CVE-2019-20886

An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin...

CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin...

CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

CVE-2019-20886

An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin...

Nextcloud: External storage app saves password for all users in the database

External storage filesexternal app save passwords of all users to database table "occredentials" even when "Log-in credentials, save in database" option is not used. It's a security risk that allow password extraction of all users. A local system admin that has access to database and nextcloud...

Sangoma FreePBX Command Execution Vulnerability

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A security vulnerability exists in FreePBX versions 13, 14, and 15 and in the System Admin sysadmin module prio...

Verodin Director Web Console 3.5.4.0 Password Disclosure

Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure Exploit

Exploit for jsp platform in category web applications Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link :...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...

CVE-2019-14220

CVE-2019-14220 affects BlueStacks 4.110 and earlier on macOS, and 4.120 and earlier on Windows. A vulnerability in a system service call allows a local attacker to read arbitrary files with SYSTEM privileges by passing a file name to the affected method inside the Android VM used by BlueStacks, e...

CVE-2019-9708

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user root, causing all users to be locked out from the system...

CVE-2018-15611

CVE-2018-15611 describes an elevation-of-privilege vulnerability in the Avaya Aura Communication Manager’s local system administration component. An authenticated, privileged local user can gain root privileges on affected systems. Affected versions include 6.3.x and all 7.x releases before 7.1.3...

Design/Logic Flaw

IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390...

CVE-2017-1092

IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390...

Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)

Multiple vulnerabilities exists in Kaseya Virtual System Administrator. These vulnerabilities includes privilege escalation to "Master Admin" and multiple remote code execution vulnerabilities. Successful exploitation of these vulnerabilities could lead to remote execution of arbitrary code under...

[SECURITY] Fedora 20 Update: denyhosts-2.6-29.fc20.1

DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack...

[SECURITY] Fedora 19 Update: denyhosts-2.6-28.fc19.1

DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack...

Modern Honeypot Network

Modern Honeypot Network Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. Honeypot Deployed sensors with intrusion detection software installed: Snort, Kippo, Conpot, and Dionaea...