CVE-2020-17483

An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

CVE-2024-23113 The script is designed to detect CVE-2024-2311...

MTN Group: CVE-2023-41763 Business Elevation of Privilege vulnerability on [.mtn.com]

The Microsoft Skype for Business installation on the remote host was missing security updates. The flaw was actively exploited. Attackers could access some sensitive information but not alter or restrict access to it. The impact related primarily to confidentiality. Multiple vulnerabilities were...

CVE-2020-17483

An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have...

TP-Link T2600G-28SQ uses vulnerable SSH host keys

Overview TP-Link layer-2 switch T2600G-28SQ uses vulnerable SSH host keys CWE-1391. Kuniyuki Hasegawa of VeriServe Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The credential information for a...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2023:0705-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0705-1 advisory. - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the...

CVE-2022-22275

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service DoS attack if a target host is vulnerable...

Input validation

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service DoS attack if a target host is vulnerable...

Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com

Vulnerability description not provided...

Microsoft Defender SQL注入漏洞

Microsoft Defender for IoT is an asset discovery, vulnerability management, and threat monitoring solution for IoT/OT environments.Microsoft Defender for IoT suffers from a remote code execution vulnerability. An attacker could exploit this vulnerability to execute code on the target host...

OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection

OpenCMS v11.0.2 -------------------------------------------------------------------------------------------------------------------------------------------------- CSRF - Login page vulnerable https://vulnerablehost.com/system/login - CSRF needs valid JSESSIONID to work, maybe logged Admin user...

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...

U.S. Dept Of Defense: Сode injection host █████████

Good day, security team. Host █████████ vulnerable to code injection. POC The server makes a time delay. POST /cgi-bin/gMapBuild.py HTTP/1.1 Host: ███ Accept: / Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded...

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

CVE-2019-3980 This repo was created to utilize the Nessus POC...

TVT NVMS 1000 - Directory Traversal

Exploit Title: TVT NVMS 1000 - Directory Traversal Date: 2020-04-13 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html Original Author : Numan Türle CVE : CVE-2019-20085 import sys import reques...

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

Oracle Weblogic Server Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

Oracle Weblogic Server Deserialization Remote Code Execution Exploit

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. This module requires Metasploit: https://metasploit.com/download Current source:...

Ultimate Membership Pro <= 7.5 - Arbitrary media upload

The ajax-upload.php endpoint doesn't check for the current user's capabilities or that they are even logged in, so we can do a few things we shouldn't be able to do: Without any credentials, you can simply POST the image file in the field ihcfile and it'll store it for you: $ curl -F...

Ultimate Membership Pro 7.4.2 <= 7.5 - Arbitrary media include

In addition to cropping/rotating/resizing an image of your choosing, you can abuse the imgUrl feature on versions that it's available on 7.4.2+ at least to make an HTTP request to any site you want. For example, by having it connect to a site you control, you can determine the IP address of the...