Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.
Source: Apache Tomcat Upload Bypass / Remote Code Execution
The post Apache Tomcat Upload Bypass / Remote Code Execution appeared firs…
PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.
Source: PyroBatchFTP 3.17 Buffer Overflow
The post PyroBatchFTP 3.17 Buffer Overflow appeared first on MondoUnix.
Utilizing Rancher Server, an attacker can create a docker container with the ‘/’ path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This […]
The post Rancher Server Docker Exploit appeared first on MondoUnix.
This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.
Source: OrientDB 2.2.x Remote Code Execution
The post OrientDB 2.2.x Remote Code Executio…
Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.
Source: Metasploit Cross Site Rquest Forgery
The post Metasploit Cross Site Rquest Forgery appeared first on MondoUnix.
Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.
Source: Lansweeper 6.0.100.29 XXE Injection
The post Lansweeper 6.0.100.29 XXE Injection appeared first on MondoUnix.
UCOPIA Wireless Appliance versions 5.1 and below suffer from a captive portal remote root code execution vulnerability.
Source: UCOPIA Wireless Appliance 5.1 Code Execution
The post UCOPIA Wireless Appliance 5.1 Code Execution appeared first on MondoUn…
Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.
Source: Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
The post Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution appea…
WordPress Smush Image plugin version 2.7.4.1 suffers from a directory traversal vulnerability.
Source: WordPress Smush Image 2.7.4.1 Directory Traversal
The post WordPress Smush Image 2.7.4.1 Directory Traversal appeared first on MondoUnix.
e2openplugin OpenWebif versions 0.2.9 through 1.2.4 suffer from a code execution vulnerability.
Source: e2openplugin OpenWebif 1.2.4 Code Execution
The post e2openplugin OpenWebif 1.2.4 Code Execution appeared first on MondoUnix.
