>> ARCHIVE: 2015-12

Polycom VVX-Series business media phones suffer from a path traversal vulnerability.

Joomla! MyDynGallery component remote SQL injection exploit that leverages a vulnerability found back in 2008.

Datalife Engine version 9.7 engine/preview.php bindshell exploit that binds a shell to port 4444.

Joomla Shape 5 MP3 Player version 2.0 suffers from a local file disclosure vulnerability.

A reflected cross site scripting vulnerability was found in synnefoclient for Synnefo IMS 2015. The vulnerability has been discovered in the plan_name parameter on the request to fetch the package…

SAP NetWeaver J2EE engine version 7.40 suffers from a remote SQL injection vulnerability.

WordPress Admin Management Xtended plugin version 2.4.0 suffers from a privilege escalation vulnerability.

This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this…

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet…