>> ARCHIVE: 2020-06

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the…

Navigate CMS version 2.8.7 suffers from a cross site request forgery vulnerability.

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through…

VMWare vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.

CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user…

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3…

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload – Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can…