The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.