Category Archives: Advisories

CVE-2016-2124

Read Time:10 Second

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Read More

CVE-2020-25719

Read Time:17 Second

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Read More

CVE-2020-8242

Read Time:9 Second

Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.

Read More

Datarobot — Remote Code Execution

Read Time:23 Second

Posted by Michael Coers on Feb 18

Exploit Title: Datarobot — Remote Code Execution
Date: 9/28/2021
Vendor Homepage: https://www.datarobot.com
Software Link: https://app.datarobot.com/
Version: TBD – awaiting build version from vendor
Tested on: The issue affects all versions of the product up to the date of this submission
Exploit Authors: Mike Coers & Pathfynder Inc
Exploit Contact: sm0key a t dnsfiltrate_io & micheal.coers a t pathfynder dot_io
Exploit Technique:…

Read More

MartFury Marketplace – Cross Site Scripting Vulnerability

Read Time:15 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
MartFury Marketplace – Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2282

Release Date:
=============
2022-02-17

Vulnerability Laboratory ID (VL-ID):
====================================
2282

Common Vulnerability Scoring System:
====================================
5.5

Vulnerability Class:
====================
Cross Site…

Read More

Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2312

Release Date:
=============
2022-02-17

Vulnerability Laboratory ID (VL-ID):
====================================
2312

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
SQL Injection…

Read More

WordPress v5.9 – Reflected Cross Site Scripting Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Wordpress v5.9 – Reflected Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2316

Release Date:
=============
2022-02-09

Vulnerability Laboratory ID (VL-ID):
====================================
2316

Common Vulnerability Scoring System:
====================================
4.2

Vulnerability Class:
====================
Cross…

Read More