This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking….
>> ARCHIVE: 2019-08
http://www.dongluang.go.th/dongluang/file_editor/db.txt notified by SeRaVo BlackHaT
http://www.obtbanjarn.go.th/obtbanjarn/file_editor/db.txt notified by SeRaVo BlackHaT
http://chiangkhwan.go.th/chiangkhwan/file_editor/db.txt notified by SeRaVo BlackHaT
WebIncorp ERP suffers from a remote SQL injection vulnerability. All versions as of 08/01/2019 are supposedly affected.
Cisco Catalyst 3850 Series Device Manager version 3.6.10E suffers from a cross site request forgery vulnerability.
Ultimate Loan Manager version 2.0 suffers from a persistent cross site scripting vulnerability.
This archive contains all of the 146 exploits added to Packet Storm in July, 2019.
1CRM On-Premise Software 8.5.7 – Persistent Cross-Site Scripting
Rest – Cafe and Restaurant Website CMS – ‘slug’ SQL Injection