Zortam MP3 Media Studio version 27.60 suffers from a code execution vulnerability.
>> AUTHOR: deepcore
Wonder CMS version 3.1.3 suffers from a persistent cross site scripting vulnerability.
NetSurveillance version 4.02.R11.00000140.10001.131900.00000 allows for an unauthenticated password change when no default security questions are set.
Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.
IBM Tivoli Storage Manager version 5.2.0.1 suffers from a command line administrative interface buffer overflow vulnerability.
This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on…
Vtiger CRM version 7.0 suffers from a persistent cross site scripting vulnerability.
An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp…
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative…
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a “SEID” token that is appended to the…