FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayExploit-DB Updates

[webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

[webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

[webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

[local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing

[local] ZTE ZXV10 H201L - RCE via authentication bypass

ZTE ZXV10 H201L - RCE via authentication bypass

[local] Daikin Security Gateway 14 - Remote Password Reset

Daikin Security Gateway 14 - Remote Password Reset

[local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

[local] unzip-stream 0.3.1 - Arbitrary File Write

unzip-stream 0.3.1 - Arbitrary File Write

[local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite

tar-fs 3.0.0 - Arbitrary File Write/Overwrite

[webapps] WordPress Core 6.2 - Directory Traversal

WordPress Core 6.2 - Directory Traversal

[local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege

Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege

[remote] OpenSSH server (sshd) 9.8p1 - Race Condition

OpenSSH server (sshd) 9.8p1 - Race Condition

[remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)

WonderCMS 3.4.2 - Remote Code Execution (RCE)

[remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

[remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

[local] Microsoft Windows 11 - Kernel Privilege Escalation

Microsoft Windows 11 - Kernel Privilege Escalation

[webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)

FoxCMS 1.2.5 - Remote Code Execution (RCE)

[webapps] Drupal 11.x-dev - Full Path Disclosure

Drupal 11.x-dev - Full Path Disclosure

[webapps] UJCMS 9.6.3 - User Enumeration via IDOR

UJCMS 9.6.3 - User Enumeration via IDOR

[webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection

KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection

[webapps] Tatsu 3.3.11 - Unauthenticated RCE

Tatsu 3.3.11 - Unauthenticated RCE

[webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation

Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation

[webapps] Apache Commons Text 1.10.0 - Remote Code Execution

Apache Commons Text 1.10.0 - Remote Code Execution

[remote] Langflow 1.3.0 - Remote Code Execution (RCE)

Langflow 1.3.0 - Remote Code Execution (RCE)

[webapps] Inventio Lite 4 - SQL Injection

Inventio Lite 4 - SQL Injection

[webapps] Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

[local] AnyDesk 9.0.1 - Unquoted Service Path

AnyDesk 9.0.1 - Unquoted Service Path

[webapps] compop.ca 3.5.3 - Arbitrary code Execution

compop.ca 3.5.3 - Arbitrary code Execution

[webapps] Usermin 2.100 - Username Enumeration

Usermin 2.100 - Username Enumeration

[hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

[hardware] ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

[webapps] Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

[webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass

IBMi Navigator 7.5 - HTTP Security Token Bypass

[remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption

[remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

[hardware] ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS

ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS

[webapps] phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

[hardware] ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS

[remote] WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

[webapps] ProConf 6.0 - Insecure Direct Object Reference (IDOR)

ProConf 6.0 - Insecure Direct Object Reference (IDOR)

[webapps] Ethercreative Logs 3.0.3 - Path Traversal

Ethercreative Logs 3.0.3 - Path Traversal

[webapps] FLIR AX8 1.46.16 - Remote Command Injection

FLIR AX8 1.46.16 - Remote Command Injection

[webapps] Car Rental Project 1.0 - Remote Code Execution

Car Rental Project 1.0 - Remote Code Execution

[local] Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

[local] ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

[webapps] KodExplorer 4.52 - Open Redirect

KodExplorer 4.52 - Open Redirect

[remote] Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)

[hardware] ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution

[remote] Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

[webapps] Garage Management System 1.0 (categoriesName) - Stored XSS

Garage Management System 1.0 (categoriesName) - Stored XSS

[webapps] WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection

[webapps] Smart Manager 8.27.0 - Post-Authenticated SQL Injection

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

[remote] Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)

Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)

[webapps] Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

[webapps] NagVis 1.9.33 - Arbitrary File Read

NagVis 1.9.33 - Arbitrary File Read

[webapps] Zabbix 7.0.0 - SQL Injection

Zabbix 7.0.0 - SQL Injection

[hardware] ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)

[webapps] phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

[webapps] ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

[webapps] ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

ABB Cylon Aspect 3.08.03 - Hard-coded Secrets
โŒ