GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.
>> ARCHIVE: 2021-08
This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
crossfire-server 1.9.0 – ‘SetUp()’ Remote Buffer Overflow
Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated)
COVID19 Testing Management System 1.0 – ‘Multiple’ SQL Injections
Crime records Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)
This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.
Firebase’s PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting vulnerability.