Fuze Patches TPN Handset Vulnerabilties

Fuze, a maker of popular enterprise-grade voice-over-IP handsets, earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication. The issues were made public today by researchers at Rapid7 who privately disclosed the flaws on April 12...

[SECURITY] Fedora 25 Update: glpi-9.1.5-1.fc25

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 26 Update: glpi-9.1.5-1.fc26

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)

Exploit Title: Barracuda Load Balancer Firmware 'Barracuda Load Balancer Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Load Balancer Firmware Version = v6.0.1.006 2016-08-19 by exploiting a vulnerability in the web administration interface. By sending ...

CVE-2017-1000030

Oracle, GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface...

Cross site scripting

Oracle, GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface...

CVE-2017-1000030

Removed by vendor...

Emby MediaServer Password Reset Vulnerability

Emby is a media server. A password reset vulnerability exists in Emby MediaServer. An attacker can exploit the vulnerability to gain unauthenticated and unauthorized access to the Emby MediaServer administration interface...

TrueConf Multiple Vulnerabilities (Jan 2017)

TrueConf is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

TrueConf Server 4.3.7 - Multiple Vulnerabilities

TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities Vendor: TrueConf LLC Product web page: https://www.trueconf.com Affected version: 4.3.7.12255 and 4.3.7.12219 Summary: TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially...

Expression Engine 3.4.2: Code Reuse Attack

RIPS Analysis The analysis with RIPS took about 4 minutes. Overall, the code of Expression Engine seems to be very robust. Still our analysis results point out some vulnerabilities. RIPS detected mainly possibilities for a malicious user to embed HTML and JavaScript code via the administration...

Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)

Eir D1000 Wireless Router - WAN Side Remote Command Injection Metasploit =begin Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection Date: 7th November 2016 Exploit Author: Kenzo Website: https://devicereversing.wordpress.com Tested on Firmware version: 2.00AADU.520150909...

Synology DiskStation Manager (DSM) Web Administration Interface Default Credentials

The web administration interface for the Synology DiskStation Manager DSM application running on the remote host uses a default blank password for the administrator account. A remote attacker can exploit this to gain administrative access to the web interface. C Tenable Network Security, Inc...

NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution

The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as ro...

Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)

Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Web Application Firewall 'Barracuda Web Application Firewall %q This module exploits a remote command execution vulnerability in the Barracuda Web Application Firweall firmwar...

Barracuda Web App Firewall 8.0.1.008Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)

Barracuda Web App Firewall 8.0.1.008Load Balancer 5.4.0.004 - Authenticated Remote Command Execution Metasploit 3 Exploit Title: Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit 3 Date: 07/28/16 Exploit Author: xort [email protected] Vendor Homepage:...

Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)

Exploit Title: Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit 2 Date: 07/25/16 Exploit Author: xort [email protected] Vendor Homepage: https://www.barracuda.com/ Software Link: https://www.barracuda.com/products/loadbalance &...

Bellini/Supercook Wi-Fi Yumi SC200 Information Disclosure / Code Execution

Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities Reported By: ================================== James McLean - Primary: james dot mclean at gmail dot com Secondary: labs at juicedigital dot net Device Overview: ================================== From...

Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)

Exploit Title: Barracuda Spam & Virus Firewall Post Auth Remote Root Exploit Date: 07/21/16 Exploit Author: xort [email protected] Vendor Homepage: https://www.barracuda.com/ Software Link: https://www.barracuda.com/landing/pages/spamfirewall/ Version: Spam and Virus Firewall 'Barracuda Spam...

Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)

Exploit Title: Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit Date: 07/21/16 Exploit Author: xort [email protected] Vendor Homepage: https://www.barracuda.com/ Software Link: https://www.barracuda.com/products/loadbalance &...