PaulNews 1.0 – ‘keyword’ SQL Injection / Cross-Site Scripting
>> ARCHIVE: 2018-05
PaulNews 1.0 – ‘keyword’ SQL Injection / Cross-Site Scripting
Linux/x86 – Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
Linux/x86 – Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
Merge PACS version 7.0 suffers from a cross site request forgery vulnerability.
Teradek VidiU Pro version 3.0.3 suffers from a server-side request forgery vulnerability.
GitBucket version 4.23.1 suffers from remote code execution and arbitrary file read vulnerabilities.
Teradek VidiU Pro version 3.0.3 change password cross site request forgery exploit.
ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.
This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially…
MySQL Blob Uploader 1.7 – ‘home-filet-edit.php’ SQL Injection