Library Management System 1.0 – Blind Time-Based SQL Injection (Unauthenticated)
Tags: 0day, remote exploitWordPress Plugin WooCommerce Booster Plugin 5.4.3 – Authentication Bypass
Tags: 0day, remote exploitThis Metasploit modules exploits a critical vulnerability in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository using a vulnerable Git version control tool.
Remote command execution exploit for Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 which have a web interface called AlphaWeb XE that allows for a remote shell upload.
Evolution CMS version 3.1.6 authenticated remote code execution exploit.
AHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
Support Board version 3.3.3 suffers from a remote SQL injection vulnerability.
elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and […]
elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and […]