13 matches found
WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to Arbitrary File Download
Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2022-45368 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 541a2fe842ed Credits Rodrigo Escobar...
Escobar is the new Android banking Trojan we’ve met before
Aberebot, a known Android banking Trojan, has changed its name and returned loaded with new features. First spotted by @MalwareHunterTeam in early March, this mobile variant was renamed "Escobar"—a homage to the Colombian drug baron—and disguised itself as a McAfee app. It went by the package nam...
FreeBSD : Apache httpd -- Path Traversal and Remote Code Execution (d001c189-2793-11ec-8fb1-206a8a720317)
The Apache http server project reports : critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...
Apache httpd -- Path Traversal and Remote Code Execution
The Apache http server project reports: critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...
pr0gramm.com XSS vulnerability
Open Bug Bounty ID: OBB-493997 Description| Value ---|--- Affected Website:| pr0gramm.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based ...
MantisBT XmlImportExport Plugin PHP Code Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability', 'Description' = %q This module exploits a post-auth vulnerability...
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution Exploit
This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses pregreplace function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote...
[DCA-0007] Quick 'n Easy FTP Server v3.2
DCA-0007 Software - Quick 'n Easy FTP Server Vendor Product Description - Quick 'n Easy FTP Server Professional is a multi threaded FTP server for Windows 98/NT/XP and Vista32 bits that can be easily setup even by inexperienced users. New users can be easily created by a wizard which is guiding y...
[DCA-0004] Baby FTP Server DoS
DCA-0004 Software - Baby FTP Server Vendor Product Description - Baby FTP server has only the most necessary features and is yet powerful enough to be a basis for a more complex server Bug Description - The FTP Server can't handle multiple/simultaneous connections leading to Denial-of-Service...
[DCA-0006] Baby ASP Web Server DoS
DCA-0006 Software - Baby ASP Server Vendor Product Description - This program was build as an alternative for Microsoft's IIS. The main goal was to design a simple web server with support for ASP. Setting up Baby ASP Web Server is very easy: copy the executable to a directory of your choice, set...
Dlink WBR-2310 Embedded Web Server 1.04 Denial Of Service
DCA-00014 Software - Dlink WBR-2310 Embedded Web Server Vendor Product Description - The D-Link RangeBooster G WBR-2310 with enhanced 108 features the industrys first default 108Mbps Dynamic Mode that allows clients to always operate at the highest possible speeds while automatically...
Simple Web Server 2.1 Denial Of Service
DCA-0003 Software - Simple Web Server Vendor Product Description - The easy and small way to open an HTTP Web Server. OS Versions:Windows9x/Me/NT/2000/XP Bug Description - SwS can't handle the header 'From:' when using random ASCII characters leading to Denial-of-Service. History - Advisory sent ...
Quick N Easy Web Server 3.3.7 Denial Of Service
DCA-0008 Software - Quick 'n Easy WEB Server Vendor Product Description - Do you want run your own personal webserver or just want to test your ASP/PHP scripts before you upload them to your webhosting server? No problem, Quick n Easy Web Server can handle it! Quick n Easy Web Server for Window...