This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project’s site. Unknown attacker(s) inserted Perl qx statements into the build server’s source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 […]
This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to command execution with root privileges.
http://khaophoem.go.th/m-1.html notified by moncet
Tags: defacementSnapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.
Wikindx version 5.8.2 suffers from a remote SQL injection vulnerability.
Endian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.
The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed application to set an arbitrary mount point symbolic link.
http://www.djop.go.th/asifa.html notified by ./Mar22
Tags: defacementThis Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.