Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...

CVE-2020-6208

SAP Business Objects Business Intelligence Platform Crystal Reports, versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution...

Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden...

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.3.1) +28 more potentially affected by CVE-2020-9402 via django (>=2.2.0 <=2.2.10)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.26 - django-smorest =0.1.3 - djangorestframework-simplejwt-captcha =1.1.4 - djpub =0.0.1 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-36...

The vulnerability in the web interface for managing the Cisco Unity Connection integrated messaging system allows a hacker to re-write files in the basic file system.

The vulnerability in the web interface for managing the Cisco Unity Connection integrated messaging system exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to re-write files in the...

TP LINK TL-WR849N - Remote Code Execution

Exploit Title: TP LINK TL-WR849N - Remote Code Execution Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/Firmware Version: TL-WR849N 0.9.1 4.16 Tested on: linux, windows CVE : CVE-2020-93...

reblog

Defeating a Laptop's BIOS Password We found a laptop laying a...

PT-2020-6523 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to 0.28.0 Description: The issue is related to errors in processing hyperlinks in the ingress-nginx controller in a Kubernetes cluster. This can be exploited by a remote attacker to gain access to create, modify, ...

CVE-2013-3323

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access...

Privilege escalation

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access...

CVE-2013-3323

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access...

CVE-2013-3323

Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903)

Summary Fixes a vulnerability reported in the libexpat parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files as well as parsing soap requests. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a...

Code injection

The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basicwebmail" permission to read arbitrary users' email addresses...

CVE-2020-5318

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are...

CVE-2020-5318

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are...

Authentication flaw

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are...

CVE-2020-5318

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are...