PT-2023-5963 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to the fixed version affected versions not specified Description: A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP...

CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.13C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on an affected device remotely...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 Checking and exploit for CVE-2022-1388...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388-PocExp CVE-2022-1388-PocExp,新增了多线程 Usg...

Microsoft Exchange Server Arbitrary File Write Vulnerability

Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...

Binary Vulnerability in Cisco rv130w

Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...

SaltStack Salt rest_cherrypy ssh_remote_port_forwards Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the sshremoteportforwards parameter, the process do...

PT-2020-6974 · Zeromq +3 · Zeromq +3

Name of the Vulnerable Software and Affected Versions: ZeroMQ versions prior to 4.3.3 Description: An uncontrolled resource consumption flaw, also known as a memory leak, was found in ZeroMQ's src/xpub.cpp. This issue allows a remote unauthenticated attacker to send crafted PUB messages that...

Exploit for CVE-2020-11651

CVE-2020-11651 This is a POC for CVE-2020-11651, which obtain...

Design/Logic Flaw

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

UBUNTU-CVE-2014-3684

The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...

V3 Chat Instant Messenger - mycontacts.php membername Arbitrary User Buddy List Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...

MyBB 1.4.5 Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/34798/info MyBB is prone to multiple security vulnerabilities, including an HTML-injection issue and an unspecified issue. An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser ...

php_address_book authentication SQL injection

SQL Injection vulnerability in PHP Address Book Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

GlassFish Enterprise Server 2.1 - Admin Console sysnetregistration.jsf URI Cross-Site Scripting

GlassFish Enterprise Server 2.1 - Admin Console sysnetregistration.jsf URI Cross-Site Scripting source: https://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input...

EsContacts 1.0 - groupes.php?msg Cross-Site Scripting

EsContacts 1.0 - groupes.php?msg Cross-Site Scripting source: https://www.securityfocus.com/bid/28825/info EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary scrip...

EsContacts 1.0 - search.php?msg Cross-Site Scripting

EsContacts 1.0 - search.php?msg Cross-Site Scripting source: https://www.securityfocus.com/bid/28825/info EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary script...

Informix Long Username Buffer Overflow Vulnerability

NGSSoftware Insight Security Research Advisory Name: Informix Long Username Buffer Overflow Vulnerability Systems Affected: Informix 9.40.xC6 and earlier, 10.00.xC2 and earlier Severity: Critical Vendor URL: http://www.ibm.com/ Author: David Litchfield [email protected] Date of Public...