CVE-2018-0141

A vulnerability in Cisco Prime Collaboration Provisioning PCP Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by...

Stored cross-site scripting vulnerability in FineCMS core\M_Controller.php file

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A stored cross-site scripting vulnerability exists in the FineCMS core\MController.php file. The vulnerability is due to the default situation in the FineCMS message board does not handle the input...

Multiple Remote Vulnerabilities in Geovision IP Camera Devices

Geovision is a Taiwan-based company specializing in the innovative research and development of digital security surveillance systems, providing customers with intelligent applications and the most cost-effective surveillance solutions based on the core technologies of image capture, image analysi...

CVE-2018-1196

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...

Symlink Privilege Escalation

spring-boot-loader-tools is vulnerable to symlink privilege escalation attacks. The runuser can overwrite and take over ownership of any file on the system by using a symlink attack. The application must be installed as a service and the runuser must have shell access in order to successfully...

OTRS 5.0.x6.0.x - Remote Command Execution

OTRS 5.0.x6.0.x - Remote Command Execution Exploit Title: OTRS Shell Access Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE...

OTRS 5.0.x/6.0.x - Remote Command Execution Vulnerability

Exploit for perl platform in category web applications Exploit Title: OTRS Shell Access Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE :...

Arbitrary Code Write Vulnerability in SeaCMS admin/admin_weixin.php File

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. An arbitrary code write vulnerability exists in the admin/adminweixin.php file in SeaCMS version v6.5.8, which can be exploited by an attacker...

D-Link DSL-6850U Router Remote Command Execution Vulnerability

The D-Link DSL-6850U is a wireless router product from AUO D-Link. The D-Link DSL-6850U router is vulnerable to remote command execution. As the router has a remote web management service enabled by default, a default credential support:support exists for this service and cannot be disabled. An...

CVE-2017-12340

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

osCommerce 2.3.4.1 - Arbitrary File Upload Exploit

Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link: https://www.oscommerce.com/Products&Download=oscom2...

The vulnerability of the Altum router’s microprogramming software relates to the use of pre-installed user accounts, which allow attackers to gain access to the embedded operating system with administrator privileges.

The vulnerability of the Altum router microprogramming system is related to the use of a pre-installed root account. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to the embedded operating system with administrator privileges using SSH or Telnet connections...

osCommerce 2.3.4.1 - Arbitrary File Upload

Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link: https://www.oscommerce.com/Products&Download=oscom234 Version: 2.3.4.1, 2.3.4 - Other...

osCommerce 2.3.4.1 - Arbitrary File Upload

osCommerce 2.3.4.1 - Arbitrary File Upload Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link:...

D-Link DGS-1500 Ax RCE Vulnerability

D-Link DGS-1500 Ax devices before 2.51B021 are vulnerable to remote code execution RCE. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

F5 Networks BIG-IP : Linux kernel vulnerability (K05513373)

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a /dev/sg device...

IDEMIA MorphoSmart 1300 Series device certificate import module privilege acquisition vulnerability

IDEMIA formerly Morpho MorphoSmart 1300 Series a.k.a. MSO 1300 Series devices are fingerprint identification devices from IDEMIA formerly Morpho, France. certificate import component is one of the certificate import components. The certificate import component is one of the certificate import...

MitraStar DSL-100HN-T1/GPT-2541GNAC Privilege Escalation

Exploit Title: Privilege escalation MitraStar routers Date: 28-10-2017 Exploit Author: j0lama Vendor Homepage: http://www.mitrastar.com/ Provider Homepage: https://www.movistar.com/ Models affected: MitraStar DSL-100HN-T1 and MitraStar GPT-2541GNAC HGU Software versions: ES113WJY0b16 DSL-100HN-T1...

CVE-2017-15909

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...

CVE-2017-15909

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...