>> CATEGORY: exploit

ntop-ng versions prior to 3.4.180617 suffer from a deterministic session ID vulnerability.

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials.

An issue was found in openslp version 2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc’s doubly-linked memory chunk list. An exploit…

OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities.

This Metasploit module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter versions 1.0 and 1.1. By constructing a specially crafted WAV file and attempting to convert it…

Enhanced Mitigation Experience Toolkit (EMET) suffers from an XML external entity injection vulnerability.

Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the…

This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.

HongCMS version 3.0.0 suffers from a remote SQL injection vulnerability.