BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution.
BlogEngine.NET 3.3.6/3.3.7 – ‘theme Cookie’ Directory Traversal / Remote Code Execution
BlogEngine.NET 3.3.6/3.3.7 – ‘dirPath’ Directory Traversal / Remote Code Execution
Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities.
RedwoodHQ version 2.5.5 suffers from an authentication bypass vulnerability.
This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.
Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities.
When a Microsoft Word “.docx” File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present…
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged…
This Metasploit module exploits a command execution vulnerability in AROX School-ERP. “import_stud.php” and “upload_fille.php” do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore…