HomeMatic Zentrale CCU2 suffers from an unauthenticated remote code execution vulnerability.
b4f6a0c88899f62f3f28993af5b88a42122c638c13259600aa79b07025590e42
This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet
3d8c5a206e655ffc1020ae9dc72f79a8470fd65b1714a8754570a275ba8cf2ad
This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.
438a7961adff6a24e2b4c17fe41509049358ceda89125f0c70d6808fa38a4266
ManageEngine Exchange Reporter Plus versions 5310 and below suffer from a remote code execution vulnerability.
aaf220225312288ebbab182773feec9a1d00a8bb7d1f6bbb88d336cecfe3291c
GitBucket version 4.23.1 suffers from remote code execution and arbitrary file read vulnerabilities.
6ffd9bc57428e103c842345d3420be4640d0f4e31753a4d916974caffdc9c31a
GitList version 0.6 unauthenticated remote code execution exploit.
0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13
This Metasploit module exploits a remote code execution vulnerability that exists in GitStack versions through 2.3.10, caused by an unsanitized argument being passed to an exec function call. This Metasploit module has been tested on GitStack version 2.3.10.
cab234e294c5341ce9967a663c67c38cbd0d00a9c7657d94c2711d9cf5ea275f
GitStack version 2.3.10 suffers from an unauthenticated remote code execution vulnerability.
a91155d4a07456c807cade69e73f702f36305cb7310a3f143e16efc9df4976ca
Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.
b8d3a063ba3bd0344ed7822ba4e9550c9ff3a801bd5d1a0414ce83b2fc913254
Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability.
aee069f51577df77fc6d3c899ca3c89aa1f4c3de9f2251ed8ac15f6a9b582141
This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
890ea76a03a7ffc9458899b7ae1381272680a62d4a6c1693ff6dec23f6adde77
QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
e4e12a638d7f717f67ffad95e2b0629cfc618118c243ffb76a043bd3e7b2a344
Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.
01adb10edf42c5c531eefc99d7226ee312a57ead81179ddea9469321e3875f5e
CyberGhost version 6.0.4.2205 suffers from a privilege escalation vulnerability.
3d456168ce5d0ad622591b8fbcb579cf29a2e73fe676d5c92b32fcb45d530172
ShadeYouVPN.com client for Windows version 2.0.1.11 suffers from a local privilege escalation vulnerability due to executing any file path sent through a socket without verification as the SYSTEM user.
4a1d749997a869365fd98d3654f05cc09d6ad345727c1afd4cfe6d7ca72b2a50
IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.
185ca326d2cd94de8b1329af37794cc1820633da437111c56654fc5ab4c827e5
Viscosity for Windows version 1.6.7 suffers from a privilege escalation vulnerability. It is possible to execute openvpn with a custom dll as SYSTEM using ViscosityService because the path is not correctly validated.
1e165f6606a232bfd4cc34a34c68a7346cb59ed704cf1caf321ea02cee78ab3e
WD My Cloud Mirror version 2.11.153 suffers from remote command execution and authentication bypass vulnerabilities.
b6e6e9435d35488c27f70634c1ba1c1a4fb0d74f1203dc7d4d19ef05043a7baf
SentryHD version 02.01.12e suffers from a local privilege escalation vulnerability.
f64b81388f410459aa468ccb0864c1de86969cc8d0c7e9c102fc5f96b967e82c
WordPress WP Support Plus Responsive Ticket System plugin version 7.1.3 suffers from a privilege escalation vulnerability.
e1a6d29a3a7d1a6dc4415808a242a113b2856f60bb4ffc8561fc238e458bd0fb
AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.
cd2c80f0f2e023291ed5e53db6d2e1c91a7f1528bc8a646f1cb9183d97851883
WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.
ec522491360ef2eea63aba812282511dbf4434f0517e72db396d11d570822b22
e107 CMS version 2.1.2 suffers from a privilege escalation vulnerability.
73baba47c53c160ce7de24af40be1871e0c32ae23b42c9e50a5f1ec9f610bac5
Dolphin version 7.3.0 suffers from an error-based remote SQL injection vulnerability.
3f7601ff61e6c2a8e66c765afa277832197db4eb3fe1136bd295b5ff8d0e6de3
Tiki Wiki CMS version 15.0 suffers from an arbitrary file download vulnerability.
3b5608b99ef2780f0968f1088b711658cbefed9cd86aea883493a210051eea05