>> ARCHIVE: 2020-06

OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities.

OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities.

SmarterMail 16 suffers from an arbitrary file upload vulnerability.

Sysax MultiServer version 6.90 suffers from a cross site scripting vulnerability.

PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.

This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also…

10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities.

This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Editor.

This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Scanner.

This Metasploit module exploits a shell upload vulnerability in Neon LMS versions prior to 4.9.1.