iSmartAlarm Backend suffers from a server-side request forgery vulnerability.
Source: iSmartAlarm Backend Server-Side Request Forgery
The post iSmartAlarm Backend Server-Side Request Forgery appeared first on MondoUnix.
AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities.
Source: AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials
The pos…
IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing […]
The post IBM Informix 12.10 DB-Access Buffer Overflow appeared first on MondoUnix.
ObjectPlanet Opinio versions 7.6.3 and below suffer from a cross site scripting vulnerability.
Source: ObjectPlanet Opinio 7.6.3 Cross Site Scripting
The post ObjectPlanet Opinio 7.6.3 Cross Site Scripting appeared first on MondoUnix.
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods.
Source: WMI Event Subscription Persistence
The post WMI Event Subscription Persistence appeared first on MondoUnix.
Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie ‘auth_token’ in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking. Source: Schneider Electric Pelco VideoXpert Missing Encryption
The post Schneider Electric Pelco VideoXpert Missing Encryption appeared first on MondoUnix.
Yaws version 1.91 suffers from an unauthenticated remote file disclosure vulnerability.
Source: Yaws 1.91 Unauthenticated Remote File Disclosure
The post Yaws 1.91 Unauthenticated Remote File Disclosure appeared first on MondoUnix.
Firefox version 54.0.1 suffers from a denial of service vulnerability.
Source: Firefox 54.0.1 Denial Of Service
The post Firefox 54.0.1 Denial Of Service appeared first on MondoUnix.
Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.
Source: Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
The post Microsoft Office 365 Enterprise E3 Insufficient Session Expiration app…
Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
Source: Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack
The post Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack appeared first on…
