This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic’s Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by […]
Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH)
Tags:
0day,
remote exploit
WonderCMS 3.1.3 – ‘content’ Persistent Cross-Site Scripting
Tags:
0day,
remote exploit
https://www.tphcp.go.th/ah.html notified by Al Catraz
Tags:
defacement
Complaint Management System version 1.0 suffers from a remote shell upload vulnerability.
WordPress Fancy Product Designer for WooCommerce plugin versions prior to 4.5.1 suffer from a persistent cross site scripting vulnerability.
WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.
Avaya Web License Manager versions 6.x, 7.0 through 7.1.3.6, and 8.0 through 8.1.2.0.0 suffer from a blind out-of-band XML external entity injection vulnerability.
WordPress WP Forms plugin version 1.6.3.1 suffers from a persistent cross site scripting vulnerability.
Proof of concept exploit for the ZeroLogin Netlogon privilege escalation vulnerability.
