8…
Proof of concept exploit code for the Linux Rowhammer DRAM privilege escalation vulnerability.
This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default “guest” account can execute SQL queries…