WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by CODE WHITE GmbH in WordPress Plugin W3 Total Cache versions = 2.9.1...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

PoC exploit for CVE-2023-27532, a vulnerability in Veeam Backup...

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Recent assessments: sfewer-r7 at March 14, 2023 2:49pm UTC reported: On March 7, 2023, Veeam...

Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.

Impact This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. Patches Patched in ...

Researcher Discloses Critical RCE Flaws In Cisco Security Manager

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager CSM a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The development comes after Code White researcher Florian Hauser frycos yesterday public...

CVE-2015-6576: Deserialisation Resulting in Remote Code Execution Vulnerability

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface...

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...

Symantec Endpoint Protection Multiple Vulnerabilities

Exploit for multiple platform in category remote exploits Code White found several vulnerabilities in Symantec Endpoint Protection SEP, affecting versions 12.1 prior to 12.1 RU6 MP1. SEP Manager SEPM: CVE-2015-1486: Authentication Bypass CVE-2015-1487: Arbitrary File Write CVE-2015-1488: Arbitrar...