CASAP Automated Enrollment System version 1.0 suffers from a persistent cross site scripting vulnerability.

CASAP Automated Enrollment System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Richard Jones.

Backdoor.Win32.Noknok.50 malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.Jokerdoor malware suffers from an insecure permissions vulnerability.

Library System version 1.0 suffers from a remote SQL injection vulnerability.

Trojan.Win32.Xocry.ff malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.Wollf.16 malware creates and runs a service named contime.exe with SYSTEM integrity and listens on port 5240. The malware uses a weak hardcoded password of 12345678 which can easily be…

This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content…

This Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint.

Backdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.