Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352
This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.
2512d7b1edc015bac56416ba2dcdd6270221ff0334fb6e455fe43015d981b8ba
QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998
Dell EMC Isilon OneFS suffers from incorrect authorization, cross site request forgery, and path traversal vulnerabilities.
d370d6ca7380127f4ee9a10cf1e94c01b4a479767738e0f423d758f610c85187
Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.
59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025ba
Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.
96d4f6a74a820b941b3d27b4014182f1cacb7fd773eb0e70d29238ade9b5878d
CYBSEC Security Advisory - A cross site scripting vulnerability was found in Blackberry WebDektop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered if a logged-in user follows a specially crafted link, executing malicious Javascript code on the user's browser.
425100c93bdabb1ce32e4448daf3a93ed9596972d3ee05c2e2f14c674f1aeeac
InterScan Web Security Virtual Appliance version 5.0 suffers from a permanent cross site scripting vulnerability.
d60343329b98b29fcbff997e59b730f730f821f2e44103c45085db4e6f514328
InterScan Web Security version 5.0 suffers from an arbitrary file download vulnerability.
d58d5d356f23e4da6f88b89f43c49c252c7555e0f48e9d6bb1b3c1eda549cbbd
InterScan Web Security version 5.0 suffers from an arbitrary file upload vulnerability.
1684dc5cae0527fe6847d9f58a2654f77852efe94ac6037b475eab45d6b8ec4d
InterScan Web Security version 5.0 suffers from a local privilege escalation vulnerability.
c03b30071efd39649f473633d9b056d835c22798ac9cb37e2ec1d2cd7d8e9c18
CYBSEC Security Advisory - FreePBX version 2.5.1 suffers from a remote SQL injection vulnerability.
026a6ed661d4917cd101f28c3c89107f8112ab835545d2385cac3dd86544ac06
CYBSEC Security Advisory - FreePBX versions 2.5.x and 2.6.0 suffer from a cross site scripting vulnerability.
452c894fb6c851fac787cbcde557d463faf00c09e38dec9c28edc93085a55a4e
CYBSEC Security Advisory - FreePBX 2.5.x suffers from an administrator password disclosure vulnerability.
4eac1feb91df50fe5ea5e6a1c29031fbf8f9ec53203e14bb9fe5d26f08eb8801