Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
055664930200e432744c2fe93d040213de69b2cc7bd67a68df70afa259bd9b24
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
a259836c2010557736c6c674d0ca15f441385152927583f06374e38fb067306f
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
9ceffe5b49bd3badfd5ead7c79b69103e029d8dd57cc256606f884dc51678833
Relate learning and teaching system versions prior to 2024.1 suffer from a persistent cross site scripting vulnerability.
3a5eecac3aca18d20a7a031bd440baad2966d7f4f2e4228a13dd171b4d91f376
Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day.
d03a8781f559271cf9b0357b2f4175728dea72a07e8c80018aea6ad57dd5005c
This is a scanning script to validate vulnerable Palo Alto OS systems for the recent zero day command injection vulnerability.
598a7a82abf19bafc0d92036ceedf6035be85e2bd71ac504bb9370863336dd2b
pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.
841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377
Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434
Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
32edf47bda897a0471a7ffbf6db742832e71820e9d55f2a6b95b5e7a897a6cc8
The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate permissions can read the password. This behavior also increases the risk that database passwords will be intercepted by an attacker during transmission in the server response. Many types of vulnerabilities, such as broken access controls, cross site scripting and weaknesses in session handling, could enable an attacker to leverage this behavior to retrieve the passwords.
70e6691798348933f72079d525b978bc0517e5c1f2d9ac8b96813c23d1234685
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.
fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5a
GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.
0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9c
WordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
44b6783873b84d60c9427dd76b9a98383fd7f993964765bebb0b876b91c1beda
BMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.
3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7
Kruxton version 1.0 suffers from a remote SQL injection vulnerability.
9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cd
Kruxton version 1.0 suffers from a remote shell upload vulnerability.
eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4
WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.
18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897b
AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.
d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901
PrusaSlicer versions 2.6.1 and below suffer from an arbitrary code execution vulnerability.
b34aa624a28c8476e02d0d03c7e6f3acee3206fcd6fe6d3cee5190899b172c4e
Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.
e3ce711f4b8356d012259f34f7f227e8907a46d0f7af6bb3c35ce4c0de5a0e57
Django REST Framework SimpleJWT versions 5.3.1 and below suffer from an information disclosure vulnerability.
0cf9167770cb06a14b145bf5a24a5c6ad91da1a8ea53c6113587115ec0fc17a4
Jenkins version 2.441 suffers from a local file inclusion vulnerability.
bd541e95b84e90dc4cbb0bfe35af5cd5870fc359b6d836f3a3eb70857003a87a
OpenClinic GA version 5.247.01 suffers from an information disclosure vulnerability.
2ff76ee23f3646bb23d72691d3d4f6a113f1d03e2ad22824d2636988ff0294f6
OpenClinic GA version 5.247.01 suffers from an authenticated path traversal vulnerability.
0a16a99fea8a81ce4ac5a7f2ff88ffe98623e591f76c35f5e7c3d8893490aef0
Online Fire Reporting System version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9342b7d21282ed54ce4702c6cda7276732332887ecb951f160125d0470ad7553