D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability.
>> ARCHIVE: 2021-03
QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
QCubed versions 3.1.1 and below suffer from a remote SQL injection vulnerability.
Monitoring System (Dashboard) version 1.0 suffers from multiple remote code execution vulnerabilities that can be leveraged by malicious shells being uploaded.
Monitoring System (Dashboard) version 1.0 suffers from a remote SQL injection vulnerability.
Monitoring of Students Cyber Accounts System version 1.0 suffers from a remote SQL injection vulnerability.
QCubed versions 3.1.1 and below suffer from a cross site scripting vulnerability.
ForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz’s unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.