B&R Systems Diagnostics Manager versions above or equal to 3.00 and below or equal to C4.93 suffer from a cross site scripting vulnerability.
XWorm Trojan version 2.1 suffers from a denial of service condition due to a null pointer vulnerability.
This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This […]
This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This […]
Global Infotech CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
The Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
The Microsoft Windows kernel registry has a SID table poisoning problem that leads to bad locking and other issues.
WEBY version 1.2.5 suffers from a cross site request forgery vulnerability.
The Microsoft Windows kernel allows deletion of keys in virtualizable hives with KEY_READ and KEY_SET_VALUE access rights.
The Microsoft Windows kernel registry virtualization can be incompatible with transactions, leading to inconsistent hive state and memory corruption issues.