EUVD-2017-15923

Malware in sbrugna...

CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper...

PT-2025-12973

Name of the Vulnerable Software and Affected Versions CrushFTP versions 10.0.0 through 10.8.3 CrushFTP versions 11.0.0 through 11.3.0 Description The vulnerability in CrushFTP is related to improper authentication, allowing remote and unauthenticated HTTP requests to gain unauthorized access. Thi...

CVE-2023-44424

D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

PT-2023-8308 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...

New Muhstik Botnet Attacks Target Tomato Routers

A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...

TrendMicro node.js http server arbitrary command execution vulnerability

Trend Micro is a global leader in network security software and services, leading the trend from desktop antivirus to network server and gateway antivirus with excellent foresight and technological innovation capabilities, and proving Trend Micro's foresight and leadership to the industry with it...

Oracle Application Express (Apex) Detection

The remote host is running Oracle Application Express Apex. ---------------------------------------------------- c Recx Ltd 2009-2012 http://www.recx.co.uk/ Oracle Application Express Detection on HTTP ports Version 1.1 ---------------------------------------------------- include"compat.inc"; if...

Simple Web Server 2.2-rc2 - ASLR Bypass

Simple Web Server 2.2-rc2 - ASLR Bypass use IO::Socket; Exploit Title: SWS 2.2-rc2 - Remote code execution Egghunting + ASLR bypass Date: 28/8/2012 Special Regards to Mr.pr0n ,Corelan team , immunity u guys are first !!! based on a POC by MR. Pr0n Author: pole Tested on Windows 7 32bit NOTE : If...

MongoDB Detection (MongoDB Wire Protocol)

MongoDB Wire Protocol based detection of MongoDB. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zenoss Server Version Detection

This script detects the installed version of Zenoss Server and sets the result in KB. OpenVAS Vulnerability Test $Id: gbzenossservdetect.nasl 6065 2017-05-04 09:03:08Z teissa $ Zenoss Server Version Detection Authors: Rachana Shetty Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2008-0834

Cross-site scripting XSS vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...