This Metasploit module exploits a server-side include (SSI) in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config file will be stored in loot once retrieved, and the VALIDATION_KEY option can be set to short-circuit the SSI and trigger the ViewState deserialization.
8a772bb328a333818435b0fb7d18aa9de7efe3438db2021c6e23eafb2146379d
Chrome suffers from a use-after-free vulnerability in USB::OnServiceConnectionError.
af571cd7b73348569916874836e7fa9cbd595fe40acbf341f94227122d3a1e75
Chrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.
8e21afeab54923d3de27189a323803a9161f7809d6877e69a623691087435de9
Mocha for Android suffers from an issue where a call can cause the callee device to send audio without user interaction.
078a2b1dbfd8b4b095b8a8f5aa7337b720212abfd0a23556c214315335c030be
ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.
fa62960bd924cddf506938c32939980f302594aab73a39733f1fa032b8d06b7f
FRITZ!Box versions 7.20 and below suffer from a DNS rebinding protection bypass vulnerability.
f59e4853f424ea55e8c1c1a3dab0047ccbf8355b370da9daa74a1c16ce3910de
HiSilicon Video Encoder suffers from an unauthenticated RTSP buffer overflow vulnerability that can cause a denial of service condition.
054f4279dcc34fbe0b4cdad449a92669a39411bc6a4b267d596b6a41acf1b278
Red Hat Security Advisory 2020-4274-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. Issues addressed include a code execution vulnerability.
1ef42f7638f6920c5f6747fbe4f6004c8c8d8f1a64e67f89d158eca94035a425
Jenkins version 2.63 suffers from a sandbox bypass vulnerability.
ccdda4d633e906d159b3fb007dd5d46967f0b0fc3e8f033a0e07df0b6acc06e4
ReQuest Serious Play F3 Media Server version 7.0.3 suffers from a denial of service vulnerability. The device can be shutdown or rebooted by an unauthenticated attacker when issuing one HTTP GET request.
cf6cb66fd8b400426649eb60f038de9dc52118e329404d5b144fc8cfe1957dff
HiSilicon Video Encoder allows for full administrative access via a backdoor password. Versions affected are vendor specific.
dad3b25e442de546e872a7c92c276c593c79415ddcc20135aeba9dd94bdd1c02
Red Hat Security Advisory 2020-4272-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and buffer overflow vulnerabilities.
29719787a1b0926acad2bfb7e01e582e869c669f6241cc4be24b52b7015b5789
HiSilicon Video Encoder suffers from a remote code execution vulnerability via an unauthenticated upload of malicious firmware. Versions affected are vendor specific.
384e22525b81d6f4822dbfd6fa1cdc9aecf7027e3c101cb17860228413f1a996
ReQuest Serious Play F3 Media Server version 7.0.3 suffers from a debug log disclosure vulnerability. An unauthenticated attacker can visit the message_log page and disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device.
0fbc2cc8b46cbf660401bfc4a29db49857b0c0f434b0de72a2139aea851956e9
HiSilicon Video Encoder suffers from a remote command injection vulnerability. Versions affected are vendor specific.
aafacb19bd515d145364bc7d88da7249a61ab2490442a5ff54b6a6e8292dab6d
ReQuest Serious Play Media Player version 3.0 suffers from an unauthenticated file disclosure vulnerability when input passed through the file parameter in tail.html and file.html script is not properly verified before being used to read web log files. This can be exploited to disclose contents of files from local resources.
465156c9985b8c137b90a25769ac41ad2cef65b909db65c3555fdf2adb71992b
HiSilicon Video Encoder versions up to 1.97 suffer from a path traversal vulnerability that allows for file disclosure.
91b0358f4f356a41132c0c5394b117b7e04588a9da733688c0943a0b218519e3
Chrome suffers from a use-after-free vulnerability in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers.
f869e7e675f674a19dd25b7967b0d30bef64c85fd536bf14e5014c96666164b9
TinyMCE 5 suffers from an html injection vulnerability.
f4606ee42af326a27a988314b90ddeb0afd39eb8873424891cf40300433ed9ce
Online Job Portal version 1.0 suffers from a persistent cross site scripting vulnerability.
fc009528ffd6e562b5280a440b5853a0da6db32d553a271faac90421979a795e
OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities.
4fa6c054c00387a832592e2040a5da296d518180b40ccda03e95e88b581e3a1d
Online Discussion Forum Site version 1.0 suffers from a cross site scripting vulnerability.
a95ccf42f8900f6dc839575525800d5a2904d74707cd7714eba2741d090e0487
Online Student's Management System version 1.0 suffers from a remote shell upload vulnerability.
a16e90fe5b2e6f0e4283f3e44ce290169c288351710dbe90650d33d348316694
A Java deserialization vulnerability exists in the QRadar RemoteJavaScript Servlet. An authenticated user can call one of the vulnerable methods and cause the Servlet to deserialize arbitrary objects. An attacker can exploit this vulnerability by creating a specially crafted (serialized) object, which amongst other things can result in a denial of service, change of system settings, or execution of arbitrary code. This issue was successfully verified on QRadar Community Edition version 7.3.1.6 (7.3.1 Build 20180723171558).
0f8533fd0513dc351a0c6bb51c862f6156842187d3e72a38a9b78ea74a771878
Nagios XI version 5.7.3 suffers from multiple remote SQL injection vulnerabilities.
82b5072b097cfc9ee8e14516de519e5f967e2c631a1db0b0f42f75a586287ae2