EUVD-2018-17728

Malware in sbrugna...

Metasploit Weekly Wrap-Up 03/01/2024

Connect the dots from authentication bypass to remote code execution This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in ConnectWise ScreenConnect to achieve remote code execution. This vulnerability, CVE-2024-1709, affects all...

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...

Cross site scripting

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name...

Online Leave Management System 跨站脚本漏洞

Sourcecodester Online Leave Management System is an online leave management system. A security vulnerability exists in Online Leave Management System v1.0, which originates from a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. The...

Metasploit Weekly Wrap-UP

GLPI htmLawed PHP Command Injection Our very own bwatters-r7 wrote a module for an unauthenticated PHP command injection vulnerability that exists in various versions of GLPI. The vulnerability is due to a third-party vendor test script being present in default installations. A POST request to...

Metasploit Wrap-Up

Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...

Metasploit Weekly Wrap-Up

vCenter Secret Extracter Expanding on the work of the vcenterforgesamltoken auxiliary module, community contributor npm-cesium137-io has added a new module for extracting the vmdir/vmafd certificates, the IdP keypair, the VMCA root cert, and anything from vmafd that has a private key associated,...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the description of a new module due to the lack of validations...

Metasploit Wrap-Up

NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...

new module: swig:4.0

The simplified wrapper and interface generator SWIG is a software development utility to connect C, C++, and Objective C programs with a variety of high-level programming languages. SWIG is used to create high-level interpreted programming environments, systems integration, and as a utility for...

new module: perl:5.30

This enhancement update adds the perl:5.30 module to AlmaLinux BZ1713592 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

new module: nginx:1.18

This enhancement update adds the nginx:1.18 module to AlmaLinux BZ1826632 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

CVE-2018-5962

index.php in CentOS-WebPanel.com aka CWP CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpinieditor module or the emailaddress parameter to the mailadd-new module...

CVE-2012-2209

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

Empire(EmpireCMS)cms 6.6 the background to get shell-vulnerability warning-the black bar safety net

Previous 6. 5http://www.badguest.cn/Article/201011/78510.htmlsomeone hair of the method is that the background---system setup---the management data table---management system models---import new module,directly put the modified php shell was renamed the shell. php. mod uploaded, the new version us...

Fedora 15 : erlang-R14B-03.2.fc15 (2011-9598)

Ver. R14B03 - New module - diameter - Several new examples directories - Fixed building on F-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...