>> ARCHIVE: 2021-09

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck…

Telegram Desktop version 2.9.2 suffers from a denial of service vulnerability.

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Whitepaper called HiveNightmare AKA SeriousSAM. It details an overview of CVE-2021-36934 and provides exploitation details.

WordPress GetPaid payments plugin version 2.4.6 suffers from an html injection vulnerability.

Fabasoft cloud website versions prior to 18.0.17 suffer from a cross site scripting vulnerability.

Traffic Offense Management System version 1.0 remote code execution exploit that leverages a remote SQL vulnerability.

OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.

Confluence Server version 7.12.4 unauthenticated OGNL injection remote code execution exploit.