This Metasploit module exploits a command injection vulnerability in Ajenti versions 2.1.31 and below. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
WMV To AVI MPEG DVD WMV Converter 4.6.1217 Denial Of Service
WMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a denial of service vulnerability.
Citrix StoreFront Server 7.15 XML Injection
Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.
JavaScriptCore GetterSetter Type Confusion
JavaScriptCore (JSC) GetterSetter suffers from a type confusion vulnerability during DFG compilation.
iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure
iSeeQ Hybrid DVR WH-H4 versions 1.03R and 2.0.0.P suffer from an unauthenticated and unauthorized live stream disclosure vulnerability when get_jpeg script is called.
[local] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH)
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 – Buffer OverFlow (SEH)
[webapps] WordPress Plugin Google Review Slider 6.1 – 'tid' SQL Injection
WordPress Plugin Google Review Slider 6.1 – ‘tid’ SQL Injection
[remote] MikroTik RouterOS 6.45.6 – DNS Cache Poisoning
MikroTik RouterOS 6.45.6 – DNS Cache Poisoning
Intelligent Security System SecurOS Enterprise 10.2 Unquoted Service Path
Intelligent Security System SecurOS Enterprise version 10.2 suffers from a SecurosCtrlService unquoted service path vulnerability.