>> ARCHIVE: 2019-09

This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code…

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized…

WordPress Ecpay Logistics For WooCommerce plugin version 1.2.181030 suffers from a cross site scripting vulnerability.

This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a…

Pulse Secure versions 8.1R15.1, 8.2, 8.3, and 9.0 SSL VPN remote code execution exploit.

FusionPBX version 4.4.8 remote code execution exploit.

Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file…

Facebook Messenger suffered from an application crash denial of service vulnerability when sent a single hyphen.

WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.

This Metasploit module exploits a flaw in the WSReset.exe Windows Store Reset Tool. The tool is run with the “autoElevate” property set to true, however it can be moved to…