GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.
7d48adbe7385fbb2fa16170c86231d41
glFTPd version 2.11a remote denial of service exploit.
04295a11c4a07b213d22cabfafda8897
This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.
91ac1437912ce19fca5580399b1f6625
Red Hat Security Advisory 2021-1213-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
f6142e68f1df84df908f4d4a87b6faa3
Red Hat Security Advisory 2021-1214-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
b0946864ece1ccc1be34e647b1488d32
Red Hat Security Advisory 2021-1197-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
e9e03e4b0233fd765faa0bcd5a79ec44
Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the Horde_Text_Filter library.
dd1588866001ae370f23e0d6ec8d2f71
CITSmart ITSM version 9.1.2.27 suffers from a remote time-based blind SQL injection vulnerability.
3d24d2282ef6f774e3ec4558ad1409d1
Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28 suffers from a remote command execution vulnerability.
43aeccc4d2fcad984b051b4cdbb1583f
Digital Crime Report Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0caf2f815b9b8bcfabd56d4dce51e40c
Ubuntu Security Notice 4906-1 - It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures.
c2e4fcc4e7b04575de37436facddec21
Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
03d4e059484374b7780a14a295e4a837
Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
a76d90d5f2c12f9efc441081adf2aabe
Simple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bfec25b7957828dbd5331e19f7c20a6f
Native Church Website version 1.0 suffers from a remote shell upload vulnerability.
dee64438c491f2610eabc5f7febbf30b
Ubuntu Security Notice 4899-2 - USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.
baaca2f9e7d6c1f8404929e19baf3d8d
vsftpd version 2.3.4 backdoor remote command execution exploit.
accb8a13d15982d8cbc9b5a4c1df898d
PrestaShop version 1.7.6.7 suffers from a remote blind SQL injection vulnerability.
c954154779fef04ad61ce904511a42b9
Ubuntu Security Notice 4896-2 - USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting attacks. Various other issues were also addressed.
e4f2f008e2cdcc1460a0b818e3b91206
Linux kernel version 5.4 BleedingTooth bluetooth zero-click proof of concept remote code execution exploit.
11e39065cefe8b6ef7461c14faa79210
Composr version 10.0.36 suffers from a remote shell upload vulnerability.
735eb24f76261ce2e85c105910c3e39c
This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gogs web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. No mitigation has been implemented so far (latest stable version is 0.12.3). This module has been tested successfully against version 0.12.3 on docker. Windows version could not be tested since the git hook feature seems to be broken.
b94ad9d4b20219eb61069ef797cbb9b2
This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.
4cb5b6740800ce4b96147b406421ff7b
Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel versions prior to 8.4.2.
f2749663416c9f45e752a3213c8cb2d6
Ubuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.
dbdf4b4dd72c03617d13968ae01c2494