Dokuwiki version 2018-04-22b suffers from a username enumeration vulnerability.
>> ARCHIVE: 2019-12
Microsoft Visual Studio 2008 Express IDE suffers from an XML external entity injection vulnerability.
This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
This archive contains all of the 180 exploits added to Packet Storm in November, 2019.
SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities.
http://www.silalang.go.th/o.htm notified by chinafans
Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery
Online Invoicing System 2.6 – ‘description’ Persistent Cross-Site Scripting
http://ncd.ddc.moph.go.th notified by Zeerx7
Microsoft Excel 2016 1901 – XML External Entity Injection