This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact files.
ATutor < 2.2.4 – 'file_manager' Remote Code Execution (Metasploit)
Tags:
0day,
remote exploit
Linux/x86 – Add User to Passwd File Shellcode (149 bytes)
Tags:
0day,
remote exploit
Microsoft Internet Explorer 11 – XML External Entity Injection
Tags:
0day,
remote exploit
CyberArk EPM 10.2.1.603 – Security Restrictions Bypass
Tags:
0day,
remote exploit
PHP version 7.2 suffers from an imagecolormatch() out-of-band heap write vulnerability.
Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability in bannedcustomers.php.
TP-LINK models TL-WR940N and TL-WR941ND suffer from a buffer overflow vulnerability.
Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities.
EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities.