>> ARCHIVE: 2020-04

WSO2 API Manager Carbon interface version 3.0.0 suffers from a persistent cross site scripting vulnerability.

TVT NVMS 1000 suffers from a directory traversal vulnerability.

Edimax Technology EW-7438RPn-v3 Mini version 1.27 suffers from a remote code execution vulnerability.

MOVEit Transfer version 11.1.1 suffers from a remote SQL injection vulnerability.

Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto…

Oracle WebLogic Server version 12.2.1.4.0 suffers from a remote code execution vulnerability.

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable,…

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.

Matrix42 Workspace Management version 9.1.2.2765 suffers from a persistent cross site scripting vulnerability.

The vulnerability laboratory core research team discovered multiple persistent cross site web vulnerabilities in the off…