SAP Unauthenticated WebService User Creation

This module leverages an unauthenticated web service to submit a job which will create a user with a specified role. The job involves running a wizard. After the necessary action is taken, the job is ...

Continue Reading

June 24, 2022

Kentico CMS Staging SyncServer Unserialize Remote Command Execution

This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.a ...

Continue Reading

June 24, 2022

Schneider Electric Pelco Endura NET55XX Encoder

This module exploits inadequate access controls within the webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NE ...

Continue Reading

June 24, 2022

Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials

Post ContentRead More ...

Continue Reading

June 24, 2022

Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials

Ricoh myPrint 2.9.2.4 - Hard-Coded CredentialsRead More ...

Continue Reading

June 24, 2022

FruityWifi Remote Code Execution Exploit

This is an exploit for FruityWifi that binds a shell to tcp port 4444 using a remote code execution vulnerability leveraged via a SOAP request.Read More ...

Continue Reading

June 23, 2022

Improper Restriction of XML External Entity Reference in soa-model

Soa-model is a toolkit and Java API for WSDL, WADL and XML Schema. An XML External Entity (XXE) vulnerability exists in versions of soa-model prior to 1.6.4 in the WSDLParser function. This issue has ...

Continue Reading

June 23, 2022

FruityWifi Remote Code Execution

Post ContentRead More ...

Continue Reading

June 23, 2022

1 2 3 4 10

Back to Main
Subscribe for the latest news:
Generated by Feedzy