46 matches found
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager EPM, including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale...
Palo Alto Expedition 1.2.91 Remote Code Execution
class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...
Exploit for SQL Injection in Paloaltonetworks Expedition
CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Inject...
Exploit for Use of Hard-coded Credentials in Solarwinds Web_Help_Desk
CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential...
Traccar 5.12 Remote Code Execution
class MetasploitModule 'Traccar v5 Remote Code Execution CVE-2024-31214 and CVE-2024-24809', 'Description' = %q Remote Code Execution in Traccar v5.1 - v5.12. Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability CVE-2024-24809 and an unrestricted...
Exploit for OS Command Injection in Ivanti Cloud_Services_Appliance
CVE-2024-8190: Ivanti Cloud Service Appliance Authenticated Co...
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance CSA has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 CVSS score: 7.2, which allows remote code execution under certain circumstances. "An OS command...
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order C...
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command Inj...
GHSA-42Q7-95J7-W62M Mautic is vulnerable to XSS vulnerability
Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...
Exploit for SQL Injection in Fortinet Forticlient_Enterprise_Management_Server
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerab...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
CVE-2023-43208 - Mirth Connect Remote Code Execution RCE Exp...
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiClientEMS may allow a...
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Technical specifics and a proof-of-concept PoC exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403...
Exploit for Authentication Bypass by Primary Weakness in Progress Openedge
CVE-2024-1403 Progress OpenEdge Authentication Bypass An explo...
Exploit for Path Traversal in Jenkins
Jenkins CVE-2024-23897 PoC A proof-of-concept PoC for CVE-2...
Mirth Connect 4.4.0 Remote Command Execution Exploit
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...
Mirth Connect Deserialization RCE
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer MFT software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4....