TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated)
>> ARCHIVE: 2021-10
TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated)
TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated)
SolarWinds Kiwi CatTools 3.11.8 – Unquoted Service Path
myfactory.FMS versions 7.1-911 and below suffer from a cross site scripting vulnerability.
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the…
Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in…
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to…
This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the…
Sonicwall SonicOS 7.0 – Host Header Injection