This Metasploit module exploits a command injection vulnerability in Ajenti versions 2.1.31 and below. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
>> ARCHIVE: 2019-10
WMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a denial of service vulnerability.
Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.
JavaScriptCore (JSC) GetterSetter suffers from a type confusion vulnerability during DFG compilation.
iSeeQ Hybrid DVR WH-H4 versions 1.03R and 2.0.0.P suffer from an unauthenticated and unauthorized live stream disclosure vulnerability when get_jpeg script is called.
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH)
WordPress Plugin Google Review Slider 6.1 – ‘tid’ SQL Injection
MikroTik RouterOS 6.45.6 – DNS Cache Poisoning
Intelligent Security System SecurOS Enterprise version 10.2 suffers from a SecurosCtrlService unquoted service path vulnerability.