GravCMS version 1.10.7 unauthenticated arbitrary YAML write/update exploit. This is a variant exploit of the original discovery made by Mehmet Ince in April of 2021.
>> ARCHIVE: 2021-06
This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and…
n+otes 1.6.2 – Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 – Denial of Service (PoC)
memono Notepad Version 4.2 – Denial of Service (PoC)
Student Result Management System 1.0 – ‘class’ SQL Injection
TextPattern CMS 4.8.7 – Stored Cross-Site Scripting (XSS)
Backdoor.Win32.Wuca.nz malware suffers from an insecure permissions vulnerability.
Intelbras Router RF 301K with firmware versions 1.1.2 through 1.1.5 suffer from a cross site request forgery vulnerability.
OpenCart version 3.0.3.7 suffers from a cross site request forgery vulnerability.