Simple Online College Entrance Exam System 1.0 – ‘Multiple’ SQL injection
Tags: 0day, remote exploitThis Metasploit module exploits a file upload in VMware vCenter Server’s analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.
Odine Solutions GateKeeper version 1.0 suffers from a remote SQL injection vulnerability.
G Data EndpointProtection Enterprise version 17.08.2021 suffers from a privilege escalation vulnerability.
Talariax sendQuick Alertplus server admin version 4.3 suffers from a remote SQL injection vulnerability.
Apache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.
Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.
WordPress BulletProof Security plugin version 5.1 suffers from an information disclosure vulnerability.
Online-Food-Ordering-Web-App suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Various Dahua products suffers from multiple authentication bypass vulnerabilities.
