Microsoft Outlook Web Access build 15.1.1591 suffers from a remote host header injection vulnerability.
>> CATEGORY: exploit
Cisco IronPort C150 suffers from a remote host header injection vulnerability.
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated,…
DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code…
This Metasploit module abuses a known default password on Cisco UCS Director. The ‘scpuser’ has the password of ‘scpuser’, and allows an attacker to login to the virtual appliance via…
This Metasploit module attempts to gain root privileges by blindly injecting into the session user’s running shell processes and executing commands by calling system(), in the hope that the process…
This Metasploit module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 1.4 and prior. The ktsuss executable is setuid root and does not drop privileges prior…
The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is…
This archive contains all of the 159 exploits added to Packet Storm in August, 2019.
Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability.