WordPress Plugin LifterLMS 4.21.0 – Stored Cross-Site Scripting (XSS)
>> ARCHIVE: 2021-05
WordPress Plugin LifterLMS 4.21.0 – Stored Cross-Site Scripting (XSS)
https://www.doa.go.th/th/luv.htm notified by Alf404
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
RarmaRadio version 2.72.8 denial of service proof of concept exploit.
Codiad version 2.8.4 suffers from a remote shell upload vulnerability.
ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.
Skylight Cyber has identified a total of 13 vulnerabilities in Nagios XI and Nagios Fusion servers. These include remote code execution, cross site scripting, privilege escalation, and more.
Pluck CMS version 4.7.13 suffers from a remote shell upload vulnerability.
i-doit version 1.15.2 suffers from a cross site scripting vulnerability.
An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer. The vulnerability…