DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp.
>> CATEGORY: exploit
WordPress article2pdf plugin versions 0.24 and above suffer from resource exhaustion, arbitrary file download, and file deletion vulnerabilities.
RedTeam Pentesting discovered that the shell function “getopt_simple”, as presented in the “Advanced Bash-Scripting Guide”, allows execution of attacker-controlled commands.
Apache CouchDB version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution.
Meeplace Business Review Script suffers from a remote SQL injection vulnerability.
Matri4Web Matrimony Web Script suffers from multiple remote SQL injection vulnerabilities.
Inout Article Base CMS suffers from a remote SQL injection vulnerability.
Many WordPress themes and a plugin suffer from open redirection vulnerabilities. Age-Verification plugins version 0.5 is affected. Themes affected include Ev version 1.x, Nine-Day version 1.6, Aibbt version 1.0, itiis…
Netartmedia Vlog System suffers from a remote SQL injection vulnerability.