ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

CyberArk Enterprise Password Vault 10.7 XML External Entity Injection

Exploit Title: CyberArk XML External Entity XXE Injection in SAML authentication Date: 10/05/2019 Exploit Author: Marcelo Toran @spamv Vendor Homepage: https://www.cyberark.com Version: =10.7 CVE : CVE-2019-7442 -----------Product description The CyberArk Enterprise Password Vault is a privileged...

MySQL -- multiple vulnerabilities

Oracle reports: Please reference CVE/URL list for details...

Foxit Reader <= 8.3.1 Multiple Vulnerabilities - Linux

Foxit Reader is prone to multiple code execution and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

chromium -- multiple vulnerabilities

Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details...

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

rt and dependent modules -- multiple security vulnerabilities

BestPractical reports: Please reference CVE/URL list for details...

GitLab -- Various security issues

GitLab reports: Please reference CVE/URL list for details...

chromium -- multiple vulnerabilities

Google Chrome releases reports: 30 security fixes in this release Please reference CVE/URL list for details...

phpMyAdmin -- multiple vulnerabilities

Please reference CVE/URL list for details...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: Please reference CVE/URL list for details...

Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)

Websockify C Implementation 0.8.0 - Buffer Overflow PoC Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product:...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces multiple security vulnerabilities that were found in Jenkins core. Please reference CVE/URL list for details...

Immunity Canvas: MU

Name| mu ---|--- CVE| CVE-2007-3744 Exploit Pack| CANVAS Description| MacOS X 10.4 mDNSResponder UPNP Remote Root Exploit Notes| CVE Name: CVE-2007-3744 Notes: If the target port is not specified, it will be located automatically. This exploit will attempt to bypass the built-in OS X firewall by...

Immunity Canvas: XOOPS_TINYCONTENT

Name| xoopstinycontent ---|--- CVE| CVE-2007-3237 Exploit Pack| CANVAS Description| Xoops Tinycontent Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Xoops CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3237 CVE Name: CVE-2007-3237...

Immunity Canvas: SITELLITE_REMOTE

Name| sitelliteremote ---|--- CVE| CVE-2007-3228 Exploit Pack| CANVAS Description| Sitellite CMS Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: Sitelliteforge.com CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3228 CVE Name: CVE-2007-3228...

Immunity Canvas: HORDE_EVAL

Name| hordeeval ---|--- CVE| CVE-2006-1491 Exploit Pack| CANVAS Description| Horde Eval Notes| CVE Name: CVE-2006-1491 VENDOR: Horde.org Notes: Try using nc -e /bin/sh as your command and having a nc -vlp Repeatability: Infinite CVE Url: https://vulners.com/cve/CVE-2006-1491 CVSS: 7.5...

Immunity Canvas: UT2004SECURE

Name| ut2004secure ---|--- CVE| CVE-2004-0608 Exploit Pack| CANVAS Description| ut2004 \secure\ Notes| CVE Name: CVE-2004-0608 VENDOR: Epic OSVDBURL: http://www.osvdb.org/7217 Notes: 'This has been tested largely against Windows XP Home.The exploit works regardless of "dedicated" mode.See...