Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the…
>> CATEGORY: exploit
Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.
CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.
ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.
Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.
Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used…
The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.
The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.