PT-2024-39273 · Cohesive Networks · Cohesive Networks Vns3

Name of the Vulnerable Software and Affected Versions: Cohesive Networks VNS3 affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this issue. The specif...

PT-2024-39272 · Cohesive Networks · Cohesive Networks Vns3

Name of the Vulnerable Software and Affected Versions: Cohesive Networks VNS3 affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this issue. The specif...

PT-2024-39222 · WordPress · Email Obfuscate Shortcode

Name of the Vulnerable Software and Affected Versions: Email Obfuscate Shortcode plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode due to insufficient input sanitization and output...

Ivanti Endpoint Manager GetSQLStatement SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetSQLStatement method. The issue results from the lack of...

Ivanti Endpoint Manager loadKeyboardTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadKeyboardTable method. The issue results from the lack ...

Ivanti Endpoint Manager loadMouseTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadMouseTable method. The issue results from the lack of...

Ivanti Endpoint Manager LoadMotherboardTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the LoadMotherboardTable method. The issue results from the la...

Ivanti Endpoint Manager loadModuleTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadModuleTable method. The issue results from the lack of...

Ivanti Endpoint Manager LoadSlotsTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the LoadSlotsTable method. The issue results from the lack of...

Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the updateAssetInfo method. The issue results from the lack of...

Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetVulnerabilitiesDataTable method. The issue results from...

Ivanti Endpoint Manager loadSystemInfo SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadSystemInfo method. The issue results from the lack of...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and potentially execute commands with Administrator privileges. Abuse is not easy and requires prior authentication a...

Loftware Spectrum 安全漏洞

Loftware Spectrum is an enterprise label printing solution from Loftware, a comprehensive, cloud-based label printing platform for companies of all sizes. A security vulnerability exists in Loftware Spectrum prior to version 4.6, which stems from HF14 that allows authenticated XML external entity...

Microsoft SharePoint SPAutoSerializingObject Deserialization of Untrusted Data Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPAutoSerializingObject class. The issue results from the lack of...

PT-2025-3964 · Sante · Sante Pacs Server Web Portal Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server Web Portal DCM affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this issue. The...

PT-2024-9683 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to a lack of protection for the web page structure in the Search/Node Information Section component of the SolarWinds Platform user interface. This allows a...

PT-2025-3963 · Sante · Sante Pacs Server Web Portal Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server Web Portal DCM affected versions not specified Description: The issue is a denial-of-service vulnerability due to memory corruption in the analysis of DCM files. This vulnerability allows remote attackers to create a...

PT-2024-31733

Name of the Vulnerable Software and Affected Versions: SolarWinds Serv-U affected versions not specified Description: The issue is a directory traversal vulnerability where remote code execution is possible depending on the privileges given to the authenticated user. This problem requires the use...

Varnish Cache CLI File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/tcp/client' require 'metasploit/framework/varnish/client' class MetasploitModule 'Varnish Cache CLI File Read', 'Description' = 'This modul...