CentOS Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.
>> ARCHIVE: 2019-08
Webmin version 1.920 remote root exploit.
This Metasploit module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload.
http://foodcontact.dss.go.th/index.html notified by UnkCrew
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Arbitrary File Disclosure (metasploit)
RAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
Kimai version 2 suffers from a persistent cross site scripting vulnerability.
Neo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.
YouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
This Metasploit module exploits FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file.