>> ARCHIVE: 2021-07

Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in…

News Portal Project version 3.1 suffers from multiple remote time-based SQL injection vulnerabilities.

CSZ CMS version 1.2.9 suffers from an arbitrary file deletion vulnerability.

Ampache version 4.4.2 suffers from a cross site scripting vulnerability.

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel’s filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local…

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress plugin Backup Guard versions prior…

This Metasploit module leverages an authentication bypass exploit within Sage X3 AdxSrv’s administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service.

WordPress KN Fix Your Title plugin version 1.0.1 suffers from a cross site scripting vulnerability.

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.