The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box […]
Core FTP version 2.0 build 653 suffers from a PBSZ command denial of service vulnerability.
PilusCart version 1.4.1 suffers from a cross site request forgery vulnerability.
This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG […]
Core FTP Server FTP / SFTP Server v2 Build 674 – ‘MDTM’ Directory Traversal
Tags: 0day, remote exploitCore FTP Server FTP / SFTP Server v2 Build 674 – ‘SIZE’ Directory Traversal
Tags: 0day, remote exploitMeteoTemplate version 17.1 with Nectarine Diary plugin version 4.0 suffers from an open redirection vulnerability.