>> ARCHIVE: 2020-10

Ultimate Project Manager CRM PRO versions 2.0.5 and below suffer from a remote SQL injection vulnerability.

WordPress HS Brand Logo Slider plugin version 2.1 suffers from a remote shell upload vulnerability.

User Registration and Login and User Management System with admin panel version 2.1 suffers from a persistent cross site scripting vulnerability.

Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is…

WordPress Rest Google Maps plugin versions prior to 7.11.18 suffer from a remote SQL injection vulnerability.

WordPress Colorbox Lightbox plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module…