Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload.
This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary […]
PHP version 7.4 FFI disable_functions bypass proof of concept exploit.
BSA Radar version 1.6.7234.24750 suffers from a cross site request forgery vulnerability.
SuperMicro IPMI version 03.40 suffers from a cross site request forgery vulnerability.
Savsoft Quiz version 5 suffers from a persistent cross site scripting vulnerability.
Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.
WordPress Power’s WHOIS Domain Check plugin version 0.9.31 suffers from a persistent cross site scripting vulnerability.
A file hijacking vulnerability was found in the Microsoft OneDrive client. This vulnerability allows a local attacker to plant a DLL file on the local machine. This DLL will then be loaded whenever (another) user launches OneDrive, running with the privileges of the victim. This issue was successfully verified on Microsoft OneDrive version 19.232.1124.0010.
Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution.