Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET ‘came_from’…
>> CATEGORY: exploit
This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested…
This Metasploit module exploits a stack based buffer overflow in Watermark Master 2.2.23 when processing a specially crafted .WCF file. This vulnerability could be exploited by a remote attacker to…
An independent vulnerability laboratory researcher discovered an auth bypass vulnerability in the official WebComIndia Content Management System (web-application).
An independent vulnerability laboratory researcher discovered a remote cross site request forgery issue in the official W150D wireless N 150 ADSL2+ Modem Routers.
An independent vulnerability laboratory researcher discovered a local buffer overflow vulnerability in the official Free Youtube To MP3 Converter v4.0.1 software.
Secure MFT versions 2013 R3, 2014 R1/R2, and 2015 R1 suffer from a cross site request forgery vulnerability.
Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability.
ManageEngine ServiceDesk allows for remote code execution via an arbitrary file upload vulnerability. Builds prior to 9103 are affected.
ZTE GPON F427 and possibly the F460/F600 models suffer from authorization bypass and cleartext password storage vulnerabilities.