124 matches found
Monitorr 1.7.6m / 1.7.7d Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...
Monitorr unauthenticated Remote Code Execution (RCE)
This module exploits an arbitrary file upload vulnerability and achieving an RCE in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this...
M-Files Server 安全漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 22.6.11534.1, prior to 22.6.11505.0, which stems from an error in a parser function. An attacker could exploit the vulnerability to access certain information i...
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for providing PeopleSoft applications with the ability to stay in sync with users' needs and expectations. A security vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools. A low-privileged attacker could log in to the...
CVE-2021-41636
MELAG FTP Server 2.2.0.4 exposes a directory-traversal issue: the CWD command can break out of the FTP server’s root and allow an attacker to operate on the underlying OS, constrained only by the user’s access restrictions. Affected: MELAG FTP Server 2.2.0.4. Root cause: path handling in CWD enab...
PT-2022-3965 · Illumina · Illumina Local Run Manager
Name of the Vulnerable Software and Affected Versions: Illumina Local Run Manager affected versions not specified Description: The issue is related to incorrect code generation management in Illumina Local Run Manager. An unauthenticated malicious actor can upload and execute code remotely at the...
Cisco SD-WAN vManage Software 安全漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco, U.S. An information disclosure vulnerability exists in Cisco SD-WAN vManage Software, which stems from insufficient checks of API authorization to the underlying operating...
Vulnerabilities fixed in Citrix products
Citrix has fixed several vulnerabilities in Citrix SD-WAN, Storefront, Endpoint Management and Gateway Plug-in. The vulnerabilities allow a remote malicious party to cause a Denial-of-Service DoS attack. The vulnerabilities with characteristics CVE-2022-27505 and CVE-2022-27506 are located in...
CVE-2020-14481
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain...
Default credentials
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain...
CVE-2021-36347
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating...
CVE-2021-36301
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...
CVE-2021-36301
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...
Stack overflow
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...
Dell EMC iDRAC9和Dell EMC iDRAC8 缓冲区错误漏洞
DELL Dell EMC iDRAC9 and Dell EMC iDRAC8 are both products of Dell DELL Corporation, U.S.A. The Dell EMC iDRAC9 is a system management solution that includes hardware and software. The Dell EMC iDRAC9 is a hardware and software systems management solution that provides remote management, crash...
Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities
Cause CVE-2021-36299 - An SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. CVE-2021-36300 -...
SearchBlox File Inclusion Vulnerability
SearchBlox is an application from US-based SearchBlox, Inc. Provides a powerful enterprise search architecture for on-premise or cloud deployments. A security vulnerability exists in SearchBlox versions prior to 9.2.2 that allows remote, unauthenticated users to read arbitrary files from the...
Cisco IOS XE SD-WAN Parameter Injection Vulnerability
Cisco IOS XE is an open and flexible operating system optimized for future work. A parameter injection vulnerability exists in Cisco IOS XE versions after 17.3.1. The vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit the vulnerability to gain...
CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
Nedi Consulting NeDi 操作系统命令注入漏洞
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...