Remote code execution

AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software...

Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)

The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks. PoC GET /wp-content/plugins/boldgrid-backup/cli/env-info.php ..., "phpuname":"Linux wordpress-server X.X.X-XX-generic...

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules arises from copying buffers without checking the size of the input data. This allows attackers to exploit their privileges.

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules arises from copying buffers without checking the size of the input data. This allows attackers to exploit their privileges.

The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

XSS Vulnerability in U-Mail Mail Server Software of Shenzhen Fuqia Technology Co.

U-Mail mail server software is the first-line brand in China to provide free lifetime upgrade of the mail system. Shenzhen Fuqia Technology Co., Ltd U-Mail mail server software XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user cookies...

Command Execution Vulnerability in U-Mail Mail Server Software

U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has a command execution vulnerability that can be exploited by...

Input validation

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-14603

Intel Quadru... wait, keep precise:

CVE-2019-1954

Cisco Webex Meetings Server Open Redirect (CVE-2019-1954) is due to improper input validation of URL parameters in the web-based management interface. An unauthenticated, remote attacker could craft an HTTP request to cause the application to redirect a user to a malicious URL. Cisco’s advisory s...

KLA11350 PE vulnerability in Microsoft Server Software

Incorrect requests handling vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2018-8581 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details...

Path Traversal in angular-http-server

Affected versions of angular-http-server are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server. Recommendation Update to version 1.6.0 or later. :exclamation: Note: This was originally thought to be fixed in version 1.4.3, though...

GyoiThon - A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning. GyoiThon identifies the software installed on web server OS, Middleware, Framework, CMS, etc... based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generate...

Input validation

A vulnerability in the Real-Time Transport Protocol RTP bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker...

CVE-2018-0326

Cisco TelePresence Server Software web UI is affected by CVE-2018-0326 due to insufficient protections for HTML iframe embeds, enabling an unauthenticated attacker to perform a cross-frame scripting attack via a user-nes navigated, attacker-controlled page containing a malicious iframe. The resul...

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

CVE-2017-17832

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settingsSMSALERTTYPE parameter, and JavaScript can be executed on settings-save.html the Settings - SMS Alerts page...

Arbitrary file read vulnerability in yard server

lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...

LIFE CMS Directory Traversal

Title: ======= LIFE CMS - Directory Traversal Introduction: ============== Life Educacional comprises a set of online computer tools capable of bringing agility and control in all activities of a teaching institution, whether public or private, or basic, basic, secondary or higher education. It i...

libsoup HTTP Server Detection (HTTP)

Detection of libsoup HTTP server. The script sends a connection request to the server and attempts to detect libsoup HTTP server and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Philex CMS 0.2 Directory Traversal

Title: ======= Philex CMS - Directory Traversal Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS features va...