This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
12d01f78d7c81ffd50f6373629755cb8DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.
106d6376bfe42cd1d4a6aa71f7885eaaDAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.
71241e8b0dd14c1b51e8708854a79e80DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.
168863215252aa9df18b7fb2768cce78Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.
051e029f16764feddeb7a0590f43de8eInim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.
04f17bebbbf0986a1f927de3cebd3ef5Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.
f21751ca54479762c2e2bdb3358bab9dInim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.
fa5b04b87f4f1fdd3b909cfc78a8b51dWordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.
e04e112fcfa436f18ef05c4933998c2cOracle Siebel Sales version 8.1 suffers from a persistent cross site scripting vulnerability.
e51ac3fef4c785e1fff5e0fc2bd40700Alcatel-Lucent Omnivista 8770 suffers from a remote code execution vulnerability.
0f7cc26132500939004bd71ceacd597fSnipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.
ab654a127618deb61eec45dcac220261PRO-7070 Hazir Profesyonel Web Sitesi version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
791eab6baad5a9a9903848ffb987623dSpotAuditor version 5.3.2 Base64 local buffer overflow SEH exploit.
67c769fde0bc2d49be93a7f6690b9476Proof of concept exploit that demonstrates a Microsoft Windows 10 UAC bypass for all executable files which are autoelevate true.
be518251e625f0ce8b117adc6513daf5This is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.
32076a29fcf91fd367322669891704a7OkayCMS versions 2.3.4 and below suffer from remote code execution vulnerability.
ac48925812fe6df9cf4011ec5409f36dSiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
d41da44b8c24a9290a4500079e64ac00SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
e1039e826a6e95e90bc983b83ebc51feYachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability.
ca74a5272a744f07e91607ab0200e00aTrend Micro Deep Security Agent 11 suffers from an arbitrary file overwrite vulnerability.
679cae457bfcd23467151f2a07ff694fIntegard Pro NoJs version 2.2.0.9026 suffers from a remote buffer overflow vulnerability.
a2fb460aecb7da8b7638b7121d90da78Verot version 2.0.3 suffers from a remote code execution vulnerability.
6739d5e2efeb9ae98d493066bae7aa08Microsoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants.
695c9907241fa97e0fd828f91598f381Omron PLC version 1.0.0 suffers from a denial of service vulnerability.
caee586bf9984f567775c95b30789db6
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed