Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...

SwiftTerm Code Injection vulnerability

Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Credit These...

GHSA-JQ43-Q8MX-R7MQ SwiftTerm Code Injection vulnerability

Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Credit These...

Caucho Resin Path Traversal Vulnerability (CVE-2004-0281) - Active Check

Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...

ifwatchd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ifwatchd Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the...

reSIProcate 1.10.2 Heap Overflow Exploit

Exploit for multiple platform in category dos / poc CVE ID: CVE-2018-12584 TIMELINE Bug report with test code sent to main reSIProcate developers: 2018-06-15 Patch created by Scott Godin: 2018-06-18 CVE ID assigned: 2018-06-19 Patch committed to reSIProcate repository: 2018-06-21 Advisory first...

reSIProcate 1.10.2 - Heap Overflow

reSIProcate 1.10.2 - Heap Overflow ''' CVE ID: CVE-2018-12584 TIMELINE Bug report with test code sent to main reSIProcate developers: 2018-06-15 Patch created by Scott Godin: 2018-06-18 CVE ID assigned: 2018-06-19 Patch committed to reSIProcate repository: 2018-06-21 Advisory first published on...

Cisco Firepower and FireSIGHT Multiple Vulnerabilities

According to its self-reported version, the Cisco Firepower Threat Defense Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include'compat.inc'; if description...

Mozilla Firefox ESR < 60.1

The version of Firefox ESR installed on the remote Windows host is prior to 60.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-16 advisory. - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major...

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Vulnerability

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway suffer from a privilege escalation vulnerability. Rockwell Automation RSLinx Classic versions 3.90.01, 3.73.00, 3.72.00, and 2.58.00 are susceptible. Rockwell Automation FactoryTalk Linx Gateway version 3.90.00 is susceptible. Rockwe...

Rockwell Automation RSLinx Classic / FactoryTalk Linx Gateway Privilege Escalation

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway Privilege Escalation Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01 Rockwell Automation RSLinx Classic 3.73.00 Rockwell Automation...

Mozilla Thunderbird < 52.8

The version of Thunderbird installed on the remote Windows host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues...

Juniper Junos VPLS Routing MPLS Packet Handling mbuf Exhaustion Remote DoS (JSA10855)

According to its self-reported version number, the remote Junos device is affected by a denial of service vulnerability. TRUSTED...

Cisco IOS Software Quality of Service Remote Code Execution Vulnerability

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

According to its self-reported version, the remote Cisco Web Security Appliance WSA device is affected by a FTP authentication bypass vulnerability, due to inccorect validation of credentials. A remote attacker could potentially log into the FTP server without a valid password. TRUSTED...

PHP 5.6.x < 5.6.32 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid104631;...

Cisco IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability

According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Cisco IOS Software DHCP Remote Code Execution Vulnerability

According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...