Profiling System for Human Resource Management 1.0 – Remote Code Execution (Unauthenticated)
>> ARCHIVE: 2021-03
WoWonder Social Network Platform version 3.1 suffers from a remote SQL injection vulnerability.
Trojan-Dropper.Win32.Delf.p malware suffers from a missing authentication vulnerability.
Trojan-Dropper.Win32.Delf.p malware suffers from a buffer overflow vulnerability.
CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019.
VestaCP version 0.9.8 suffers from a cross site request forgery that can be leveraged to add remote ssh access.
Backdoor.Win32.Agent.mzn malware suffers from a buffer overflow vulnerability.
Hestia Control Panel 1.3.2 – Arbitrary File Write
SEO Panel 4.8.0 – ‘order_col’ Blind SQL Injection
rConfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated)