VMware Cloud Director version 10.5 suffers from an authentication bypass vulnerability.
aa2016d4a29081d33539e9bdd7cc84da6d05dd8194b6a641aca62c33d9daf9e5
Karaf version 4.4.3 suffers from a remote code execution vulnerability.
2f400975f659ce2b1411ab5f0648a7b24fbc5ff13c60a27cd18e2461d40bfd86
OSGi versions 3.7.2 and below suffer from a remote code execution vulnerability.
b58312b3c9ef3414d27ca17e2db9d015ffcd0263ed95cd4c31a69f65fd99f59d
OSGi versions 3.8 through 3.18 suffer from a remote code execution vulnerability.
f497ebf8b35afe62aa891bf6ce65680f2ac452e845456b06776d98729a31b50d
NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.
e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
Human Resource Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Abdulhakim Oner in March of 2023.
fe2afefb91ff4eaa074c0f4b68fb13bdd541d5861e3a3b9d46706cb51d0cc9e0
Numbas versions prior to 7.3 suffer from a remote code execution vulnerability.
e0195e7e21a5182d8c8267f498108059037a2956810cf1cbc5880c33a370d809
Sitecore version 8.2 suffers from a remote code execution vulnerability.
bb3d70849315ed8ba0c15b23acace7c5306c6747aad0652046ed829b77617644
Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.
13a86908b0179fbc89ec6afba2a1ff200d2d4e963318afddcb2f12582423ca11
Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.
72378386669ae9759edcef742e72bbceb8bebb4fef342a5fb8f58cf8290dd75a
WordPress Duplicator plugin versions prior to 1.5.7.1 suffer from an unauthenticated sensitive data exposure vulnerability that can lead to account takeover.
14448881a372208b90c6168cf1256892d8c4d6b6d3e1676dcb7526051d81afc8
RUPPEINVOICE version 1.0 suffers from a remote SQL injection vulnerability.
2701252b167dc0643eea0b84f5eb8444d2b066ddad3f7542ce0b126ade721018
WordPress Hide My WP plugin versions 6.2.9 and below suffer from an unauthenticated remote SQL injection vulnerability.
33f5fa64f551c4a29625c510ca5f542be8dc039807964ef77f7aca808db3a3bf
DataCube3 version 1.0 suffers from a remote shell upload vulnerability.
a5ca9dcfc24b6607634b3ccc91b9b2cf12ca8ba0a229101f9e74e14975448d9a
Akaunting versions 3.1.3 and below suffer from a remote command execution vulnerability.
8d4933e0c1b3efde90f0ca90ae286fa4036671aa25168b79c0dd977756a0f6b1
Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.
3cfc580881d74cff8068b880201aeb809919ad954eac8b5a50b277411adaa510
There exists a buffer overflow vulnerability in the TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request.
1ffb14b7cc151eb147dfc888b64259bdf2c04d3a6a304b037e87c8e84424acb5
MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.
ec43188752263df8468c0d1efaa74c0c5834d7a2469f132a2cf3841157e23944
Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not be accessible from an external context. An attacker can access private address ranges, locally listening services, and cloud instance metadata APIs.
f06f89665ccf4436395e34e316f44542fe2c8e5818e1b20f6b1def5ff8cf0c48
FullCourt Enterprise version 8.2 suffers from multiple cross site scripting vulnerabilities.
fb84d6d2742c62baaef0300444804dccd4f9822a3ed05a712c9990f000275ecf
NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.
937864e92a9493aa55230c661e22af5ba23fc573b0d4f507979622c61443310b
GliNet with firmware version 4.x suffers from an authentication bypass vulnerability. Other firmware versions may also be affected.
9e410e03b3bd4618426fd89f2dff470200407bdec2f93eaee59126f9738230f6
Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
0693c2ce363baaef7b371443418fb29623edc052f8d82f02eea207672f271e4b
The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.
4e458aef9f797d0714e86e3cbbbe7fdd8225fa1b68b23cd60a66a992d28a4eb5
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630