Category Archives: Advisories

CVE-2020-25719

Read Time:17 Second

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Read More

CVE-2020-8242

Read Time:9 Second

Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.

Read More

Datarobot — Remote Code Execution

Read Time:23 Second

Posted by Michael Coers on Feb 18

Exploit Title: Datarobot — Remote Code Execution
Date: 9/28/2021
Vendor Homepage: https://www.datarobot.com
Software Link: https://app.datarobot.com/
Version: TBD – awaiting build version from vendor
Tested on: The issue affects all versions of the product up to the date of this submission
Exploit Authors: Mike Coers & Pathfynder Inc
Exploit Contact: sm0key a t dnsfiltrate_io & micheal.coers a t pathfynder dot_io
Exploit Technique:…

Read More

MartFury Marketplace – Cross Site Scripting Vulnerability

Read Time:15 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
MartFury Marketplace – Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2282

Release Date:
=============
2022-02-17

Vulnerability Laboratory ID (VL-ID):
====================================
2282

Common Vulnerability Scoring System:
====================================
5.5

Vulnerability Class:
====================
Cross Site…

Read More

Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2312

Release Date:
=============
2022-02-17

Vulnerability Laboratory ID (VL-ID):
====================================
2312

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
SQL Injection…

Read More

WordPress v5.9 – Reflected Cross Site Scripting Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Wordpress v5.9 – Reflected Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2316

Release Date:
=============
2022-02-09

Vulnerability Laboratory ID (VL-ID):
====================================
2316

Common Vulnerability Scoring System:
====================================
4.2

Vulnerability Class:
====================
Cross…

Read More

Car Portal Template – (Search) Persistent Web Vulnerability

Read Time:15 Second

Posted by info () vulnerability-lab com on Feb 18

Document Title:
===============
Car Portal Template – (Search) Persistent Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2299

Release Date:
=============
2022-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
2299

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site…

Read More