URVE Software build version 24.03.2020 suffers from an authentication bypass that allows for remote code execution.
>> CATEGORY: exploit
Philips Hue hubs suffer from a denial of service vulnerability via simple SYN floods.
URVE Software build version 24.03.2020 suffers from a missing authorization vulnerability.
URVE Software build version 24.03.2020 suffers from an information disclosure vulnerability that leaks passwords.
CHMSC Elearning System version 1.0 suffers from a remote SQL injection vulnerability.
SEOPanel version 4.6.0 suffers from multiple cross site scripting vulnerabilities.
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it…
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.
Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.