CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

Rockwell Automation EDS Subsystem

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Rockwell Automation Equipment: EDS Subsystem Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, SQL Injection 2. RISK EVALUATION Successful...

Beers with Talos Ep. #63: The third law of thermodynamics

Beers with Talos BWT Podcast episode No. 63 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Sept. 27, 2019 We are missing Matt and Joel this time, so Mitch, Craig and Nigel are taking you through this...

Exploit for Out-of-bounds Write in Microsoft

IE11 VBScript Exploit Exploit Generator for CVE-2018-8174 &amp...

CVE-2017-5603

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544...

QIWI: [ishop.qiwi.com] XSS + Misconfiguration

Хост - ishop.qiwi.com Тип - XSS Как воспроизвести 1 Регистрируем новый магазин с именем " наш код http://puu.sh/fOHix/537dacd4cc.png http://puu.sh/fOHl5/a287e79250.png http://puu.sh/fOHoJ/0ec66e9f4d.png 2 Привязываем номер телефона http://puu.sh/fOHxf/d52b555777.png 3 Страница сообщает нам что на...