The access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc.
This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands….
jQuery version 1.2 suffers from a cross site scripting vulnerability.
jQuery version 1.0.3 suffers from a cross site scripting vulnerability.
Digital Crime Report Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Trojan.Win32.Jorik.qje malware suffers from an insecure permissions vulnerability.
Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28 suffers from a remote command execution vulnerability.
MariaDB version 10.2 suffers from a command execution vulnerability.
Trojan.Win32.Agent.zfgh malware suffers from an insecure permissions vulnerability.
CITSmart ITSM version 9.1.2.22 suffers from an LDAP injection vulnerability.