This Metasploit module exploits an authenticated arbitrary file read in the log modules filter engine. SteelHead VCX (VCX255U) version 9.6.0a was confirmed as vulnerable.
82200956bfcf313b96ff93db76c110d1947a97a9884d89e92f426e7c7e7da5eaUmbraco CMS version 7.12.4 suffers from an authenticated remote code execution vulnerability.
7ba02d67572e6a1dec0282ee1b27ebba6f0f563a1f7370d383c0d4e312094e95Linux Kernel versions prior to 4.15.4 show_floppy KASLR address leak proof of concept exploit.
0141dd0e32ba53533c58e61ecfdc7ade09f92a66df172ac9572a7c4be4fa3a4dMicrosoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.
7a7ac559b01961f3ee6d891d89c708a79570c82bf81792a0b6b527819cb4e8d5Riverbed SteelHead VCX version 9.6.0a suffers from an arbitrary file read vulnerability.
67bd160f57f9efe9ce7c82cb99728bf0b5fd64561cc6f8297967e1d117931a8cApache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.
5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74dPentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.
0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5eApache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.
fc343b2e9b0b222af9ed2172c74986902a356c06c28a09a1384b4dbecc1d0f5eApache Syncope versions 1.0.0 through 1.0.8 and 1.1.0 through 1.1.6 suffer from a remote code execution vulnerability.
6d94a96f8baecf063b4bc07ade222c1496c0edecf336e0795af31c63ae3aaddaApache Camel versions 2.9.0 to 2.9.7, 2.10.0 to 2.10.6, 2.11.0 to 2.11.1, and 2.12.0 suffers from a remote command execution vulnerability based on how message headers are interpreted.
1f20fed4bf0aae4159245be3336a4b327d8066c6bab740968ed8bf4deb7260c6Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a nest expression evaluation that allows remote users the ability to execute arbitrary UEL functions.
a87988f73312e5bcabc2f319c28c75d1bd10eb46024a263f67c4d2162580e354Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a cross site scripting vulnerability.
26c1bb776a54ce85382e16dc08ca13d97a5a5b5d6f10425b3168cacf5d112692
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed