50 matches found
UBUNTU-CVE-2021-3325
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...
CVE-2020-26131
Issues were discovered in Open DHCP Server Regular 1.75 and Open DHCP Server LDAP Based 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe Regular or the OpenDHCPLdap.exe LDAP Based binary...
PT-2020-16306 · Home · Home Dns Server
Name of the Vulnerable Software and Affected Versions: Home DNS Server version 0.10 Description: An issue was discovered due to insufficient access restrictions in the default installation directory, allowing an attacker to elevate privileges by replacing the HomeDNSServer.exe binary...
PT-2020-16304 · Multithreaded Studios · Open Tftp Server
Name of the Vulnerable Software and Affected Versions: Open TFTP Server multithreaded version 1.66 Open TFTP Server single port version 1.66 Description: The issue is related to insufficient access restrictions in the default installation directory of Open TFTP Server, allowing an attacker to...
PT-2020-14933 · Ghisler · Total Commander
Name of the Vulnerable Software and Affected Versions: Ghisler Total Commander version 9.51 Description: An issue was discovered due to insufficient access restrictions in the default installation directory, allowing an attacker to elevate privileges by replacing the...
UBUNTU-CVE-2014-0175
mcollective has a default password set at install...
FTP Commander Pro 8.03 - Local Stack Overflow
FTP Commander Pro 8.03 - Local Stack Overflow Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor:...
CVE-2019-16913
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kiowarecom" with weak folder permissions granting any user full permission "Everyone: F" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as...
CVE-2017-17835
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...
PYSEC-2019-148
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...
Siemens SIMATIC STEP 7 and WinCC Denial of Service Vulnerability
Siemens SIMATIC STEP 7 TIA Portal and WinCC TIA Portal are both products of Siemens, Germany.Siemens SIMATIC STEP 7 TIA Portal is a programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology, etc. WinCC TIA Portal is a...
CVE-2018-10683
An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that "without a security...
LabF nfsAxe 3.7 - Privilege Escalation
LabF nfsAxe 3.7 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested O...
LabF nfsAxe 3.7 Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested On: Windows 7 x86 and x64 Requires Windo...
LabF nfsAxe 3.7 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested On: Windows 7 x86 and x64 Requires Windo...
Vesta Control Panel 0.9.8-16 Local Privilege Escalation
!/bin/bash Exploit Title: Vesta Control Panel 0.9.7 suid.c PWN Make PWN shell scrip...
SolarWinds Kiwi Syslog Server Elevation of Privilege Vulnerability
SolarWinds network security management software products. The application can be installed on a windows system with the option to select the default security service. The default installation path "C:\Program Files x86" is selected when installing the 32-bit application, which may allow an...
Arris TG1682G Modem - Persistent Cross-Site Scripting
Arris TG1682G Modem - Persistent Cross-Site Scripting Unauth Stored CSRF/XSS - Xfinity Modem alert1" /...
Arris TG1682G Modem - Stored XSS Vulnerability
Exploit for hardware platform in category web applications Unauth Stored CSRF/XSS - Xfinity Modem alert1" / 0day.today 2018-01-01...