Western Digital ShareSpace WEB GUI Detect

Detects the installed version of Western Digital ShareSpace. This script sends an HTTP GET request and tries to ensure the presence of Western Digital ShareSpace SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Change Healthcare Conserus Workflow Intelligence Authentication Bypass Vulnerability

Change Healthcare Conserus Workflow Intelligence application is a diagnostic imaging workflow application for hospitals and health systems from Change Healthcare, USA. An authentication bypass vulnerability exists in the Change Healthcare Conserus Workflow Intelligence application version 2.0.2. ...

CVE-2017-16776

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

Authentication flaw

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...

Code injection

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances...

CVE-2017-3111

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances...

PT-2017-14607 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...

DLink DIR-605L < 2.08 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc Exploit Title: D-Link DIR605L ROUTER=$1 if "$" -ne 1 ; then echo "usage: $0 " exit fi curl http://$ROUTER/Tools/ 0day.today 2018-04-14...

D-Link DIR605L 2.08 Denial Of Service

Exploit Title: D-Link DIR605L ROUTER=$1 if "$" -ne 1 ; then echo "usage: $0 " exit fi curl http://$ROUTER/Tools/...

D-Link DIR-605L &lt; 2.08 - Denial of Service

Exploit Title: D-Link DIR605L ROUTER=$1 if "$" -ne 1 ; then echo "usage: $0 " exit fi curl http://$ROUTER/Tools/...

Trend Micro Control Manager importFile directory traversal

Added: 09/25/2017 BID: 96131 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A directory traversal vulnerability in the importFile.php script allows remote attackers to upload files containing arbitrary PHP script under the document roo...

Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Disk Pulse Enterprise GET Buffer Overflow', 'Description' = %q This module exploits an SE...

Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Disk Pulse Enterprise GET Buffer Overflow', 'Description' = %q This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a...

Moxa AWK-3131A HTTP GET Denial of Service Vulnerability(CVE-2016-8723)

Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of...

Code injection

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...

CVE-2015-4683

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...

Mako Server SSRF / Disclosure / Code Execution

SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt + ISR: ApparitionSec...

Disk Pulse Enterprise GET Buffer Overflow

This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. This module requires Metasploit: https://metasploit.com/download...

WireX DDoS Botnet: An Army of Thousands of Hacked Android SmartPhones

Do you believe that just because you have downloaded an app from the official app store, you're safe from malware? Think twice before believing it. A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Andro...

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...