7654 matches found
WoltLab Community Gallery - Persistent Cross-Site Scripting
WoltLab Community Gallery - Persistent Cross-Site Scripting Vulnerability title: Community Gallery - Stored Cross-Site Scripting vulnerability Product: Community Gallery Vendor: https://www.woltlab.com Affected version: Community Gallery 2.0 before 12/10/2014 Download link:...
GeniXCMS 0.0.1 Cross Site Scripting
GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP...
GeniXCMS 0.0.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and...
GeniXCMS 0.0.1 - Multiple Vulnerabilities
GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate...
Persistent Systems Radia Client Automation Command Execution (CVE-2015-1497)
A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...
Untangle NGFW 9 / 10 / 11 XSS / Code Execution
Multiple issues have been discovered in the Untangle NGFW virtual appliance. The vendor was unresponsive and uncooperative to the researcher. - Persistent XSS leading to root Authentication requiredConfirmed in versions 9 and 11 up to rev r39357 Throughout the Untangle user interface there are...
Persistent Systems Client Automation Command Injection RCE Exploit
Exploit for windows platform in category remote exploits Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly HP, now...
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution Metasploit Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly...
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: 7.9, 8.1, 9.0, 9.1 Tested on: Windows XP,...
HP Client Automation Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Client Automation Command Injection', 'Description' = %q This module exploits a command injection vulnerability on HP Client...
HP Client - Automation Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Client Automation Command Injection', 'Description' = %q This module exploits a command injection vulnerability on HP Client...
HP Client Automation Command Injection
This module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon radexecd.exe, which doesn't authenticate execution requests by default. This module has been tested...
Encryption and Silence Can be Targets' Best Assets
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy...
Ebay Magento Script Insertion
Document Title: =============== Ebay Inc Magento Bug Bounty 5 - Persistent Validation & Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...
NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware
The U.S. National Security Agency NSA may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and...
CVE-2015-1498
Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to 1 enumerate user accounts via a getUsers request, 2 assign a role to a user account via an addAssigneesToRole request, 3 remove a role from a user account via a...
Command injection
radexecd.exe in Persistent Systems Radia Client Automation RCA 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465...
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation RCA 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465...
CVE-2015-1498
Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to 1 enumerate user accounts via a getUsers request, 2 assign a role to a user account via an addAssigneesToRole request, 3 remove a role from a user account via a...
CVE-2015-1497
CVE-2015-1497 affects Persistent Systems Radia Client Automation (RCA) and its radexecd.exe component. A remote, unauthenticated attacker can send a crafted request to TCP port 3465/TCP to execute arbitrary commands with the privileges of the radexecd process. Affected RCA versions include 7.9, 8...