BEIDI DINA SAMUEL

Ethical Hacking Visit the github project: https://github.com/samglish/ServerSide ...

Carrie

This exploit disclosure was originally published by Chaitin Security Emergency Response Center. ...

krzwiatrzyk

OpenSSH CVE-2024-6387 vulnerability allows to perform an unauthenticated RCE that grants root access...

Igor Venturelli

As a developer, securing your applications should be a top priority. One area that often goes...

chrdek

Top 11 open source vulnerability security scanners that provide automation with self-hosting choices.

Freedom Coder

CVE ID: CVE-2025-43200 Vulnerability Name Apple Multiple Products Unspecified...

Freedom Coder

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Freedom Coder

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Freedom Coder

CVE ID: CVE-2021-27104 Vulnerability Name Accellion FTA OS Command Injection...

Freedom Coder

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Ravi Kyada

Ultimate Guide to Apache Security: Hide Server Details, Restrict Access & Harden Your...

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

Freedom Coder

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Sajidur Rahman Shajib

When it comes to web application security, Broken Access Control stands out as one of the most...

Freedom Coder

Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

Freedom Coder

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Freedom Coder

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.

Freedom Coder

Roundcube Webmail is vulnerable to SQL injection via search or search_params.

Freedom Coder

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

Freedom Coder

CVE ID: CVE-2023-33538 Vulnerability Name TP-Link Multiple Routers Command...

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Freedom Coder

AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Sam Bishop

Security is no longer just for security teams. If you're building web apps, deploying APIs, or...

Freedom Coder

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Freedom Coder

Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.