This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server’s MvcUtil.valueStringToObject() method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server…
NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance,…
The way Microsoft Windows implements file security appears to have some significant shortcomings.
rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution.
rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution.
ManageEngine ADSelfService Plus 6.1 – CSV Injection
In4Suit ERP 3.2.74.1370 – ‘txtLoginId’ SQL injection
WebSSH for iOS 14.16.10 – ‘mashREPL’ Denial of Service (PoC)
Visual Studio Code 1.47.1 – Denial of Service (PoC)
WordPress Plugin Stop Spammers 2021.8 – ‘log’ Reflected Cross-site Scripting (XSS)