Summary KerioControl suffers from a tar.gz path traversal within the import configuration functionality inside the admin panel which leads to Remote Code Execution. Credit Simon Janz Affected Devices KerioControl version 9.4.2 patch 1 build7290 Vendor
Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email
Summary A vulnerability in SonicWall allows remote attackers to crash the target server on affected installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `httpServer` function. The issue results
A vulnerability allows remote attackers to elevate privileges on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance.
A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone.
TL;DR A vulnerability in pfSense allows authenticated users to cause the product to execute arbitrary code – this in turn would allow an attacker to compromise the machine on which the pfSense is installed. Vulnerability
A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.
A vulnerability in the way Linux handles the CONFIG_WATCH_QUEUE allows local attackers to reach a race condition and use this to elevate their privileges to root.
Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones allow attackers to confuse victims into thinking they are reach a certain site, while they are accessing another one.
Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones allow attackers to confuse victims into thinking they are reach a certain site, while they are accessing another one.
Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones allow attackers to confuse victims into thinking they are reach a certain site, while they are accessing another one.
Any questions? Interested in our services?
We’d love to hear from you
