This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic’s Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0,…
>> ARCHIVE: 2020-11
Zortam Mp3 Media Studio 27.60 – Remote Code Execution (SEH)
WonderCMS 3.1.3 – ‘content’ Persistent Cross-Site Scripting
https://www.tphcp.go.th/ah.html notified by Al Catraz
Complaint Management System version 1.0 suffers from a remote shell upload vulnerability.
WordPress Fancy Product Designer for WooCommerce plugin versions prior to 4.5.1 suffer from a persistent cross site scripting vulnerability.
WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.
Avaya Web License Manager versions 6.x, 7.0 through 7.1.3.6, and 8.0 through 8.1.2.0.0 suffer from a blind out-of-band XML external entity injection vulnerability.
WordPress WP Forms plugin version 1.6.3.1 suffers from a persistent cross site scripting vulnerability.
Proof of concept exploit for the ZeroLogin Netlogon privilege escalation vulnerability.