CVE-2017-6868

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...

CVE-2017-6868

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...

Humax HG100R 2.0.6 - Backup File Download Exploit

Exploit for hardware platform in category web applications coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan...

Belden Hirschmann GECKO Server-Side Request Forgery Vulnerability

The Belden Hirschmann GECKO is the lean managed industrial Ethernet switch. A server-side request forgery vulnerability exists in the Belden Hirschmann GECKO switch. The vulnerability stems from the program failing to adequately validate requests. An attacker could exploit the vulnerability by...

Humax HG100R 2.0.6 - Backup File Download

Humax HG100R 2.0.6 - Backup File Download coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan import requests...

Command injection

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in...

Vivotek Network Camera arbitrary file reading and command execution vulnerability

Author: Super viagra the blue cat Within the network there are some Vivotek network camera, as a monitor. Direct access to the 80 port of the Web service, the Configure - maintenance - import/export file to export the configuration file, get a contains etc folder of the tar package. From a...

WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal Vulnerability

WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability. Details ================ Software: Photo Gallery Version: 1.3.34,1.3.42 Homepage: https://wordpress.org/plugins/photo-gallery/ Advisory report:...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Sender Parameter Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...

CVE-2017-9741

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

CVE-2017-9741

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

CVE-2017-9741

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

[SECURITY] Fedora 26 Update: sudo-1.8.20p2-1.fc26

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Foscam camera remote command injection vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a remote command injection vulnerability in the modelName in the /mnt/mtd/app/config/ProductConfig.xml file. By installing the ProductConfig.xml file in...

[SECURITY] Fedora 24 Update: sudo-1.8.20p2-1.fc24

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

[SECURITY] Fedora 25 Update: sudo-1.8.20p2-1.fc25

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Plaintext password vulnerability in multiple Moxa products

Moxa OnCell G3110-HSPA and so on are products of China Moxa Moxa, of which OnCell G3110-HSPA is an industrial-grade IP gateway and OnCell 5104-HSPA is an industrial-grade cellular router. A plaintext password vulnerability exists in multiple Moxa products that stems from passwords being stored in...

U.S. Dept Of Defense: Exposed FTP Credentials on ███████

Summary: An exposed configuration file leaks FTP credentials to a DoD server. Description: The config file hosted onftp://█████████/pub/misc/FTP███████Sign.exe.config exposes a username █████████ and associated password ███████. These are valid credentials for the FTP server operating on...

Huawei HedEx Lite Cross-Site Scripting Vulnerability

Huawei HedEx Lite is a document management software from Huawei China. A cross-site scripting vulnerability exists in versions prior to Huawei HedEx Lite V200R006C00. A remote attacker can exploit this vulnerability to embed malicious scripts into the device's configuration file and interfere wit...