Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
>> ARCHIVE: 2021-06
Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)
IcoFX 2.6 – ‘.ico’ Buffer Overflow SEH + DEP Bypass using JOP
WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)
OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated)
Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC)
FileCOPA FTP Server version 1.01 denial of service exploit.
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user’s email address needed.
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user’s email address needed.