VulnCheck KEV: CVE-2020-26878

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...

MultiPotato - Another Potato to get SYSTEM via SeImpersonate privileges

First of all - credit to @splintercode & @decoderit for RoguePotato as this code heavily bases on it. This is just another Potato to get SYSTEM via SeImpersonate privileges. But this one is different in terms of It doesn't contain any SYSTEM auth trigger for weaponization. Instead the code can be...

Exploit for Incorrect Authorization in Polkit_Project Polkit

polkit-auto-exploit Automatic Explotation PoC for Polkit CVE-2...

CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

CVE-2020-26878

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser Authentication Bypass Add Admin Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time t...

Unfixed XSS vulnerability at www.glosboken.se

Security researcher Uber0n, has submitted on 11/05/2008 a cross-site-scripting XSS vulnerability affecting www.glosboken.se, which at the time of submission ranked 236834 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/05/2008. It is current...