Design/Logic Flaw

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36582

Kooboo CMS 2.1.1.0 is affected by a vulnerability that allows uploading a remote shell (aspx) to the server and then triggering it to receive a reverse shell from the victim server. The uploaded file is placed at /Content/Template/root/reverse-shell.aspx and can be invoked by visiting that URL. P...

Zenitel AlphaCom XE Audio Server 代码问题漏洞

Zenitel AlphaCom XE Audio Server is a hybrid intercom system from Zenitel Norway. The system supports all VINGTOR-STENTOFON IP and analog intercom stations. A security vulnerability exists in Zenitel AlphaCom XE Audio Server that allows remote shell uploads...

Kooboo 代码问题漏洞

Kooboo is a new web development tool capable of developing static pages or complex websites. A security vulnerability exists in Kooboo CMS 2.1.1.0, which stems from the software's lack of effective validation and filtering of user uploaded files. An attacker can upload a remote shell e.g. aspx to...

Pulse Secure Pulse Connect Secure 命令注入漏洞

Pulse Secure Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is an SSL VPN solution from Pulse Secure, Inc. in the United States. A command injection vulnerability exists in Pulse Secure Pulse Connect Secure that stems from the product's failure to filter input data for specia...

Riak Insecure Default Configuration / Remote Command Execution

Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last...

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...

Weidmueller Industrial WLAN devices Access Control Error Vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

Improper access control

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33538 WEIDMUELLER: WLAN devices affected by improper access control vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

Weidmueller Industrial WLAN 安全漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...

Cisco Modeling Labs 2.1.1-b19 Remote Command Execution Exploit

Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...

F5 BIG-IQ VE 8.0.0-2923215 Remote Root

F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...

Cisco Modeling Labs 2.1.1-b19 Remote Command Execution

Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...

CVE-2021-23895 Authorized deserialization of untrusted data in McAfee DBSec

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

Backdoor.Win32.Small.n Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.n Vulnerability: Unauthenticated Remote Command Execution SYSTEM Description: T...