>> ARCHIVE: 2019-12

WordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.

Inim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.

Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.

Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.

Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.

DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.

DAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.

DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.

This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.