EUVD-2019-3645

Malware in sbrugna...

EUVD-2022-35415

Malicious code in bioql PyPI...

EUVD-2023-40399

Malicious code in bioql PyPI...

CVE-2019-11989

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA Agent module could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7,...

Microsoft Windows Multiple Vulnerabilities (KB5031362)

This host is missing an important security update according to Microsoft KB5031362 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2023-36434 Windows IIS Server Elevation of Privilege Vulnerability

...

KB5031356: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031356. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

KB5031364: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

PT-2023-5914 · Microsoft · Windows Iis Server +1

Name of the Vulnerable Software and Affected Versions: Windows IIS Server affected versions not specified Description: The issue is related to insufficient access controls in the Windows IIS Server, which can be exploited by a remote attacker to elevate their privileges. Recommendations: At the...

KB5031362: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2023)

The remote Windows host is missing security update 5031362. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

KB5031411: Windows Server 2008 Security Update (October 2023)

The remote Windows host is missing security update 5031411. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36577 - Windows IIS Server Elevation of Privilege Vulnerability CVE-2023-36434 - Microsof...

ENTAB ERP 1.0 - Username PII leak Vulnerability

Exploit Title: ENTAB ERP 1.0 - Username PII leak Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab software in...

ENTAB ERP 1.0 - Username PII leak

Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...

Privilege escalation

Windows IIS Server Elevation of Privilege Vulnerability...

PT-2022-3740 · Microsoft · Windows Iis Server +1

Name of the Vulnerable Software and Affected Versions: Windows IIS Server affected versions not specified Description: The issue is related to insufficient access control in the Windows IIS Server, which can be exploited by a remote attacker to elevate their privileges. This can affect the system...

KLA12581 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of...

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...

Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)

Exploit Title: Umbraco CMS 7.12.4 - Remote Code Execution Authenticated Date: 2020-03-28 Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4...

Umbraco CMS 7.12.4 Remote Code Execution

Exploit Title: Umbraco CMS - Authenticated Remote Code Execution Date: 2020-03-28 Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4 Category:...

Umbraco CMS 7.12.4 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Umbraco CMS - Authenticated Remote Code Execution Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link:...