>> ARCHIVE: 2019-09

This Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root….

Wolters Kluwer TeamMate+ version 3.1 with internal version 21.0.0.0 suffers from a cross site request forgery vulnerability.

WordPress Event Tickets plugin version 4.10.7.1 suffers from a CSV injection vulnerability.

IntelBras TELEFONE IP TIP200/200 LITE version 60.61.75.15 dumpConfigFile pre-authentication remote arbitrary file read exploit.

Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template.

Microsoft Outlook Web Access build 15.1.1591 suffers from a remote host header injection vulnerability.

Cisco IronPort C150 suffers from a remote host header injection vulnerability.

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated,…

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code…

This Metasploit module abuses a known default password on Cisco UCS Director. The ‘scpuser’ has the password of ‘scpuser’, and allows an attacker to login to the virtual appliance via…