This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user…
This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the…
Ext2Fsd v0.68 – ‘Ext2Srv’ Unquoted Service Path
CMS Made Simple version 2.2.15 suffers from a remote SQL injection vulnerability.
CMS Made Simple version 2.2.15 suffers from a remote shell upload vulnerability.
Winpakpro version 4.8 suffers from multiple unquoted service path vulnerabilities.
SAPSetup Automatic Workstation Update Service 750 suffers from an unquoted service path vulnerability.
Zoom versions 5.4.3 (54779.1115) and 5.5.4 (13142.0301) temporarily shares other application windows not in scope for sharing.
Trojan-Dropper.Win32.Dycler.vrp malware suffers from an insecure permissions vulnerability.
WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.