SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt.
>> CATEGORY: exploit
Gila CMS version 1.11.8 suffers from a remote SQL injection vulnerability.
TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability.
This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista’s bash shell, and a TACACS+ read-only account to achieve privilege escalation.
Netgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.
OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities.
OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities.
Sysax MultiServer version 6.90 suffers from a cross site scripting vulnerability.