Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.
f915b7c8e1490be3b5efefa54a6482a71e7b49a70921a15a16cb111dcf215ee6
This Metasploit module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's unserialize method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]') and can be retrieved by an unauthenticated user at the end of the process of submitting a new issue via the 'Issue Submission' form. Versions before 15.1.1 are reported to be vulnerable.
698e0392eb6fd3200601379e4e3d239ebb1d4c3143e7663f8154566abf6dec9c
Cisco Security Advisory - A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
358e6cae4e6366a6f3ead0caa340bb5b6b44ff1423e6801085dae36564a1b3b2
jbFileManager suffers from a path traversal vulnerability.
a79015bbb00e588181d9b153f7cac50d3cf3b638872d17a01e594029c4e6e0e5
FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11".
ba7a5b7f1fb1761939ce81f563c29620f9f70fcbfab7ade4b67161271701849e
AdobeUpdateService version 3.6.0.248 suffers from an unquoted service path privilege escalation vulnerability.
9c5f6e95b25c9460938aae0eed413db7e1da761bfa9b90122a4b4b6bfbc73e94
DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.
470b91b64442d28eebb33a4f527381613c2b67ad4b238cb3ab10d5b46ca3f8e7
BookingWizz versions prior to 5.5 suffer from having default administrative credentials, local file inclusion, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
ac3224164fc281f5e02e53dfd05ba5f33417eddad677f722aad191b3626730a1
VMware Security Advisory 2016-0009 - VMware vCenter Server updates address an important reflective cross-site scripting issue.
812f5a6cf20427ee2f1f7b8d87d372758a2c33718f894cbf39735e6aa71fbbfb
Debian Linux Security Advisory 3603-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
a05b05ce7875a8810cfc242385ff4450b36ec84fb911f7247abc21e0fc85d365
Microsoft Visio suffers from a DLL hijacking vulnerability.
53c0212c96208c6e0d2e1e1d7370c5d98fdadabd301ae83fe691067fc4c7adc9
DDN SFA suffers from a privilege escalation vulnerability.
8685f5cd2b43437141d6700fcd38911bb8804b7c0342311a9bbe76773a26134b
Joomla En-Masse component versions 5.1 through 6.4 suffer from a remote SQL injection vulnerability.
09c3f40f3b2879c6fd664dafdb1b126b529437d8b3feaa1fc19423d10362f956
The fix applied for CVE-2014-1520 does not fix a DLL hijacking issue with Mozilla Firefox's executable installer.
e199135bedf5e3f7e1d5caca9f00c1556e12da31282d21a64a24691d122836fc
Blat version 3.2.14 suffers from a stack overflow vulnerability that can trigger a denial of service condition.
f7b53e61f4ab207b0afb88403d6669e16496ff7e18019caac34e370c39a3734f
Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration of sudo.
d76585db4f9afc3a512397bd6ff0264cc58ddcbbd856e3608a54fd64cf5479b7