Clik here to view.
ZKTime Web Software 2.0 - Improper Access Restrictions
EDB-ID: 43019Author: Arvind VPublished: 2017-08-18CVE: CVE-2017-14680 Type: WebappsPlatform: WindowsVulnerable App: N/A CVE-ID: CVE-2017-14680 Vendor Homepage:...
View ArticleClik here to view.
ZKTime Web Software 2.0 - Cross-Site Request Forgery
EDB-ID: 43018Author: Arvind VPublished: 2017-08-18CVE: CVE-2017-13129 Type: WebappsPlatform: WindowsVulnerable App: N/A CVE-ID: CVE-2017-13129 Vendor Homepage:...
View ArticleClik here to view.
Mozilla Firefox < 55 - Denial of Service
EDB-ID: 43020Author: Amit SangraPublished: 2017-10-20CVE: CVE-2017-7783 Type: DosPlatform: MultipleVulnerable App: N/A # Category: Denial of Service # Date: 5/11/17 # CVE : CVE-2017-7783 # Affected...
View ArticleClik here to view.
Mozilla Firefox Username Denial Of Service
Mozilla Firefox versions prior to 55 suffer from a long username denial of service vulnerability.MD5 | d045383f0ddfecdc908bd3897dc709ceDownload# Exploit Title: Mozilla Firefox < 55 - Forcibly make...
View ArticleClik here to view.
ZKTime Web Software 2.0 Cross Site Request Forgery
ZKTime Web Software version 2.0 suffers from a cross site request forgery vulnerability.MD5 | f8c4d4b15229d25be5aec0554197f32dDownloadExploit Title: ZKTime Web Software 2.0 - Cross Site Request...
View ArticleClik here to view.
ZKTime Web Software 2.0 Insecure Direct Object Reference
ZKTime Web Software version 2.0 suffers from an insecure direct object reference vulnerability.MD5 | b777dd4813f975f9032626bc736f801aDownloadExploit Title: ZKTime Web Software 2.0 - Broken...
View ArticleClik here to view.
TP-Link WR940N - Authenticated Remote Code Exploit
EDB-ID: 43022Author: Fidus InfoSecurityPublished: 2017-10-17CVE: CVE-2017-13772 Type: WebappsPlatform: HardwareAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A import base64 import hashlib...
View ArticleClik here to view.
Check_MK 1.2.8p25 - Information Disclosure
EDB-ID: 43021Author: Julien AhrensPublished: 2017-10-18CVE: CVE-2017-14955 Type: WebappsPlatform: PythonVulnerable App: ======================= Product: Check_mk Vendor URL:...
View ArticleClik here to view.
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
Hashicorp vagrant-vmware-fusion versions 4.0.24 and below suffer from a local privilege escalation vulnerability. This is the same issue that affected the last version but the vendor failed to properly...
View ArticleClik here to view.
BMC Remedy LFI / RFI / XSS / Code Execution
BMC Remedy suffers from log hijacking, code execution, cross site scripting, local/remote file inclusion, and various other vulnerabilities.MD5 | 6a00391d6567c156d616b913657c8b20DownloadDocument...
View ArticleClik here to view.
Check_mk 1.2.8p25 save_users() Race Condition
Check_mk versions 1.2.8p25 and below suffer from a save_users() race condition that leads to sensitive information disclosure.MD5 | 20c85c9a771f1de93e046c52df63537cDownloadRCE Security...
View ArticleClik here to view.
TP-Link WR940N Remote Code Execution
Numerous remote code execution paths were discovered in TP-Link's WR940N home WiFi router. Valid credentials are required for this attack path. It is possible for an authenticated attacker to obtain a...
View ArticleClik here to view.
Polycom Command Shell Authorization Bypass
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are...
View ArticleClik here to view.
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute...
View ArticleClik here to view.
Unitrends UEB 9 HTTP API/Storage Remote Root
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to...
View ArticleClik here to view.
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
EDB-ID: 43026Author: Berk Cem GökselPublished: 2017-10-21CVE: CVE-2017-15223 Type: DosPlatform: WindowsVulnerable App: # coding: utf-8 ############ Description: ########## # The vulnerability was...
View ArticleClik here to view.
CometChat < 6.2.0 BETA 1 - Local File Inclusion
EDB-ID: 43027Author: ParadoxisPublished: 2017-10-22CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 2017-10-22 # Exploit Author: Luke Paris (Paradoxis) <luke@paradoxis.nl> # Vendor...
View ArticleClik here to view.
Kaltura
EDB-ID: 43028Author: Robin VertonPublished: 2017-10-23CVE: CVE-2017-14143 Type: WebappsPlatform: PHPVulnerable App: N/A # Kaltura <= 13.1.0 RCE (CVE-2017-14143) #...
View ArticleClik here to view.
Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation
EDB-ID: 43029Author: @XeR_0x2A and @chaign_cPublished: 2017-10-22CVE: CVE-2017-5123 Type: LocalPlatform: LinuxAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A #include <stdio.h>...
View ArticleClik here to view.
WordPress Polls 1.2.4 SQL Injection
WordPress Polls plugin version 1.2.4 suffers from a remote SQL injection vulnerability.MD5 |...
View Article