This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don’t adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows…
>> CATEGORY: exploit
OXATIS 2017 suffers from a cross site scripting vulnerability.
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the…
Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.
Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
SquirrelMail versions 1.4.22 and below suffer from a remote code execution vulnerability.
The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory.
This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise version 9.5.12, caused by improper bounds checking of the request path in HTTP…
This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager…