>> ARCHIVE: 2020-07

RiteCMS version 2.2.1 suffers from an authenticated remote code execution vulnerability.

Proof of concept exploit that leverages a double-free in the DDGifSlurp function in decoding.c in the android-gif-drawable library in order to achieve remote code execution in WhatsApp.

Grafana version 7.0.1 denial of service proof of concept exploit.

Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.

Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.

Fire Web Server version 0.1 remote denial of service proof of concept exploit.

rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

RSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver….