Pentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.
0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5e
Adobe Reader X and XI for windows suffers from an out-of-bounds write in CoolType.dll.
94d511f0b5c52532ba8c4998f0ae71bb9ef6d1788cd193c33ea257be138b259f
This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.
a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fb
This Metasploit module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed on the july data leak. This Metasploit module has been tested successfully on vulnerable builds of Windows 8.1 x64.
77f570082717ca7a50c0ff94d4b86df4d4f4ce8665ab76605a5070e55c1c8de3
Microsoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.
55d8209e7983e84bd1e4c26a7391e903dbc491657d32f7b08b0c81b8bfb845bd
Zen Cart version 1.5.4 suffers from code execution and information leakage vulnerabilities.
f8866420a805576431fdb7207fffbcffe85042c52e1e73441a6a07ace4451ca4
Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.
1bb3efe2cbba1438b53a1927c92e2b5311bd0d77bbfc50ad60673508d8670f21
ZeusCart version 4.0 suffers from a remote code execution vulnerability.
c35ab718390825f8b42f8a4a4483a7f60476a0d3121add71c4e3f568df585dda
Kirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.
80c763cf1e6a51e5e12403863882e4c9a30a3f2bb3fed73058ff2d71eab9e308
Anchor CMS version 0.9.2 suffers from cross site scripting and open redirect vulnerabilities.
e345f208ad4f6300729da8e9a40758c596baa7f9ad94e75c290b7ba80e732fac
ZeusCart version 4.0 suffers from a cross site request forgery vulnerability.
771519055f7e723be693a425f66ab32548b118fc59d70388e3cd5e72b4f840e3
ManageEngine EventLog Analyzer version 10.6 build 10060 suffers from a SQL query execution vulnerability.
e43184b3c2e6936208082a4f3f3c97ec7847e32991323e490bc64eafefc58612
ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.
14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93e
WordPress WP-Shop plugin version 3.4.3.18 suffers from a cross site scripting vulnerability.
8e467f8310d520fe065b659a6179c67ab26cf7b583939831ed7067137042878f
ZeusCart version 4.0 suffers from multiple remote SQL injection vulnerabilities.
697b97adaa89ee192ed007e1190e65eff68e799ae2b4593d76df1864548cf546
ZeusCart version 4.0 suffers from a cross site scripting vulnerability.
a49dd4dc54a291a941b5050448afff0a8a1e9910a1cc60b6e4989cf537ec3d2f
WordPress xPinner plugin version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
ded312a6c8bb5a97b7c6f891d95948a49bec9979cbf517dfa78db5d3bbfb8ffd
WordPress ALO EasyMail Newsletter plugin version 2.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
628f45f98d4906b0043d836c1f0551d2cdbdd07a8f25c25fa382bfc7a8c259fe
Openfire version 3.10.2 suffers from an arbitrary local file upload vulnerability.
9bbc2cebd3d2a5c0af9f8145639a60edfc7679671c36818bea30a904f354de53
Openfire version 3.10.2 suffers from a remote file inclusion vulnerability.
42d00b974b618b394bb65bef054e40ef398527d83f5473a5f341a64105097b72
Openfire version Openfire 3.10.2 suffers from a privilege escalation vulnerability.
e257b8429ed4723e276b4a9b5f4b3f5dec2c2b2f76d6cb2dfb0db104e297b19d
Openfire version 3.10.2 suffers from multiple persistent and reflective cross site scripting vulnerabilities.
5e15bc6f2c51349cfedc2d25ff91bba4a25bd06fc746b9b8e10eb08cc281cbbc
This Metasploit module exploits a vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in arbitrary code execution.
36f8f8faabc51c32a42ca6984cb51015bf27ccf94c534e30071de84b20948429
Bolt CMS contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 2.2.4.
15b8b9a8f469ba064abea4de1e391d737d516fe28688c908d479e5b28dde98f9
NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (root:root) are never exposed to the end-user and cannot be changed through any normal operation of the camera.
75afdba7df6115f0fcf582aeaa5d0f0235301fc2dbb1e912b582b5293b9e51f6