Sitecore.NET 8.1 Directory Traversal
Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.
View ArticleUniversal Media Server 7.1.0 XML Injection
Universal Media Server version 7.1.0 suffers from an XML external entity injection vulnerability in SSDP processing.
View ArticleVuze Bittorrent Client 5.7.6.0 SSDP Processing XML Injection
Vuze Bittorrent Client version 5.7.6.0 suffers from an XML external entity injection vulnerability in SSDP processing.
View ArticlePlex Media Server 1.13.2.5154 SSDP Processing XML Injection
Plex Media Server version 1.13.2.5154 suffers from an XML external entity injection vulnerability in SSDP processing.
View ArticleSolarWinds Serv-U FTP 15.1.6 Privilege Escalation
SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code...
View ArticleSolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
SolarWinds Serv-U FTP version 15.1.6.25 suffers from a cross site scripting vulnerability.
View Articlesnapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a...
View Articlesnapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the...
View ArticleServ-U FTP Server 15.1.6.25 Local Privilege Escalation
Serv-U FTP Server version 15.1.6.25 suffers from a local privilege escalation vulnerability via authentication bypass.
View Article