CVE-2024-28987 affects SolarWinds Web Help Desk 12.8.3 Hotfix 1 and all previous versions due to the presence of hardcoded credentials in the application. This vulnerability allows an unauthenticated attacker to access the REST API using Basic Authentication with predefined credentials (helpdeskIntegrationUser/dev-C4F8025E7), enabling them to read, modify, and create tickets.
An authentication bypass vulnerability in Progress OpenEdge allows unauthenticated remote attackers to authenticate in the target application as NT AUTHORITY/SYSTEM.
An unmarshal reflection vulnerability in GlobalProtect feature of Palo Alto Networks PAN-OS software allows unauthenticated remote attackers to create empty arbitrary directories and files in the operating system. If device telemetry is enabled, then remote OS command injection is possible via the dt_curl python module.
A out-of-bounds write in Fortinet FortiOS allows unauthenticated remote attackers to execute OS system commands.
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
An improper authorization vulnerability in Atlassian Confluence allows unauthenticated remote attackers to restore the database of the instance. This allows the creation of unauthorized administrator accounts and the later installation of malicious plugins that allow the execution of OS system commands.
An encoding bypass in the webui_wsma_https endpoint in Cisco IOS XE allows unauthenticated remote attackers to execute commands and configure the system through SOAP requests via the Web Service Management Agent (WMSA). This can be abused to create unauthorized local administrator accounts (user with privilege level 15) and log in with normal user access.
A broken access control vulnerability in Atlassian Confluence allows unauthenticated remote attackers to create unauthorized Confluence administrator accounts and access Confluence instances.
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal.
This module tries to determine remotely, if the target host is either vulnerable to CVE-2023-39143 or not.
This module tries to determine remotely, if the target host is either vulnerable to CVE-2023-39143 or not.
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. This module checks the vulnerability exploiting the heap overflow and doing a Welch's t-test between two time datasets.