>> CATEGORY: exploit

In wolfSSL versions prior to 5.5.1, malicious clients can cause a buffer overflow during a resumed TLS 1.3 handshake. If an attacker resumes a previous TLS session by sending a…

Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS,…

This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly…

ERP Sankhya versions 4.13.x and below suffer from a cross site scripting vulnerability.

Dinstar FXO Analog VoIP Gateway version DAG2000-16O suffers from a persistent cross site scripting vulnerability.

ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, and ZMM suffer from a missing authentication vulnerability. Versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210) are potentially affected.