Healwire Online Pharmacy 3.0 – Persistent Cross-Site Scripting / Cross-Site Request Forgery
Tags: 0day, remote exploitInteno IOPSYS version 2.0 – 4.2.0 p910nd suffers from a remote command execution vulnerability.
Horse Market Sell and Rent Port Script version 1.5.7 suffers from a cross site request forgery vulnerability.
Multiplayer BlackJack Online Casino Game version 2.5 suffers from a persistent cross site scripting vulnerability.
Rockwell Scada System version 27.011 suffers from a cross site scripting vulnerability.
VirtueMart version 3.1.14 suffers from a cross site scripting vulnerability.
MyBB Admin Notes plugin version 1.1 suffers from a cross site request forgery vulnerability.
This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.
This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.
This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.