>> ARCHIVE: 2017-10

VX Search Enterprise version 10.1.12 suffers from a buffer overflow vulnerability.

Sync Breeze Enterprise version 10.1.16 GET request SEH overflow exploit.

WordPress Pootie Button plugin version 1.1.1 suffers from a cross site scripting vulnerability.

WordPress PopCash.Net Publisher Code Integration plugin version 1.0 suffers from a cross site scripting vulnerability.

OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.

X-Cart versions 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 suffer from a PHP code injection vulnerability.

This Metasploit module uploads a jsp payload and executes it.

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw…

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by…

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.