This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 Versions less than 15.00.1497.012, Exchange 2016 CU18 less than 15.01.2106.013, Exchange 2016 CU19 less than 15.01.2176.009, Exchange 2019 CU7 less than 15.02.0721.013, and Exchange 2019 CU8 less than 15.02.0792.010. All components are vulnerable by default.
8d10a6f462db1c384d95aaac3ccd5096fe1f2900acfdd10d4d8f6104dd67ec68
This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in the vulnerable version 5.7.02.5992 and fixed in version 5.7.03.6112.
871b6bdcb75f943757231fe70d369aecb3bf02147c4c50b85ea3a12f3efaabe4
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6b
Red Hat Security Advisory 2021-0974-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, and information leakage vulnerabilities.
a29ebb86ed3f629b8d17d5f63140e16c1e3254c288e5ab8c7b3344fd2d510611
Ubuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Various other issues were also addressed.
9d736803ff838a4b38d74189632d9d5e1263b6ca858ffc30099c29bff930eeab
WordPress GiveWP plugin version 2.9.7 suffers from a cross site scripting vulnerability.
2f1d265e79c7eaa64a20ae14cc63908660ddc40bed2cc83fa9e0a1883c7c9e61
Red Hat Security Advisory 2021-0969-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
62600197f5170a6bcbd846e5630e10c31633441ec2bd1013bf54fa225f98c1c7
Hotel And Lodge Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
6eadb736fd36089f4f95f49dad333b6e33529f15982d6c1afd5212f901360440
Red Hat Security Advisory 2021-0968-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
498bfdf6f243605b23c60f02262cfa9a132f6c3df17ff207aec310f9c0291fcc
Online Reviewer Management System version 1.0 suffers from a remote shell upload vulnerability.
931600f0c2198aabe92c4ee629430b584bb32279014bf70d401b77618509311c
Online Reviewer Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
8e21f9e49ba39ab2bb847e924f6dd81c3c47d9b891363136a77586c7674b04e3
Online Reviewer Management System version 1.0 remote SQL injection exploit that allows for authentication bypass.
e315d26c555a2fabe9dc05d02ab9605cfa32a99a2c65c69366debc6f8bc11edd
Red Hat Security Advisory 2021-0967-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
82eac9cd0241e5d1473edcaec1e7888e56505e6ad2889877e849449b33481844
Elodea Event Collector version 4.9.3 suffers from an unquoted service path vulnerability.
7a4772b7da811c9e6c7afd5162836de884b5cfd2845482eedd36727ff28b18b1
ActivIdentity version 8.2 suffers from an unquoted service path vulnerability.
6a0a03f3dbbca0b8ab4b1f4ae3cbaf9c3150db38b37161503c84b6d72bdf1c70
ELAN Touchpad version 15.2.13.1_X64_WHQL suffers from an unquoted service path vulnerability.
7b0319e02b5e0358556fbaecba643826b73513602e26b12f190df743576cf9e2
Red Hat Security Advisory 2021-0966-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.
04695542ff2db2454580674ed2e327d1db584021c386f9603096d770e07002c6
Hi-Rez Studios version 5.1.6.3 suffers from an unquoted service path vulnerability.
de7c9809806942e28452d915a3d476ac59b3bc5a2c3b9401c1b037a98d6d2218
WordPress Mapplic plugin versions 6.1 and below suffer from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.
e02500fb23125cab72c5a01d30f9c68221e32e43db8056e7244e3f71cfbaf19f
WordPress Mapplic-Lite plugin version 1.0 suffers from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.
63aebb29dd9f961f18b394829e4fd6cacf0cd3e1381f1fe116d97ac3801ff2c1
MyBB version 1.8.25 suffers from a remote SQL injection vulnerability.
0119b2998f019b8c5412b0ca92b7781e14084a1c91c356608140589745767688