Packed.Win32.Katusha.o suffers from an insecure permissions vulnerability.

Metasploit Framework version 6.0.11 msfvenom APK template command injection exploit.

EgavilanMedia PHPCRUD version 1.0 suffers from a persistent cross site scripting vulnerability.

CMSUno version 1.6.2 authenticated remote code execution exploit. The original discovery for the vulnerability leveraged is attributed to Fatih Celik in November of 2020.

jQuery UI version 1.12.1 suffers from a denial of service vulnerability.

WordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.

Chamilo LMS version 1.11.14 suffers from a cross site scripting vulnerability.

This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit Operations Bridge Manager (containerized) and Application Performance Management.

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of […]