GoAutoDial 3.3 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database...

PVS Streamed Desktops are Assigned the Same MAC Address

All desktops created by streamed VM setup wizard are assigned with the same MAC address...

CVE-2017-2847

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP...

Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls AFFECTED PRODUCTS Siemens reports that the vulnerability affects...

Vulnerability in the Android operating system’s loader, allowing a hacker to gain access to resources

The vulnerability in the Android operating system’s loader is related to incorrect initialization of resources. Exploiting this vulnerability can allow a remote attacker to gain access to these resources...

SSL configuration on VDA

See Citrix Virtual Apps and Desktops documentation Enable TLS on VDAs...

Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries

Overview "Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation"contains an issue with the DLL search path, which may lead to insecurely loading...

Exploit for Code Injection in Samba

Basic Setup Install Samba version 4.5.9 https://download...

How Do I Deploy Self-Service Password Reset For the First Time

The primary intent of this article is to provide steps to how to deploy Self-Service Password Reset SSPR environment for the first time...

MODX Revolution Directory Traversal Vulnerability (CNVD-2017-07464)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A directory traversal vulnerability exists in MODX Revolution versions prior to 2.5.7 using PHP version...

Cross site scripting

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

CVE-2017-9068

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the databasetype parameter...

CVE-2017-9068

MODX Revolution prior to 2.5.7 contains a Reflected XSS vulnerability. An attacker can trigger XSS by injecting payloads into several fields on the setup page, demonstrated via the database_type parameter. Affected product: MODX Revolution. Root cause: input supplied on the setup page is reflecte...

PT-2017-3048 · Linux +3 · Linux +3

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is caused by a missing bounds check in the Linux kernel, specifically in the drivers/char/lp.c file. This allows an adversary with partial control over the kernel command line,...

Code injection

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

UBUNTU-CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...