FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - (Add Admin) Cross-Site Request Forgery Vulnerability

Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !-- FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit Vendor: FatPipe Networks Inc. Product web page:...

FatPipe Networks WARP 10.2.2 Authorization Bypass

FatPipe Networks WARP 10.2.2 Authorization Bypass Vendor: FatPipe Networks Inc. Product web page: https://www.fatpipeinc.com Affected version: WARP 10.2.2r38 10.2.2r25 10.2.2r10 10.1.2r60p82 10.1.2r60p71 10.1.2r60p65 10.1.2r60p58s1 10.1.2r60p58 10.1.2r60p55 10.1.2r60p45 10.1.2r60p35 10.1.2r60p32...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation

!/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc. Product web page: https://www.fatpipeinc.com Affected version: WARP / IPVPN / MPVPN 10.2.2r38 10.2.2r25 10.2.2r10 10.1.2r60p82 10.1.2r60p71 10.1.2r60p65 10.1.2r60p58s1...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Exploit

Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc...

Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal Date: 2020-08-22 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Affected version: =3.8.0 CVE: N/A Eibiz i-Media Server Digital Signage 3.8.0 oldfile File Path Traversal Vendor: EIBIZ Co.,Ltd. Produ...

LogicalDOC Enterprise 7.7.4 - Directory Traversal Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

LogicalDOC Enterprise 7.7.4 - User Enumeration Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document...

Sakai 10.7 - Multiple Vulnerabilities

Exploit for java platform in category web applications Sakai 10.7 Multiple Vulnerabilities Vendor: Apereo Foundation Product web page: https://www.sakaiproject.org Affected version: 10.7 Kernel 10.7 Summary: Sakai is a free, community source, educational software platform designed to support...

XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery

Exploit for jsp platform in category web applications XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc:...

XpoLog Center 6 Cross Site Request Forgery

XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from arbitrary command execution. Attackers...

XpoLog Center 6 XSS / CSRF / Open Redirect

XpoLog Center V6 Multiple Remote Vulnerabilities Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from multiple vulnerabilities including...

Manage Engine Application Manager 12.5 - Arbitrary Command Execution

!C:/Python27/python.exe -u Applications Manager 12.5 Arbitrary Command Execution Exploit Vendor: Zoho Corporation Pvt. Ltd. Product web page: https://www.manageengine.com Affected version: 12.5 Summary: ManageEngine Applications Manager is an application performance monitoring solution that...

Applications Manager 12.5 Arbitrary Command Execution Exploit

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

Manage Engine Applications Manager 12 Multiple Vulnerabilities

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...

ManageEngine EventLog Analyzer "j_username"跨站脚本漏洞

ManageEngine EventLog Analyzer是安全信息和事件管理软件。 ManageEngine EventLog Analyzer 8.6及其他版本没有正确过滤event/jsecuritycheck 当设置了"jpassword"后的"jusername" GET参数，这可导致在受影响站点用户浏览器会话中执行任意HTML和脚本代码。 0 ManageEngine EventLog Analyzer 8.6 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

AlgoSec Firewall Analyzer 6.4 Cross Site Scripting

================================================================================================================================================================ AlgoSec Firewall Analyzer Version v6.4 cross-site scripting XSS Vulnerability...

McAfee Email Gateway - Web Administration Broken Access Control

Advisory Name:Web Administration Broken Access Control in McAfee Email Gateway formerly IronMail Vulnerability Class: Broken Access Control Release Date: May 19, 2010 Affected Applications: Secure Mail Ironmail ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local...

McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure

McAfee Email Gateway formerly IronMail - Internal Information Disclosure Advisory Name: Internal Information Disclosure in McAfee Email Gateway formerly IronMail Vulnerability Class: Information Disclosure Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail Ironmail ver.6.7.1 Affecte...