CVE-2020-10918

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due t...

C-MORE HMI EA9 Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient...

CVE-2020-15308

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

CVE-2020-15308

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

Sql injection

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

CVE-2020-15308

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

CVE-2020-4436

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902...

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...

CVE-2020-7351 Fonality Trixbox CE Post-Authentication Command Injection

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

Nexus Repository Manager - Java EL Injection RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

Nexus Repository Manager Java EL Injection RCE

This module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. This is a post-authentication vulnerability, so credentials are required to exploit the bug. Any user regardless of privilege level may b...

CVE-2019-19461

Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title...

Cross site scripting

Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title...

CVE-2019-19461

Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title...

CVE-2019-19821

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages...

Critical Netgear Bug Impacts Flagship Nighthawk Router

Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk R7800 hardware running firmware versions prior to 1.0.2.68. The warnings, posted Tuesday, also include two high-severity bugs impacting...

CVE-2019-19383

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command this is exploitable even if logging is disabled...

CVE-2019-19383

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command this is exploitable even if logging is disabled...

Buffer overflow

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command this is exploitable even if logging is disabled...

CVE-2019-19383

Affected software: freeFTPd 1.0.8. The vulnerability is a Post-Authentication Buffer Overflow triggered by a crafted SIZE command, and it is exploitable even when logging is disabled. Root cause described as a buffer overflow due to improper handling of SIZE, allowing control of memory once authe...