56 matches found
[SECURITY] [DLA 2159-1] okular security update
Package : okular Version : 4:4.14.2-2+deb8u2 CVE ID : CVE-2020-9359 Debian Bug : 954891 Mickael Karatekin from Sysdream Labs discovered that the Okular document viewer allows code execution via an action link in a PDF document. For Debian 8 "Jessie", this problem has been fixed in version...
Unraid 6.8.0 Auth Bypass PHP Code Execution
This module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root. This module requires Metasploit:...
Zimbra Collaboration Cross Site Scripting
CVE-2018-14013 Reflected Cross-Site Scripting XSS vulnerabilities in Zimbra Collaboration Description Two XSS vulnerabilities have been discovered in Zimbra Collaboration initially in version 8.8.8. Zimbra Collaboration is an open source messaging and collaboration solution. Vulnerability records...
AudioCode 400HD - Command Injection
AudioCode 400HD - Command Injection CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony...
AudioCode 400HD Cross Site scripting
CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs in the CG...
AudioCode 400HD Remote Command Injection
CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...
phpCollab 2.5.1 - Unauthenticated File Upload Exploit
Exploit for php platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpCollab 2.5.1 Unauthenticated File Upload', 'Description' = %q This module exploits a file...
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA...
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then execute the interface command. By logging in within these...
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation
CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners...
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then...
UCOPIA Wireless Appliance Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions...
UCOPIA Wireless Appliance Privilege Escalation
CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners...
UCOPIA Wireless Appliance Restricted Shell Escape
CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then execute the interface command. By logging in within these...
PhpCollab 2.5.1 SQL Injection
CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments, allowing arbitrary SQL code...
PhpCollab 2.5.1 Shell Upload
CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...
Zimbra Cross Site Request Forgery
CVE-2016-3403: Multiple CSRF in Zimbra Administration interface Description Multiple CSRF vulnerabilities have been found in the administration interface of Zimbra, giving possibilities like adding, modifying and removing admin accounts. Vulnerability Every forms in the Administration part of...
Debian DLA-695-1 : spip security update
Multiple vulnerabilities have been discovered in SPIP, a website engine for publishing written in PHP. CVE-2016-7980 Nicolas Chatelain of Sysdream Labs discovered a cross-site request forgery CSRF vulnerability in the validerxml action of SPIP. This allows remote attackers to make use of potentia...
SPIP 3.1.13.1.2 - File Enumeration Path Traversal
SPIP 3.1.13.1.2 - File Enumeration Path Traversal SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...
SPIP 3.1.2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications SPIP 3.1.2 Reflected Cross-Site Scripting CVE-2016-7981 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distribute...