Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.
>> ARCHIVE: 2017-02
Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.
WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection proof of concept exploit.
Ghostscript version 9.20 suffers from a local command execution vulnerability due to trusting unsanitized filenames.
Zoneminder versions 1.29 and 1.30 suffer from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.
WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection and arbitrary code execution exploit.
POSNIC versions prior to 1.03 suffer from a code execution vulnerability when set up to trust data from a compromised mysql instance.
MailStore versions 9.2 through 10.0.1 suffer from a cross site scripting vulnerability. Additionally, versions 9.0 through 10.0.1 suffer from an open redirection vulnerability.
QNAP NVR and NAS devices suffer from multiple overflows. Various makes and models are affected. Full exploitation details provided.
LogoStore suffers from a remote SQL injection vulnerability.
Bitrix Site Manager suffers from a cross site scripting vulnerability.