27 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-9766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service stack exhaustion in the dissectIODWriteReq...
Ivanti Connect Secure Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains an authentication bypass vulnerability...
CVE-2023-41374
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...
SUSE: Security Advisory (SUSE-SU-2015:1518-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...
TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Vulnerability
TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config...
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple Vulnerabilities Date: 14/06/2019 Author: Alex Akinbi Twitter: @alexakinbi 1...
Splunk Local Privilege Escalation
Vulnerability Details Affected Vendor: Splunk Affected Product: Splunk Enterprise Affected Version: 6.6.x Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Privilege Escalation Attack vector: Local 2. Vulnerability...
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
Exploit Title: OctoberCMS 1.0.426 - CSRF to Admin Account Takover Vendor Homepage: https://octobercms.com Software Link: https://octobercms.com/download Exploit Author: Zain Sabahat Website: https://about.me/ZainSabahat Category: webapps CVE: CVE-2017-16244 1. Description Cross-Site Request Forge...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
Exploit for windows platform in category local exploits Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL Type: Backup Software Version:...
ArcServe UDP 6.0.3792 Update 2 Build 516 Privilege Escalation
Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL Type: Backup Software Version: 6.0.3792 Update 2 Build 516 Download URL:...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL Type: Backup Software Version: 6.0.3792 Update 2 Build 516 Download URL:...
Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Local File Disclosure
Advisory Information ======================================== Title : Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR Local File Inclusion Vendor Homepage : https://is.spiap.com/ Remotely Exploitable : Yes Tested on Camera types : CCPW3025-IR , CVMW3025-IR Product References :...
JVC IP-Camera VN-T216VPRU - Local File Disclosure
JVC IP-Camera VN-T216VPRU - Local File Disclosure 1. Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Local File Inclusion Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product References :...
Honeywell IP-Camera HICC-1100PT - Local File Disclosure
Honeywell IP-Camera HICC-1100PT - Local File Disclosure 1. Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Local File Inclusion Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Tested on Camera types :...
C2S DVR Management Credential Disclosure / Authentication Bypass
Advisory Information ======================================== Title : C2S DVR Management Remote Credentials Disclosure & Authentication Bypass Vendor Homepage : http://www.cash2s.com/en/ Remotely Exploitable : Yes Tested on Camera types : IRDOME-II-C2S, IRBOX-II-C2S, DVR Vulnerabilities :...
Vanderbilt IP Camera CCPW3025-IR / CVMW3025-IR - Credentials Disclosure
Exploit for cgi platform in category web applications 1. Advisory Information ======================================== Title : Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR Remote Credentials Disclosure Vendor Homepage : https://is.spiap.com/ Remotely Exploitable : Yes Tested on Camera types :...
JVC IP-Camera VN-T216VPRU - Credentials Disclosure
Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Remote Credentials Disclosure Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product References :...
Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload Version 2
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit4 'Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload', 'Description' = %q This module exploit...