All Vulnerabilities for blumenau.sc.gov.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| blumenau.sc.gov.br ---|--- Open Bug...

All Vulnerabilities for bomretirodosul.rs.gov.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| bomretirodosul.rs.gov.br ---|--- Open B...

CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

Privilege escalation

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

jph2.net Improper Access Control vulnerability OBB-1237407

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

The vulnerability of the uhttpd function in the embedded operating system OpenWrt allows a hacker to trigger a service failure.

The vulnerability of the uhttpd function in the embedded operating system OpenWrt relates to the execution of operations outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted HTTP POST request to the CGI...

ZenTao Pro 8.8.2 Remote Code Execution

This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. The module first attempts to authenticate to the ZenTao dashboard. It then tries to execute the payload by submitting fake repositories vi...

ZenTao Pro 8.8.2 Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...

bartonbrook.co.uk Cross Site Scripting vulnerability OBB-1230792

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Command injection

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

slingshotcc.com Cross Site Scripting vulnerability OBB-1227878

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Pandora FMS 7.0 NG 7XX Remote Command Execution Exploit

This Metasploit module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 and perhaps older versions in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS...

Pandora FMS 7.0 NG 7XX Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pandora FMS Events Remote Command Execution', 'Description' = %q This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 ...

Pandora FMS Events Remote Command Execution

This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 and perhaps older versions in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the Events feature of Pandora FMS. This flaw...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : coTURN vulnerabilities (USN-4415-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4415-1 advisory. Felix Drre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtai...

lhs1997.rocks Cross Site Scripting vulnerability OBB-1216615

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

EQDKP Plus CMS 2.3.29 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ======================================================================= title: Reflected Cross-Site Scripting XSS Vulnerability product: EQDKP Plus CMS vulnerable version: = 2.3.29 fixed version: 2.3.30 CVE number: - impact: Low homepage:...

EQDKP Plus CMS 2.3.29 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting XSS Vulnerability product: EQDKP Plus CMS vulnerable version: = 2.3.29 fixed version: 2.3.30 CVE number: - impact: Low homepage:...

hbarros.com.br Cross Site Scripting vulnerability OBB-1213229

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...