Multiple DrayTek Products – Pre-authentication Remote Root Code Execution
[webapps] Joomla! com_fabrik 3.9.11 – Directory Traversal
Joomla! com_fabrik 3.9.11 – Directory Traversal
[dos] Odin Secure FTP Expert 7.6.3 – 'Site Info' Denial of Service (PoC)
Odin Secure FTP Expert 7.6.3 – ‘Site Info’ Denial of Service (PoC)
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting
Webexcels Ecommerce CMS version 2.x suffers from cross site scripting and remote SQL injection vulnerabilities.
FreeCommander XE 2020 Pathname Buffer Overflow
FreeCommander XE 2020 Build 810a 32-bit suffers from a pathname buffer overflow vulnerability.
rConfig 3.9.4 searchField Remote Code Execution
rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.
codeBeamer 9.5 Cross Site Scripting
codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
DLINK DWL-2600 Authenticated Remote Command Injection
This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution
IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.
Micro Focus Vibe 4.0.6 HTML Injection
Micro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.