Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.
>> AUTHOR: deepcore
Noise-Java suffers from an issue located in the AESGCMOnCtrCipherState.encryptWithAd() method defined in AESGCMOnCtrCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the…
The Windows client for Pulse Secure versions prior to 9.1.6 have a TOCTOU bug that allows an attacker to escalate the privilege to NT_AUTHORITYSYSTEM.
ManageEngine Applications Manager authenticated remote code execution exploit that leverages the newInstance() and loadClass() methods being used by the “WeblogicReference”, when attempting a Credential Test for a new Monitor. Versions…
http://www.1tambon1school.go.th/data/-.txt notified by /Rayzky_
Nord VPN-6.31.13.0 – ‘nordvpn-service’ Unquoted Service Path
The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML…
Savsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting
BloodX CMS 1.0 – Authentication Bypass
Daily Tracker System 1.0 – Authentication Bypass