This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in…
>> CATEGORY: exploit
This Metasploit module exploits a race condition vulnerability in Mac’s Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to…
GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.
Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This…
Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.
Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code…