The Windows client for Pulse Secure versions prior to 9.1.6 have a TOCTOU bug that allows an attacker to escalate the privilege to NT_AUTHORITYSYSTEM.
>> CATEGORY: exploit
ManageEngine Applications Manager authenticated remote code execution exploit that leverages the newInstance() and loadClass() methods being used by the “WeblogicReference”, when attempting a Credential Test for a new Monitor. Versions…
The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML…
This archive contains all of the 128 exploits added to Packet Storm in August, 2020.
As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.
Rebar3 versions 3.0.0-beta.3 through 3.13.2 suffer from a command injection vulnerability.
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user….
Mara CMS version 7.5 suffers from a remote code execution vulnerability.
Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.
moziloCMS version 2.0 suffers from a persistent cross site scripting vulnerability.