Omada Identity Cross Site Scripting
Authored by Daniel Hirschberger | Site sec-consult.com
Omada Identity versions prior to 15U1 and 14.14 hotfix #309 suffer from a persistent cross site scripting vulnerability.
advisories | CVE-2024-52951
Change Mirror Download
SEC Consult...
ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the...
ProjectSend R1605 Unauthenticated Remote Code Execution
Site metasploit.com
This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user...
CUPS IPP Attributes LAN Remote Code Execution
Authored by Spencer McIntyre, RageLtMan, Simone Margaritelli, Ryan Emmons | Site metasploit.com
This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The...
Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control
Authored by LiquidWorm | Site zeroscience.mk
The Akuvox Smart Intercom/Doorphone suffers from an insecure service API access control. The vulnerability in ServicesHTTPAPI endpoint allows users with "User" privileges to modify...
Ivanti EPM Agent Portal Command Execution
Authored by Spencer McIntyre, James Horseman, Zach Hanley | Site metasploit.com
This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client...
Palo Alto PAN-OS Authentication Bypass / Remote Command Execution
Site github.com
Proof of concept code to exploit an authentication bypass in Palo Alto's PAN-OS that is coupled with remote command execution.
advisories | CVE-2024-0012, CVE-2024-9474
WordPress Really Simple Security Authentication Bypass
Authored by Antonio Francesco Sardella | Site github.com
WordPress Really Simple Security plugin versions prior to 9.1.2 proof of concept authentication bypass exploit.
advisories | CVE-2024-10924
Pyload Remote Code Execution
Authored by Spencer McIntyre, jheysel-r7 | Site metasploit.com
CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
Authored by Andreas Kolbeck, Steffen Robertz | Site sec-consult.com
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files,...