Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly others), in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
c2db5ec63dcee8bb5c083080884392540c1d051134888b5324d8f89c4c0cb50d
Babel versions 0.4.1 and below suffer from an open redirection vulnerability.
07505ec0277342f929b6efe5392c8e2091db2c9c19918c8321df41cf5208af62
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
0f2b7cecc70c1a27d35c06c98804fcdb9f326630de5d035afc447122186010b7
Red Hat Security Advisory 2019-0457-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include an off-by-one error.
05240ca35ab0884fd7a25fa142af88cdf00b81ed1453000b8a98e0494394002b
Red Hat Security Advisory 2019-0458-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include a privilege escalation vulnerability.
f052daa877a5823c2c9ffaca0bd238d6a902f660e0b6a979b99d2e827c5ed668
Red Hat Security Advisory 2019-0461-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include an input validation vulnerability.
eae354ccaa916776dcaa9d3e9d6c83e206419765a1f3bcf05c7f67fe5cb6bcf9
WordPress WP-Image-News-Slider plugin version 3.3 suffers from cross site request forgery and remote shell upload vulnerabilities.
f305567bbd53d21d7a02d1815f12ebca530383e903aadf9be4dff6dfc2cefdc5
OpenDocMan version 1.3.4 suffers from a remote SQL injection vulnerability in search.php.
77bba293ef60b83e3d9b74479a57f69c2275c51e9a31787a6882e15c27d6fec9
vBulletin version 4.2.5 with Member Map version 1.1.2 suffers from an open redirection vulnerability.
cd24447d5bdc6df376a0c8e592244ce1952be936784b89cfd7169666074f1b88
vBulletin version 4.2.5 with vBSuper_PM version 1.2.3 Lite suffers from an open redirection vulnerability.
337b52dd897eae9edf84f2c1fefeb81f0b4459305ddf01c6badb1b904d4b4990
Java Debug Wire Protocol (JDWP) remote code execution exploit.
41e06237e80e41d159f68ebe351dc2b371f483d6f2f1f8c2316858e9cacb0cc2
vBulletin version 4.2.5 with Thread Post Bookmarking version 1.2.0 suffers from an open redirection vulnerability.
99f1a237812d994d339caac57f876dd0be4c979f258f6166cf91876b60a63385
vBulletin version 4.2.5 with Ajax Threads version 1.1.3 Lite suffers from an open redirection vulnerability.
92ec38604b3a7a0f1933fa1bcb7b7d1367f1f21b037743720431a6c365480bdf
vBulletin version 4.x Seo by vBSeo version 3.3.2 suffers from an open redirection vulnerability.
3669bb4deadc40930e9d2251455fc9eddaf8dc47a5b4fe8393f38c538ab155c0
Splunk Enterprise version 7.2.4 custom application remote code execution exploit using a persistent backdoor with a custom binary payload.
409a62d7cf31cbc8fd45c944b0cc9a10a0a308719ab65e9a92813651a3d8b393
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 remote code execution proof of concept exploit.
31c08ad51e70c858c747f8a3e114b52182812ad082a81b7165a6962c2efaac0c
This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.
fd1000e5cac89ace858ec8875c56402a580102eca4787adce2c81e8909ed4842
elFinder versions 2.1.47 and below suffer from a command injection vulnerability in the PHP connector.
c18a99273f5751aac3069a948d7904a72a24ff8573296cdae06be2c2d58ce090
Fiberhome AN5506-04-F RP2669 suffers from a persistent cross site scripting vulnerability.
3c7362c8972634b05aaa51838c2ee7e321da879525c3a7b61b9d0b1674ec5a1c
MarcomCentral FusionPro VDP Creator versions prior to 10.0 suffer from a directory traversal vulnerability.
eb98b706c6a8ecb272d16cccee6ec91d15662dabdb4e48c5e6b36280d4b885e3