5 matches found
CVE-2025-36729
The connected sources confirm CVE-2025-36729 concerns RACOM M!DGE2 devices where a non-primary administrator with web-interface rights (no shell access) can view device configuration, exposing the master admin password, and can escalate to shell access with root gid. The root cause is improper pe...
Kaseya VSA Master Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...
Kaseya VSA Master Administrator Account Creation
This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to create a new Master Administrator account. Normally this page is only accessible via the localhost interface, but the application does nothing to prevent this apart from attempting to force a redirect. This module has been...
PHP Calendar Script Remote XSS (Permanent) Vulnerabilities
============================================================== PHP Calendar Script Remote XSS Permanent Vulnerabilities ============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
phpcal-xss.txt
============================================================== PHP Calendar Script Remote XSS Permanent Vulnerabilities ============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...