Lucene search
K
PacketstormRecent

50773 matches found

Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.397 views

Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection

Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered for product Talariax sendQuick Alertplus server admin version 4.3. This is an updated reference for https://seclists.org/fulldisclosure/2021/Oct/1...

8.7AI score0.01478EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.523 views

KONGA 0.14.9 Privilege Escalation

Exploit Title: KONGA 0.14.9 - Privilege Escalation Date: 10/11/2021 Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux -...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.450 views

Fuel CMS 1.4.13 SQL Injection

Exploit Title: Fuel CMS 1.4.13 - 'col' Parameter Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.349 views

WordPress Contact Form To Email 1.3.24 Cross Site Scripting

Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting XSS Authenticated Date: 11/11/2021 Exploit Author: Mohammed Aadhil Ashfaq Vendor Homepage: https://form2email.dwbooster.com/ Version: 1.3.24 Tested on: wordpress POC 1. Click Contact form to Email...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.492 views

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' = %q This module exploits LFI and log poisoning vulnerabilities...

9.2AI score0.35047EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.454 views

Xlight FTP 3.9.3.1 Buffer Overflow

Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-12 Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.483 views

WordPress WP Symposium Pro 2021.10 Cross Site Scripting

Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 - 'wpsadminforumaddname' Stored Cross-Site Scripting XSS Date: 11/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.wpsymposiumpro.com/ Software Link: https://wordpress.org/plugins/wp-symposium-pro/ Version:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.481 views

Mumara Classic 2.93 SQL Injection

Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Date: 2021-11-11 Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.414 views

WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting

Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/11 12:0 a.m.433 views

YeaLink SIP-TXXXP 53.84.0.15 Command Injection

Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Date: 11-10-2021 Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/11 12:0 a.m.438 views

AbsoluteTelnet 11.24 Denial Of Service

Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/11 12:0 a.m.381 views

FormaLMS 2.4.4 Authentication Bypass

Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Date: 2021-11-10 Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136...

9.2AI score0.15725EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/11 12:0 a.m.1337 views

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE :...

7.5CVSS9.2AI score0.99992EPSS
Exploits173
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.343 views

Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting

Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Date: 10.11.2021 Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.354 views

Employee Daily Task Management System 1.0 Cross Site Scripting

Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Date: 09/11/2021 Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.621 views

Dolibarr ERP / CRM 13.0.2 Remote Code Execution

Trovent Security Advisory 2106-01 Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2106-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2106-01 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr...

9.2AI score0.03815EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.543 views

Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k NtGdiResetDC Use After Free Local Privilege Elevation', 'Description' = %q A use after free vulnerability exists in the NtGdiResetDC...

4.6CVSS7.7AI score0.73381EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.292 views

Microsoft OMI Management Interface Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft OMI Management Interface Authentication Bypass', 'Description' = %q By removing the authentication exchange, an attacker can issue...

7.5CVSS7.4AI score0.99723EPSS
Exploits20
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.550 views

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting

Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...

6.4AI score0.79282EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/09 12:0 a.m.368 views

Google Assistant Authentication Bypass

0011 Vendor: Google Status: fixed Reported: Nov 25, 2019 Disclosed: Oct 10, 2021 685 days Auth Bypass in Google Assistant Summary: Webpage can execute Google Assistant commands without any permissions Steps to reproduce: Generate the TTS audio files using the Google Cloud TTS API, using the text...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.472 views

zlog 1.2.15 Buffer Overflow

Exploit Title: zlog 1.2.15 - Buffer Overflow Date: 10/23/2021 Exploit Author: LIWEI Vendor Homepage: https://github.com/HardySimpson/zlog Software Link: https://github.com/HardySimpson/zlog Version: v1.2.15 Tested on: ubuntu 18.04.2 1.- compile the zlogv1.2.15 code to a library. 2.- Use the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.435 views

Trojan.Win32.SkynetRef.y Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2d249f86890d290bb8af599ea0367f3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.SkynetRef.y Vulnerability: Unauthenticated Open Proxy Description: The malware listens ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.600 views

Backdoor.Win32.VB.afu Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6ba7fcb9eb9bdd7e081e2e84e784dcbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.afu Vulnerability: Insecure Transit Password Disclosure Description: The malware...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.391 views

FusionPBX 4.5.29 Remote Code Execution

Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Date: 11/08/2021 Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import reques...

8.7AI score0.35628EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.367 views

Kmaleon 1.1.0.205 SQL Injection

Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Date: 2021-11-05 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.618 views

Froxlor 0.10.29.1 SQL Injection

Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...

7.5CVSS9.2AI score0.11812EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.397 views

HEUR.Backdoor.Win32.Denis.gen Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1a4d58e281103fea2a4ccbfab93f74d2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Denis.gen Vulnerability: Remote Denial of Service UDP Datagram Description: The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.364 views

Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9603420a004d9559e610ddeb9d94e20a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.nqr Vulnerability: Unauthenticated Open Proxy Description: The malware listen...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.393 views

Email-Worm.Win32.Plexus.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ee8990b5d076a7ed601a30eb677cc9be.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Plexus.b Vulnerability: Unauthenticated Remote Code Execution Description: The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.435 views

WordPress Backup And Restore 1.0.3 Arbitrary File Deletion

Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Date: 11/07/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Window...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.401 views

Backdoor.Win32.Hupigon.bnbb Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0857f2c8541dba287d648eec17163d3f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.bnbb Vulnerability: Insecure Service Path Description: The malware creates a...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.439 views

Backdoor.Win32.Pahador.aj Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f393943eb6a80c8321f31c4543ba0bcf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Pahador.aj Vulnerability: Authentication Bypass RCE Description: The malware listens ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.379 views

Trojan.Win32.SkynetRef.x Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/339ec4617eababfd46006f2219e68cb8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.SkynetRef.x Vulnerability: Unauthenticated Open Proxy Description: The malware listens ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.380 views

Backdoor.Win32.VB.afu Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6ba7fcb9eb9bdd7e081e2e84e784dcb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.afu Vulnerability: Insecure Permissions Description: The malware writes an .EXE wi...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.368 views

Simple Client Management System 1.0 Cross Site Scripting

Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.351 views

Trojan.Win32.Servstar.poa Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7588da376f496aa678cdfca4e404f38a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Servstar.poa Vulnerability: Insecure Service Path Description: The malware creates a...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.399 views

Money Transfer Management System 1.0 SQL Injection

Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass Date: 2021-11-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.494 views

Backdoor.Win32.Optix.03.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4cf1f1d740d7acea4d3836228980ebcb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Optix.03.b Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.461 views

Backdoor.Win32.Ncx.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/885e74a43b4f7caec3cfb4dba0787de4B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.b Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.522 views

Backdoor.Win32.Ncx.b Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/885e74a43b4f7caec3cfb4dba0787de4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.b Vulnerability: Remote Stack Buffer Overflow Description: The malware listens on...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.465 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Bypass of Filename Extension Restrictions Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public...

7.3AI score0.02248EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.437 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.require-js-cfg.js.\Z" access="Anonymous,...

8.3AI score0.51653EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.453 views

PHP Event Calendar Lite Edition Cross Site Scripting

Advisory ID: SYSS-2021-049 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer...

6.5AI score0.00864EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.600 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...

7AI score0.01307EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.542 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Affected Versions: = 9.1 Vulnerability Type: Remote Code Execution through Pentaho Report Bundles Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021...

8.7AI score0.02266EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.475 views

ImportExportTools NG 10.0.4 HTML Injection

Document Title: =============== ImportExportTools NG 10.0.4 - HTML Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2308 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID VL-ID: ===================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.483 views

Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Jackrabbit User Enumeration Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021 Solution Date: Wont...

5.8AI score0.00951EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.546 views

PHP Event Calendar Lite Edition SQL Injection

Advisory ID: SYSS-2021-048 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification:...

9.2AI score0.02433EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.398 views

10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path Discovery by: Brian Rodriguez Date: 04-11-2021 Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.417 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy

Trovent Security Advisory 2104-03 Missing server-side password policy Overview Advisory ID: TRSA-2104-03 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-03 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...

7.1AI score
Exploits0
Total number of security vulnerabilities50773