The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerab…
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes […]
The post Zoom Linux Client 2.0.106600.0904 Buffer Overflow appeared first on MondoUnix.
Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.
Source: Monstra CMS 3.0.4 Remote Shell Upload
The post Monstra CMS 3.0.4 Remote Shell Upload appeared first on MondoUnix.
SalentOS SalentOS è una distribuzione Linux basata su Ubuntu che usa il desktop manager Openbox. E’ sviluppata per essere veloce, ma allo stesso tempo mantenere le caratteristiche di Ubuntu (includendo anche elementi di GNOME e Xfce). Una versione con …
Mancano ormai solo pochissimi giorni a Natale e – come ogni anno, quasi fosse una tradizione – siamo in ritardo con i regali! Abbiamo quindi pensato di offrirvi qualche idea e spunto per regali di Natale hi-tech, in pieno stile InTheBit.it!…
This Metasploit module exploits a file upload vulnerability found in Western Digital’s MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device’s file system. This allows an attacker the ability to upload a PHP […]
The post Western Digital MyCloud multi_uploadify File Upload appeared first on MondoUnix.
Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
Source: Bus Booking Script 1.0 SQL Injection
The post Bus Booking Script 1.0 SQL Injection appeared first on MondoUnix.
FS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.
Source: FS Lynda Clone 1.0 SQL Injection
The post FS Lynda Clone 1.0 SQL Injection appeared first on MondoUnix.
Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.
Source: Movie Guide 2.0 SQL Injection
The post Movie Guide 2.0 SQL Injection appeared first on MondoUnix.
Piwigo version 2.9.1 suffers from a remote SQL injection vulnerability.
Source: Piwigo 2.9.1 SQL Injection
The post Piwigo 2.9.1 SQL Injection appeared first on MondoUnix.
