The Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.
>> CATEGORY: exploit
Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.
This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be…
PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.
This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
An independent vulnerability laboratory researcher discovered an application-side cross site scripting vulnerability in the Teampass v2.1.25/26 application.
JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in ‘/admin-ajax.php’ script thru the ‘name’ and ‘file’ POST…
Multiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. Version 14.1.0.0 is affected. An attacker can exploit these issues to…
JobScript suffers from an open redirection vulnerability.
ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability…