CVE-2021-44076

An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting XSS. The payload can be executed in multiple scenarios, for example when the user'...

CVE-2021-44076

An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting XSS. The payload can be executed in multiple scenarios, for example when the user'...

OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...

OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Date: 9/2/2021 Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE ...

Octobot mishandles Tentacles upload

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

GHSA-FR75-X856-Q6J8 Octobot mishandles Tentacles upload

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

CVE-2021-36711

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

CVE-2021-36711

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

Remote code execution

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

PYSEC-2022-235

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

CVE-2021-36711

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...

CVE-2021-32793 Stored XSS Vulnerability in the Pi-hole Webinterface

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added ...

CVE-2019-20500

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

Siemens SICAM A8000 Series Denial Of Service

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SICAM A8000 Series Vendor: Siemens CSNC ID: CSNC-2019-002 CVE ID: CVE-2018-13798 Subject: SICAM Webinterface XXE DoS Risk: Medium CVSS 3.0 Base Score: 5.3 CVSS 3.0:...

Canon PrintMe / EFI XSS Vulnerability

Canon PrintMe / EFI software is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2018-12111

Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...

Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass(CVE-2018-11692)

Description : An issue was discovered on Canon LBP6650, LBP3370, LBP3460, LBP7750C printers. It is possible for a remote unauthenticated attacker to bypass the Administrator Mode authentication without a password at any URL of the device that requires authentication. PoC : Start searching for Can...

EMC Secure Remote Services Webinterface Detection

This script performs HTTP based detection of EMC Secure Remote Services Webinterface SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

MySQL Enterprise Monitor Detection

This script performs detection of the MySQL Enterprise Monitor Webinterface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...