The default SSID and passphrase on the Cisco EPC3925 are derived from the MAC address and the DOCSIS serial number. Since the MAC address of the device is broadcasted via…
>> CATEGORY: exploit
OpenSSHD versions 7.2p2 and below remote username enumeration exploit.
This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters…
WordPress Icegram plugin version 1.9.18 suffers from a cross site request forgery vulnerability.
Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user….
Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is…
Wowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.
The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter ‘accessLevel’ to ‘admin’ gaining…
Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice….
WordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.