Privilege Escalation

Moodle is vulnerable to privilege escalations. On big installations, when the sync script was run it would improperly assign a manager role to suspended student accounts, granting these accounts the same access rights as a manager role...

Code injection

dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...

CVE-2017-11586

dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...

CVE-2017-11586

FineCMS 5.0.9 contains an open redirect vulnerability exploitable via the url parameter in a sync action, linked to controllers/Weixin.php. The NVD entry CVE-2017-11586 documents URL Redirector Abuse with CVSS 3.0 score 6.1 (NETWORK, PR:N, UI:R). Nuclei templates corroborate an open redirect cond...

CVE-2017-11586

dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php...

CVE-2017-10604

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...

CVE-2017-10604

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...

Design/Logic Flaw

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...

CVE-2017-10604 Junos OS: SRX Series: Cluster configuration sync failures occur if the root user account is locked out

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...

VPP Apps Does Not Appear on XenMobile Console After Accidental Deletion of the app.

Deleted VPP applications does not sync with XenMobile Server automatically. Summary VPP is an Apple Enterprise program to distribute corporate App license to device through MDM. Citrix XenMobile makes use of Apple's API to associate / disassociate license based which are distributed through...

How to sync exchange contacts with Local Contacts from secureMail

How to sync exchange contacts with Local Contacts from secureMail?...

FAQ: Limitation on calendar sync with Secure Mail?

Question: Do we have any limitation on calendar sync with Secure Mail? Answer: Secure Mail only syncs 6 months before and 12 months ahead events.It applies to both iOS and Android...

Wanna see WannaCry vulns in Splunk?

Do you want to see your WannaCry vulns all in one dashboard in Splunk? We've got you covered. Before you start, make sure you have these two apps installed in your Splunk App: Rapid7 Nexpose Technology Add-On for Splunk Rapid7 Nexpose for Splunk Steps 1. Follow the directions in this blog post to...

Google's New Tool Lets You Easily Backup & Sync Your Entire PC to the Cloud

Soon you will be able to auto backup and sync your whole computer on Google Drive. Yes, you heard that right. By the end of this month, Google will launch Backup and Sync — a new, simple tool that has been designed to help you backup not only your documents and photos in the cloud but your entire...

Sync Breeze Enterprise Buffer Overflow Vulnerability (CNVD-2017-14421)

Sync Breeze Enterprise is a file synchronization utility that allows you to synchronize and manage the disk files of your networked computers, mainly used to categorize, save and manage files. A buffer overflow vulnerability exists in Sync Breeze Enterprise version 9.7.26, which can be exploited ...

Sync Breeze 9.7.26 - Add Exclude Directory Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Sync Breeze v9.7.26 - Local Buffer Overflow Date: 11-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Sync Breeze v9.7.26 Freeware, Pro and Ultimate Vendor Homepage:...

Sync Breeze 9.7.26 Buffer Overflow

!/usr/bin/python Exploit Title: Sync Breeze v9.7.26 - Local Buffer Overflow Date: 11-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Sync Breeze v9.7.26 Freeware, Pro and Ultimate Vendor Homepage: http://www.syncbreeze.com Version: 9.7.26 Software Link:...

Sync Breeze 9.7.26 - Add Exclude Directory Local Buffer Overflow

Sync Breeze 9.7.26 - Add Exclude Directory Local Buffer Overflow !/usr/bin/python Exploit Title: Sync Breeze v9.7.26 - Local Buffer Overflow Date: 11-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Sync Breeze v9.7.26 Freeware, Pro and Ultimate Vendor Homepage:...

Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow

!/usr/bin/python Exploit Title: Sync Breeze v9.7.26 - Local Buffer Overflow Date: 11-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Sync Breeze v9.7.26 Freeware, Pro and Ultimate Vendor Homepage: http://www.syncbreeze.com Version: 9.7.26 Software Link:...

Sync Breeze Enterprise GET Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sync Breeze Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in the web...