HomeMatic Zentrale CCU2 suffers from an unauthenticated remote code execution vulnerability.
b4f6a0c88899f62f3f28993af5b88a42122c638c13259600aa79b07025590e42This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet
3d8c5a206e655ffc1020ae9dc72f79a8470fd65b1714a8754570a275ba8cf2adThis Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.
438a7961adff6a24e2b4c17fe41509049358ceda89125f0c70d6808fa38a4266ManageEngine Exchange Reporter Plus versions 5310 and below suffer from a remote code execution vulnerability.
aaf220225312288ebbab182773feec9a1d00a8bb7d1f6bbb88d336cecfe3291cGitBucket version 4.23.1 suffers from remote code execution and arbitrary file read vulnerabilities.
6ffd9bc57428e103c842345d3420be4640d0f4e31753a4d916974caffdc9c31aGitList version 0.6 unauthenticated remote code execution exploit.
0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13This Metasploit module exploits a remote code execution vulnerability that exists in GitStack versions through 2.3.10, caused by an unsanitized argument being passed to an exec function call. This Metasploit module has been tested on GitStack version 2.3.10.
cab234e294c5341ce9967a663c67c38cbd0d00a9c7657d94c2711d9cf5ea275fGitStack version 2.3.10 suffers from an unauthenticated remote code execution vulnerability.
a91155d4a07456c807cade69e73f702f36305cb7310a3f143e16efc9df4976caNetgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.
b8d3a063ba3bd0344ed7822ba4e9550c9ff3a801bd5d1a0414ce83b2fc913254Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability.
aee069f51577df77fc6d3c899ca3c89aa1f4c3de9f2251ed8ac15f6a9b582141This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
890ea76a03a7ffc9458899b7ae1381272680a62d4a6c1693ff6dec23f6adde77QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
e4e12a638d7f717f67ffad95e2b0629cfc618118c243ffb76a043bd3e7b2a344Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.
01adb10edf42c5c531eefc99d7226ee312a57ead81179ddea9469321e3875f5eCyberGhost version 6.0.4.2205 suffers from a privilege escalation vulnerability.
3d456168ce5d0ad622591b8fbcb579cf29a2e73fe676d5c92b32fcb45d530172ShadeYouVPN.com client for Windows version 2.0.1.11 suffers from a local privilege escalation vulnerability due to executing any file path sent through a socket without verification as the SYSTEM user.
4a1d749997a869365fd98d3654f05cc09d6ad345727c1afd4cfe6d7ca72b2a50IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.
185ca326d2cd94de8b1329af37794cc1820633da437111c56654fc5ab4c827e5Viscosity for Windows version 1.6.7 suffers from a privilege escalation vulnerability. It is possible to execute openvpn with a custom dll as SYSTEM using ViscosityService because the path is not correctly validated.
1e165f6606a232bfd4cc34a34c68a7346cb59ed704cf1caf321ea02cee78ab3eWD My Cloud Mirror version 2.11.153 suffers from remote command execution and authentication bypass vulnerabilities.
b6e6e9435d35488c27f70634c1ba1c1a4fb0d74f1203dc7d4d19ef05043a7bafSentryHD version 02.01.12e suffers from a local privilege escalation vulnerability.
f64b81388f410459aa468ccb0864c1de86969cc8d0c7e9c102fc5f96b967e82cWordPress WP Support Plus Responsive Ticket System plugin version 7.1.3 suffers from a privilege escalation vulnerability.
e1a6d29a3a7d1a6dc4415808a242a113b2856f60bb4ffc8561fc238e458bd0fbAbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.
cd2c80f0f2e023291ed5e53db6d2e1c91a7f1528bc8a646f1cb9183d97851883WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.
ec522491360ef2eea63aba812282511dbf4434f0517e72db396d11d570822b22e107 CMS version 2.1.2 suffers from a privilege escalation vulnerability.
73baba47c53c160ce7de24af40be1871e0c32ae23b42c9e50a5f1ec9f610bac5Dolphin version 7.3.0 suffers from an error-based remote SQL injection vulnerability.
3f7601ff61e6c2a8e66c765afa277832197db4eb3fe1136bd295b5ff8d0e6de3Tiki Wiki CMS version 15.0 suffers from an arbitrary file download vulnerability.
3b5608b99ef2780f0968f1088b711658cbefed9cd86aea883493a210051eea05
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed