UBUNTU-CVE-2019-10104

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration for Tomcat, Jetty, Resin, or CloudBees with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of...

Xymon Daemon Gather Information

This module retrieves information from a Xymon daemon service formerly Hobbit, based on Big Brother, including server configuration information, a list of monitored hosts, and associated client log for each host. This module also retrieves usernames and password hashes from the xymonpasswd config...

CVE-2019-5430

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

CVE-2019-5430

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

CVE-2019-5430

CVE-2019-5430 affects UniFi Video 3.10.0 and earlier. The root cause is a lack of CSRF protection in the Web API, enabling an attacker to cause configuration changes on the server without user consent if an authenticated user visits a malicious page. Multiple connected sources corroborate the iss...

Installation information leak in Eclipse Jetty

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

CVE-2019-0217

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Mitigation This flaw only affects a threaded server...

Unrestricted file upload

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

CVE-2018-20063

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

Xlight FTP Server 3.9.1 - Buffer Overflow Exploit

Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1 Tested on: Windows XP CVE : N/A POC:!/usr/bin/python Vulnerable Software: Xlight F...

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...

CFP Time: Content spoofing on error pages or text injection

Poc: https://www.cfptime.org/%20is%20not%20available%20anymore%20,%20pls%20go%20to%20WWW.EVIL.COM%20because%20this%20site. Steps to reproduce: 1: Just browse this target on any browser 2: Target: http://www.cfptime.org/ 3: add any content after For example: this is not available anymore pls check...

Cross-site scripting vulnerability in Microsoft Dynamics NAV 2013 R2 Web client

Cross-site scripting vulnerability in Microsoft Dynamics NAV 2013 R2 Web client Summary A cross-site scripting vulnerability exists when Microsoft Dynamics NAV 2013 R2 doesn't properly sanitize specially crafted web requests on an affected Dynamics NAV Web client. An authenticated attacker could...

SolarWinds Server Configuration Monitor Detection (Windows SMB Login)

This script detects the installed version of SolarWinds Server Configuration Monitor for Windows. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Qibo CMS station system V7.0 backend file reading vulnerability

Qibo CMS station system is a Guangzhou Qibo Network Technology Co. Qibo CMS system V7.0 backend file reading vulnerability exists. The vulnerability is due to the failure of the user to submit a special string of processing , resulting in directory traversal , an attacker can use the vulnerabilit...

Backup job fails with a SQL VSS Writer error after installing ACT! Software

Article Applicability This article is only applicable to a scenario involving all four of the following: 1. A Backup Job using Application-Aware Processing 2. A Guest OS with ACT! Software Installed 3. This VSS error: Writer's state: VSSWSFAILEDATPREPARESNAPSHOT. Error code: 0x800423f4. 4. This...

Academic Timetable Final Build 7.0 - Information Disclosure

\n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin 2 = ADMIN 3 = 4AC...

CVE-2018-0055

Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge BBE environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded ...

Applayering 4.11- unable to add pvs connector

while adding a pvs connector, we get an error as Failed to validate the Domain User and Password. Check credentials .One or more of the PVS server configuration fields is invalid. Please check your selections...

A valid license server with appropriate licenses needs to be configured before you can start using Citrix Workspace Environment Management

Error "A valid license server with appropriate licenses needs to be configured before you can start using Citrix Workspace Environment Management" whiletrying to launch WEM console...